Author: brangberg

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS).
“The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter,” the web infrastructure

While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases. 
Download the full case study here.
It’s a scenario that could have affected any type of company, from healthcare to finance, e-commerce to

The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader.
“IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads,” the PwC Threat Intelligence said in a Wednesday analysis.
“It uses email

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability.
Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023.
“This is an easily exploitable, unauthenticated remote code

A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan.
The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government’s Anti-Corruption Agency.
“YoroTrooper attempts to obfuscate the