HTTP/2 Rapid Reset
Une nouvelle vulnérabilité, nommée HTTP/2 Rapid Reset, a été découverte, mettant en scène des attaques DDoS jamais vues auparavant. Une nouvelle menace à l’origine de la plus volumineuse attaque de l’histoire d’Internet !
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since […]
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant’s threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. « CVE-2023-22515 is a critical privilege escalation vulnerability in
HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,
Google Adopts Passkeys as Default Sign-in Method for All Users
Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms. « This means the next time you sign in to your account, you’ll start seeing prompts to create and use passkeys, simplifying your future […]
Researchers Uncover Grayling APT’s Ongoing Attack Campaign Across Industries
A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the manufacturing, IT, and biomedical sectors in Taiwan. The Symantec Threat Hunter Team, part of Broadcom, attributed the attacks to an advanced persistent threat (APT) it tracks under the name Grayling. Evidence shows that the campaign began […]
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Certain online risks to children are on the rise, according to a recent report from Thorn, a technology nonprofit whose mission is to build technology to defend children from sexual abuse. Research shared in the Emerging Online Trends in Child Sexual Abuse 2023 report, indicates that minors are increasingly taking and sharing sexual images of themselves. […]
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
A sophisticated Magecart campaign has been observed manipulating websites’ default 404 error page to conceal malicious code in what’s been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries. « In this campaign, all the […]
Exclusive Networks : Frédéric Dufour est nommé DG pour la France
Après 16 ans chez Exclusive Networks, Frédéric Dufour est nommé Directeur général de la filiale française.
Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials
A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month, said adversaries exploited « CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture […]