Weekly Update 371
Presently sponsored by: Got Linux? (And Mac and Windows and iOS and Android?) Then Kolide has the device trust solution…
Security
Hello Alfred app exposes user data
Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user…
What is Traffic Shaping ?
Unraveling the Enigma of Traffic Modulation Within the realm of digital information, data traffic parallels a high-speed freeway, ferrying packets…
iLeakage attack exploits Safari to steal data from Apple devices
Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads.…
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps
Cloudflare mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset. Cloudflare DDoS threat report…
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible
Seiko confirmed a data breach after BlackCat attack
Japanese watchmaker Seiko revealed that the attack that suffered earlier this year was carried out by the Black Cat ransomware…
New NSA Information from (and About) Snowden
Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize…
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks
Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software. Russian APT group Winter…
Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes
The Pwn2Own Toronto 2023 hacking contest has begun and during the first day, participants received $438,750 in prizes! During the…