Over the past two months attackers have been abusing a feature of the HTTP/2 web communication protocol that makes web application servers, load balancers, and web proxies vulnerable to distributed denial-of-service (DDoS) attacks of unprecedented scale. Google, AWS, Cloudflare, and other major cloud infrastructure providers, as well as web server vendors have been working on […]
Cyber News, Cyber Threat Trends
October’s CVE update is here. Here’s which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
Cyber News, Cyber Threat Trends
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Apple last week shipped emergency updates in iOS 17.0.3 and iPadOS 17.0.3 […]
Cyber News, Cyber Threat Trends
ACM.330 Trying to decipher what roles and policies we need from the AWS Batch documentation Continue reading on Cloud Security »
Cyber News, Cyber Threat Trends
ACM.331 Documentation is key to getting anyone to use your cloud service — or all of them if you can maintain consistency Continue reading on Cloud Security »
Cyber News, Cyber Threat Trends
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant’s threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. “CVE-2023-22515 is a critical privilege escalation vulnerability in
Cyber News, Cyber Threat Trends
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since […]
Cyber News, Cyber Threat TrendsAyush Khandelwal, Software Engineer, Michael Torres, Security Engineer, Hemil Patel, Technical Product Expert, Sameer Ladiwala, Software Enginner In July 2023, four Googlers from the Enterprise Security and Access Security organizations developed a tool that aimed at revolutionizing the way Googlers interact with Access Control Lists – SpeakACL. This tool, awarded the Gold Prize during Google’s […]
Cyber News, Cyber Threat TrendsAyush Khandelwal, Software Engineer, Michael Torres, Security Engineer, Hemil Patel, Technical Product Expert, Sameer Ladiwala, Software Enginner In July 2023, four Googlers from the Enterprise Security and Access Security organizations developed a tool that aimed at revolutionizing the way Googlers interact with Access Control Lists – SpeakACL. This tool, awarded the Gold Prize during Google’s […]
Cyber News, Cyber Threat Trends