cybersecurity - The Stack (Page 15)

Microsoft DDoS attacks hit Azure and likely Outlook but Redmond's coy with the details

Back in 2021 Microsoft boasted of shielding a customer from a 2.4 Tbps DDoS attack originating from 70,000 sources. It has not shared such detail on this successful incident that it its services...

Edward Targett June 18, 2023

MOVEit

vulnerabilities

News

As victim count mounts, a critical new MOVEit bug emerges - with US federal agencies compromised

Hackers "often breach the Department’s defensive perimeter and roam freely within our information systems"

Edward Targett June 16, 2023

A third of Barracuda zero day victims are gov't agencies

News

exploits

A third of Barracuda zero day victims are gov't agencies

Attackers demonstrated such sophisticated persistence capabilities that Barracuda and Mandiant have urged users to dump affected appliances irrespective of patch level.

The Stack June 15, 2023

Hackers could have taken over every single .ai domain

registry

domains

News

Hackers could have taken over every single .ai domain

"It is clear that the internet is so, so brittle" and possibly held together with duct tape

Edward Targett June 14, 2023

Fortinet

vulnerabilities

News

MFA is no protection against this critical new Fortinet vulnerability, CVE-2023-27997

"It is a pre-auth RCE [and] has been proven to be exploitable in a consistent manner; we found it during a Red Team engagement and have exploited it remotely..."

Edward Targett June 12, 2023

data breaches

News

MOVEit

BBC, BA suffer data breaches in wake of MOVEit attacks

The Stack is seeing exposed instances associated with scores of high profile blue chips

Edward Targett June 05, 2023

There’s yet another CVSS 10, sandbox escape vulnerability in this widely used software library

open source

vm2

News

There’s yet another CVSS 10, sandbox escape vulnerability in this widely used software library

23 million downloads last month. Four CVSS 10 vulnerabilities reported within weeks. Public exploits shared...

Edward Targett June 05, 2023

UPDATED: File transfer software under active attack. Banks, gov't hit as CVE, new IOCs released

News

vulnerabilities

UPDATED: File transfer software under active attack. Banks, gov't hit as CVE, new IOCs released

Admins should urgently modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443. (Also, can we start fuzzing for SQL Injection properly, please?)

Edward Targett June 05, 2023

A triple barrage of mystery DDoS attacks knocked Microsoft services including Azure, Intune offline

As victim count mounts, a critical new MOVEit bug emerges - with US federal agencies compromised

A third of Barracuda zero day victims are gov't agencies

Hackers could have taken over every single .ai domain

MFA is no protection against this critical new Fortinet vulnerability, CVE-2023-27997

BBC, BA suffer data breaches in wake of MOVEit attacks

There’s yet another CVSS 10, sandbox escape vulnerability in this widely used software library

UPDATED: File transfer software under active attack. Banks, gov't hit as CVE, new IOCs released