New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks.
The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024.
“Many HTTP/2 implementations do not properly limit or sanitize the
The Hacker News – Read More
The China-affiliated threat actor Microsoft identified as Storm-0558 compromised the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals in the attacks, which began in May 2023.
Cyware News – Latest Cyber News – Read More
Google this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices.
The post Pixel Phone Zero-Days Exploited by Forensic Firms appeared first on SecurityWeek.
SecurityWeek – Read More
During a special sale event, you can get an extra 20% off our already discounted price on RealVPN, bringing it down to just $16 for life. Use code SECURE20 at checkout.
Security | TechRepublic – Read More
New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks.
The post New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset appeared first on SecurityWeek.
SecurityWeek – Read More
Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019.
The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek.
SecurityWeek – Read More
While it pretends to be a Google Analytics script, this is merely a distraction from the true nature of the credit card skimming JavaScript code snippet embedded in the infected website.
Cyware News – Latest Cyber News – Read More
The vulnerability CVE-2024-3159 is an out-of-bounds memory access in the V8 JavaScript engine. The flaw was demonstrated by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks during the Pwn2Own 2024 on March 22, 2024.
Cyware News – Latest Cyber News – Read More
The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident.
Cyware News – Latest Cyber News – Read More
As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.
Security Latest – Read More