New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers

New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers,

The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates.
Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what’s called an « infinite loop. » The flaw

,

The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates.
Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what’s called an « infinite loop. » The flaw

, ,
https://thehackernews.com/2022/03/new-infinite-loop-bug-in-openssl-could.html

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.
« As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.
« As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [

, ,
https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html

Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters,

Researchers have disclosed an unpatched security vulnerability in « dompdf, » a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it

,

Researchers have disclosed an unpatched security vulnerability in « dompdf, » a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it

, ,
https://thehackernews.com/2022/03/unpatched-rce-bug-in-dompdf-project.html

German Government Warns Against Using Russia’s Kaspersky Antivirus Software

German Government Warns Against Using Russia’s Kaspersky Antivirus Software

,

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany’s Federal Office of Information Security (BSI) against using the company’s security solutions in the country over « doubts about the reliability of the manufacturer. »
Calling that the decision was made on « political grounds, » the company said it will « continue to assure our partners and customers of the

,

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany’s Federal Office of Information Security (BSI) against using the company’s security solutions in the country over « doubts about the reliability of the manufacturer. »
Calling that the decision was made on « political grounds, » the company said it will « continue to assure our partners and customers of the

, ,
https://thehackernews.com/2022/03/german-government-warns-against-using.html

Build Your 2022 Cybersecurity Plan With This Free PPT Template

Build Your 2022 Cybersecurity Plan With This Free PPT Template,

The end of the year is coming, and it’s time for security decision-makers to make plans for 2022 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced.

The Definitive 2022 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an

,

The end of the year is coming, and it’s time for security decision-makers to make plans for 2022 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced.

The Definitive 2022 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an

, ,
https://thehackernews.com/2019/11/cybersecurity-plan-template.html

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data,

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code.
« The vulnerabilities require authentication, but can be triggered by any user with read permissions, » Uriya Yavnieli and Or Peles, researchers

,

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code.
« The vulnerabilities require authentication, but can be triggered by any user with read permissions, » Uriya Yavnieli and Or Peles, researchers

, ,
https://thehackernews.com/2022/03/multiple-flaws-uncovered-in-clickhouse.html

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018,

The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union’s GDPR laws in the region.
« The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily

,

The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union’s GDPR laws in the region.
« The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily

, ,
https://thehackernews.com/2022/03/facebook-hit-with-186-million-gdpr-fine.html

Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021

Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021,

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.
The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the

,

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.
The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the

, ,
https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html

CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks

CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks,

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia’s continuing military invasion of the country.
Slovak cybersecurity company ESET dubbed the third wiper « CaddyWiper, » which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (« 

,

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia’s continuing military invasion of the country.
Slovak cybersecurity company ESET dubbed the third wiper « CaddyWiper, » which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (« 

, ,
https://thehackernews.com/2022/03/caddywiper-yet-another-data-wiping.html

Massive DDoS Attack Knocked Israeli Government Websites Offline

Massive DDoS Attack Knocked Israeli Government Websites Offline,

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time.
« In the past few hours, a DDoS attack against a communications provider was identified, » the Israel National Cyber Directorate (INCD) said in a tweet. « As a result, access to several websites, among them

,

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time.
« In the past few hours, a DDoS attack against a communications provider was identified, » the Israel National Cyber Directorate (INCD) said in a tweet. « As a result, access to several websites, among them

, ,
https://thehackernews.com/2022/03/massive-ddos-attack-knocked-israeli.html