Cloudflare, Google and AWS revealed on Tuesday that a new zero-day vulnerability named 'HTTP/2 Rapid Reset' has been exploited by malicious actors to launch the largest distributed denial-of-service (DDoS) attacks in internet history. Cloudflare started analyzing the attack method and the underlying vulnerability in late August. The company says an unknown threat actor has exploited a weakness in the widely used HTTP/2 protocol to launch "enormous, hyper-volumetric" DDoS attacks. READ MORE...
A credential harvesting campaign is targeting Citrix NetScaler gateways that have not been patched against a recent vulnerability, IBM reports. Tracked as CVE-2023-3519 (CVSS score of 9.8), the vulnerability was disclosed in July, but had been exploited since June 2023, with some of the attacks targeting critical infrastructure organizations. By mid-August, threat actors exploited this vulnerability as part of an automated campaign, backdooring roughly 2,000 NetScaler instances. READ MORE...
Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here's a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries. KrebsOnSecurity recently heard from a reader who received an SMS purporting to have been sent by the USPS, saying there was a problem with a package destined for the reader's address. READ MORE...
A recent Magecart web skimming campaign is using three concealment techniques, including by hiding the malicious code in the targeted website's '404' error page, Akamai's security researchers warn. Active since at least 2015, the Magecart hackers are known for placing digital skimmers on compromised websites, to steal visitors' credit card and personal information. READ MORE...
Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads. READ MORE...
The popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS (denial of service) attacks and remote command injection. The product is currently listed as available on D-Link's site and has thousands of reviews on Amazon, so it's a popular choice among consumers. A team of German researchers (RedTeam) who discovered the vulnerability report that despite their attempts to alert D-Link multiple times, the vendor has remained silent, and no fixes have been released. READ MORE...