<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/10/2023

SHARE

Top News

'HTTP/2 Rapid Reset' Zero-Day Exploited to Launch Largest DDoS Attacks in History

Cloudflare, Google and AWS revealed on Tuesday that a new zero-day vulnerability named 'HTTP/2 Rapid Reset' has been exploited by malicious actors to launch the largest distributed denial-of-service (DDoS) attacks in internet history. Cloudflare started analyzing the attack method and the underlying vulnerability in late August. The company says an unknown threat actor has exploited a weakness in the widely used HTTP/2 protocol to launch "enormous, hyper-volumetric" DDoS attacks. READ MORE...

Hacking

Credential Harvesting Campaign Targets Unpatched NetScaler Instances

A credential harvesting campaign is targeting Citrix NetScaler gateways that have not been patched against a recent vulnerability, IBM reports. Tracked as CVE-2023-3519 (CVSS score of 9.8), the vulnerability was disclosed in July, but had been exploited since June 2023, with some of the attacks targeting critical infrastructure organizations. By mid-August, threat actors exploited this vulnerability as part of an automated campaign, backdooring roughly 2,000 NetScaler instances. READ MORE...


Phishers Spoof USPS, 12 Other Natl' Postal Services

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here's a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries. KrebsOnSecurity recently heard from a reader who received an SMS purporting to have been sent by the USPS, saying there was a problem with a package destined for the reader's address. READ MORE...

Malware

Magecart Web Skimmer Hides in 404 Error Pages

A recent Magecart web skimming campaign is using three concealment techniques, including by hiding the malicious code in the targeted website's '404' error page, Akamai's security researchers warn. Active since at least 2015, the Magecart hackers are known for placing digital skimmers on compromised websites, to steal visitors' credit card and personal information. READ MORE...

Exploits/Vulnerabilities

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads. READ MORE...


D-Link WiFi range extender vulnerable to command injection attacks

The popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS (denial of service) attacks and remote command injection. The product is currently listed as available on D-Link's site and has thousands of reviews on Amazon, so it's a popular choice among consumers. A team of German researchers (RedTeam) who discovered the vulnerability report that despite their attempts to alert D-Link multiple times, the vendor has remained silent, and no fixes have been released. READ MORE...

On This Date

  • ...in 1902, The Gibson Mandolin guitar company is formed. 50 years later, they would produce the Gibson Les Paul electric guitar.
  • ...in 1917, jazz great Thelonious Monk ("Straight, No Chaser") is born in Rocky Mount, NC.
  • ...in 1924, filmmaker Edward D. Wood, Jr., director of the infamous 1956 cult classic "Plan 9 From Outer Space" is born in Poughkeepsie, NY.
  • ...in 1967, the Outer Space Treaty, prohibiting the militarization and nuclearization of space and all celestial bodies, comes into force after being signed by over 60 nations.
  • ...in 1970, Black Sabbath reaches No.1 on the UK charts with their second album, 'Paranoid.'