2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!,

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.
Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the

,

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.
Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the

, ,
https://thehackernews.com/2022/03/2-new-mozilla-firefox-0-day-bugs-under.html

New Linux Kernel Cgroups Vulnerability Could Let Attackers Escape Container

New Linux Kernel Cgroups Vulnerability Could Let Attackers Escape Container,

Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host.
The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups,

,

Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host.
The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups,

, ,
https://thehackernews.com/2022/03/new-linux-kernel-cgroups-vulnerability.html

Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks

Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks,

Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service (DDoS) attack targeting an unnamed website that peaked at 2.5 million requests per second (RPS).
« While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase, » Nelli Klepfish, security analyst at Imperva, said. « For

,

Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service (DDoS) attack targeting an unnamed website that peaked at 2.5 million requests per second (RPS).
« While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase, » Nelli Klepfish, security analyst at Imperva, said. « For

, ,
https://thehackernews.com/2022/03/imperva-thwarts-25-million-rps-ransom.html

CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog

CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478.
« These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise, » the agency said in an advisory

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478.
« These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise, » the agency said in an advisory

, ,
https://thehackernews.com/2022/03/cisa-adds-another-95-flaws-to-its.html

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism,

Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day.
A new analysis by Israeli cybersecurity company Check Point Research has found that « user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group. »
Prominent among the groups are anti-Russian cyber

,

Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day.
A new analysis by Israeli cybersecurity company Check Point Research has found that « user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group. »
Prominent among the groups are anti-Russian cyber

, ,
https://thehackernews.com/2022/03/both-sides-in-russia-ukraine-war.html

40 minutes suffisent pour casser un mot de passe de 8 caractères… il en faut au moins 16 pour être serein

40 minutes suffisent pour casser un mot de passe de 8 caractères… il en faut au moins 16 pour être serein,

Pour être à peu près en sécurité, il faut avoir des codes secrets d’au moins 11 caractères. Mais c’est mieux d’aller au-delà de 16 caractères.

,

Pour être à peu près en sécurité, il faut avoir des codes secrets d’au moins 11 caractères. Mais c’est mieux d’aller au-delà de 16 caractères.

, ,
https://www.01net.com/actualites/40minutes-suffisent-pour-casser-un-mot-de-passe-de-8caracteres-il-en-faut-au-moins-16-pour-etre-serein-2055328.html

Comment les attaques en DDoS vont devenir bien plus puissantes grâce à une nouvelle technique dévastatrice

Comment les attaques en DDoS vont devenir bien plus puissantes grâce à une nouvelle technique dévastatrice,

Cette nouvelle technique s’appuie sur des serveurs intermédiaires dédiés à la surveillance des flux et promet des niveaux d’amplification particulièrement élevés… voire quasi infinis.

,

Cette nouvelle technique s’appuie sur des serveurs intermédiaires dédiés à la surveillance des flux et promet des niveaux d’amplification particulièrement élevés… voire quasi infinis.

, ,
https://www.01net.com/actualites/comment-les-attaques-en-ddos-vont-devenir-bien-plus-puissantes-grace-a-une-nouvelle-technique-devastatrice-2055260.html

New Security Vulnerability Affects Thousands of GitLab Instances

New Security Vulnerability Affects Thousands of GitLab Instances,

Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.
Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions

,

Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.
Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions

, ,
https://thehackernews.com/2022/03/new-security-vulnerability-affects.html

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks,

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure.
Some of the noticeable domains in the listing released by Russia’s National Coordination Center for Computer

,

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure.
Some of the noticeable domains in the listing released by Russia’s National Coordination Center for Computer

, ,
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption,

A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the « first side-channel attack » on homomorphic encryption that could be exploited to leak data as the encryption process is underway.
« Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it

,

A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the « first side-channel attack » on homomorphic encryption that could be exploited to leak data as the encryption process is underway.
« Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it

, ,
https://thehackernews.com/2022/03/researchers-demonstrate-new-side.html