News

F5 warns of a high-severity format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service (DoS) condition and potentially execute arbitrary code. Tracked as CVE-2023-22374, the security defect impacts iControl SOAP, an open API that enables communication between systems, which runs as root. The SOAP interface is accessible from the network, either via the BIG-IP management port and/or self IP addresses, and is restricted to administrative accounts. Rapid7, which identified…

Read More

Dutch cyber authorities said Wednesday that several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries’ support for Ukraine. The UMCG hospital in the northern Dutch city of Groningen, one of the largest in the country, saw its website crash in a cyberattack on Saturday. “European hospitals including in the Netherlands have most likely been hit by the pro-Russian hacking group Killnet,” said the Dutch…

Read More

About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. SecurityWeek Cyber Insights 2023 | Attack Surface Management…

Read More

A researcher has disclosed the details of a two-factor authentication (2FA) vulnerability that earned him a $27,000 bug bounty from Facebook parent company Meta.  Gtm Manoz of Nepal discovered in September 2022 that a system designed by Meta for confirming a phone number and email address did not have any rate-limiting protection. A fix was rolled out by Meta in October 2022 and the company highlighted Manoz’s findings in its annual bug bounty program report.…

Read More

Printer and imaging products manufacturer Lexmark this week published a security advisory to warn users of a critical vulnerability impacting over 120 printer models. The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code. “Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary…

Read More

The Internet Systems Consortium (ISC) this week announced patches for multiple high-severity denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The addressed issues could be exploited remotely to cause named – the BIND daemon that acts both as an authoritative name server and as a recursive resolver – to crash, or could lead to the exhaustion of the available memory. The first of the security defects, tracked as CVE-2022-3094, can be exploited by sending…

Read More

Following the shutdown of the Hive ransomware operation by law enforcement, the US government has reminded the public that a reward of up to $10 million is offered for information on cybercriminals. Authorities in the United States and Europe announced on Thursday the results of a major law enforcement operation targeting the Hive ransomware. More than a dozen agencies collaborated to take down the Tor-based leak website used by the group and other parts of…

Read More

Artificial intelligence is writing fiction, making images inspired by Van Gogh and fighting wildfires. Now it’s competing in another endeavor once limited to humans — creating propaganda and disinformation. When researchers asked the online AI chatbot ChatGPT to compose a blog post, news story or essay making the case for a widely debunked claim — that COVID-19 vaccines are unsafe, for example — the site often complied, with results that were regularly indistinguishable from similar…

Read More

Apple’s product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms. The most serious of the documented vulnerabilities affect WebKit and can expose both iOS and macOS devices to code execution attacks via booby-trapped web content, Apple warned in multiple advisories. On the mobile side, Apple pushed out iOS and iPadOS 16.3 with fixes for more than a dozen documented security…

Read More