Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us. […]
Considerations for Operational Technology Cybersecurity
Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise’s physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique characteristic of OT brings additional cybersecurity considerations not typically present in conventional IT security
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks.
The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024.
“Many HTTP/2 implementations do not properly limit or sanitize the
The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024.
“Many HTTP/2 implementations do not properly limit or sanitize the
Ivanti Rushes Patches for 4 New Flaw in Connect Secure and Policy Secure
Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS).
The list of flaws is as follows –
The list of flaws is as follows –
CVE-2024-21894 (CVSS score: 8.2) – A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an
Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack
The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key. […]
SurveyLama data breach exposes info of 4.4 million users
Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users. […]
Omni Hotels confirms cyberattack behind ongoing IT outage
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations. […]
Hosting firm’s VMware ESXi servers hit by new SEXi ransomware
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company’s VMware ESXi servers and backups. […]
Jackson County in state of emergency after ransomware attack
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. […]
US State Department investigates alleged theft of government data
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. […]