As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3–Q4 of 2023, and what they mean for developing a robust
BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time
Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums.
Fitzpatrick, who went by the online alias “pompompurin,” was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a $
Fitzpatrick, who went by the online alias “pompompurin,” was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a $
~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation
Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure.
Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible
Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible
Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem
The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem
SEC confirms X account was hacked in SIM swapping attack
The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. […]
Cracked macOS apps drain wallets using scripts fetched from DNS records
Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. […]
FTC orders Intuit to stop pushing “free” software that isn’t really free
Today, the U.S. Federal Trade Commission (FTC) ordered Intuit to stop promoting its software products and services as “free” unless they’re actually free for all consumers. […]
Malicious web redirect scripts stealth up to hide on hacked sites
Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. […]
Apple fixes first zero-day bug exploited in attacks this year
Apple released security updates to address this year’s first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. […]
Ivanti: VPN appliances vulnerable if pushing configs after mitigation
Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. […]