Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. "An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, … [Read more...] about Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
attackers
A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote command execution vulnerability affecting the Firefox app for … [Read more...] about A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions.Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared … [Read more...] about New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware
An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate.The latest security issue—of which Google is aware but, unfortunately, left unpatched—resides in the "manage versions" … [Read more...] about A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware
Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account.Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to … [Read more...] about Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
Amazon’s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password
Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon's Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network.In case you don't own one of these, Amazon's Ring Video Doorbell is a smart … [Read more...] about Amazon’s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the … [Read more...] about New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources.The issue affects reverse proxy cache systems like Varnish and some widely-used Content Distribution … [Read more...] about New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices.The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth … [Read more...] about New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions
A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP).Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions.Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the … [Read more...] about Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions