2023

VMware Tools vulnerability enables privilege escalation

Two critical vulnerabilities have been identified in VMware Tools and labeled CVE-2023-34057 and CVE-2023-34058. These vulnerabilities are related to local privilege escalation and SAML token signature bypass. These vulnerabilities have a high severity rating of 7.5 (High) and 7.8 (High) respectively. One of these vulnerabilities was identified in macOS systems. VMware has taken immediate action …

VMware Tools vulnerability enables privilege escalation Read More »

PoC exploits for Critix and VMware vulnerability published

VMware, a provider of virtualization services, has notified its customers of the discovery of a proof-of-concept (PoC) exploit for a recently patched vulnerability in Aria Operations for Logs. This high severity vulnerability, identified as CVE-2023-34051 with a CVSS score of 8.1, involves an authentication bypass that could potentially lead to remote code execution. According to …

PoC exploits for Critix and VMware vulnerability published Read More »

DDoS attack exploits HTTP/2 rapid reset vulnerability

Cloudflare announced Thursday that it has successfully mitigated thousands of high-volume HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed vulnerability called HTTP/2 Rapid Reset. Among these attacks, 89 exceeded the 100 million requests per second (RPS) mark. In a report shared with The Hacker News, the web infrastructure and security company stated, “The …

DDoS attack exploits HTTP/2 rapid reset vulnerability Read More »

D-Link confirms a data breach

D-Link, a Taiwanese manufacturer of networking devices, has admitted to a data breach in which, according to their own statements, “low-sensitive and semi-public information” was exposed. The company clarified that this data did not originate from the cloud but likely came from an outdated D-View 6 system, which had reached the end of its lifecycle …

D-Link confirms a data breach Read More »

Hackers compromise USB devices used by government agencies

A continuous cyber espionage campaign called TetrisPhantom is targeting government institutions in the Asia-Pacific (APAC) region. The attackers have secretly collected sensitive data from government organizations in APAC by using secure USB drives with hardware encryption, typically used for secure data storage and transmission between computer systems. Kaspersky has identified this campaign in its APT …

Hackers compromise USB devices used by government agencies Read More »

Massive DDoS attack exploits zero-day vulnerability in HTTP/2 Rapid Reset

A unique DDoS attack based on HTTP/2 targeted multiple Google services and cloud users. The attackers utilized an advanced method called HTTP/2 Rapid Reset to exploit a zero-day vulnerability in the HTTP/2 protocol, identified as CVE-2023-44487, which could be used for DDoS attacks. The reported scale of the attack was as follows: Amazon successfully defended …

Massive DDoS attack exploits zero-day vulnerability in HTTP/2 Rapid Reset Read More »

Scroll to Top