New HTTP/2 DoS attack can crash web servers with a single connection
Newly discovered HTTP/2 protocol vulnerabilities called
HTTP/2 CONTINUATION Flood: Technical Details
Deep technical analysis of the
CONTINUATION Flood: a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. Remarkably, requests that constitute an attack are not visible in HTTP access logs. **A simplified security advisory and the list of affected projects can be found in: http2-continuation-flood
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks
IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.
Loop DoS: New Denial-of-Service attack targets application-layer protocols
A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. The vulnerability affects both legacy and contemporary protocols. Discovered by Christian Rossow and Yepeng Pan, the attack puts an estimated 300,000 Internet hosts and their networks at risk.
178,000 SonicWall firewalls are vulnerable to old DoS bugs
Majority of public-facing devices still unpatched against critical vulns from as far back as 2022
‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks
A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices.
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks
Microsoft says the early June disruptions to its Microsoft’s flagship office suite — including the Outlook email apps — were denial-of-service attacks by a shadowy new hacktivist group. In a blog post published Friday evening after The Associated Press sought clarification on the sporadic but serious outages, Microsoft confirmed that that they were DDoS attacks by a group calling itself Anonymous Sudan, which some security researchers believe is Russia-affiliated. The software giant offered few details on the attack. It did not comment on how many customers were affected.
New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)
Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP)
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
Cisco discloses high-severity IP phone zero-day with exploit code
Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.
Cisco discloses high-severity IP phone zero-day with exploit code
Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.
OpenSSL plombé par une importante faille de sécurité
La bibliothèque de chiffrement web open source OpenSSL est affectée par une vulnérabilité pouvant servir à des attaques par déni de service. Les versions 1.0.2, 1.1.1 et 3.0 doivent être mises à jour dès que possible.
OpenSSL plombé par une importante faille de sécurité
La bibliothèque de chiffrement web open source OpenSSL est affectée par une vulnérabilité pouvant servir à des attaques par déni de service. Les versions 1.0.2, 1.1.1 et 3.0 doivent être mises à jour dès que possible.
OpenSSL plombé par une importante faille de sécurité
La bibliothèque de chiffrement web open source OpenSSL est affectée par une vulnérabilité pouvant servir à des attaques par déni de service. Les versions 1.0.2, 1.1.1 et 3.0 doivent être mises à jour dès que possible.