A critical vulnerability in the libcue library used in the GNOME desktop environment for Linux systems allows attackers to execute arbitrary code on affected devices by exploiting memory corruption during the indexing process.
Cloudflare discovers a new DDoS technique known as the “HTTP/2 Rapid Reset” attack, which exploits a zero-day vulnerability in the standard HTTP/2 protocol, resulting in massive DDoS attacks on web servers.
A recent report reveals that the T95 Android TV streaming box, along with other devices, is infected with preloaded malware called Badbox, leading to ad fraud, proxy services, fake accounts, and unauthorized code installation, affecting approximately 200 compromised devices in American households, businesses, and schools, resulting in an estimated $2 million in monthly fraud.
Attackers manipulate 404 error pages on Magento and WooCommerce sites to steal customers’ credit card data, using concealed code in HTML image tags and fake forms to collect sensitive information.
Microsoft’s October Patch Tuesday update includes patches for 103 CVEs, including zero-day vulnerabilities, with potential impacts such as unauthenticated remote code execution and Denial of Service.
According to Splunk’s 2023 CISO Report, there has been a significant increase in the number of global CISOs reporting directly to their CEO, with European CISOs leading the trend, as they gain influence in the C-suite by sharing security testing results and demonstrating the ROI of security investments, while concerns about the impact of macroeconomic uncertainty and lack of funding pose challenges for CISOs.
