Found 20 bookmarks
Custom sorting
Palo Alto Releases Patch for PAN-OS DoS Flaw
Palo Alto Releases Patch for PAN-OS DoS Flaw
Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.
#thehackernews#EN#2024#PaloAlto#PAN-OS#DoS#Flaw#CVE-2024-3393
·thehackernews.com·
Palo Alto Releases Patch for PAN-OS DoS Flaw
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys. Additionally, we identified an alarming risk of DoS attacks stemming from the exposure of pprof debugging endpoints, which, when exploited, could overwhelm and crash Prometheus servers, Kubernetes pods and other hosts.
#aquasec#EN#2024#Prometheus#Servers#DoS#attacks#Exposed#research
·aquasec.com·
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
Critical Cisco bug lets hackers add root users on SEG devices
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system.
#bleepingcomputer#EN#2024#Code#InfoSec#Execution#Path#Gateway#Denial#DoS#Remote#Cisco#RCE#CVE-2024-20401#SEG
·bleepingcomputer.com·
Critical Cisco bug lets hackers add root users on SEG devices
HTTP/2 CONTINUATION Flood: Technical Details
HTTP/2 CONTINUATION Flood: Technical Details
Deep technical analysis of the CONTINUATION Flood: a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. Remarkably, requests that constitute an attack are not visible in HTTP access logs. **A simplified security advisory and the list of affected projects can be found in: http2-continuation-flood
#nowotarski#EN#2024#CONTINUATION-flood#HTTP/2#DoS#technical-details
·nowotarski.info·
HTTP/2 CONTINUATION Flood: Technical Details
Loop DoS: New Denial-of-Service attack targets application-layer protocols
Loop DoS: New Denial-of-Service attack targets application-layer protocols
A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. The vulnerability affects both legacy and contemporary protocols. Discovered by Christian Rossow and Yepeng Pan, the attack puts an estimated 300,000 Internet hosts and their networks at risk.
#cispa.de#EN#2024#DoS#Denial-of-Service#UDP#vulnerability#Application-Layer
·cispa.de·
Loop DoS: New Denial-of-Service attack targets application-layer protocols
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks
Microsoft says the early June disruptions to its Microsoft’s flagship office suite — including the Outlook email apps — were denial-of-service attacks by a shadowy new hacktivist group. In a blog post published Friday evening after The Associated Press sought clarification on the sporadic but serious outages, Microsoft confirmed that that they were DDoS attacks by a group calling itself Anonymous Sudan, which some security researchers believe is Russia-affiliated. The software giant offered few details on the attack. It did not comment on how many customers were affected.
#apnews#EN#2023#Microsoft#Outlook#denial-of-service#attacks#DoS#DDoS
·apnews.com·
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks