Security News

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [...]

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a...

Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. [...]

Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as...

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including...

Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April. [...]

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service attacks, crashing web servers with a single TCP connection in some implementations. HTTP/2 is an update to the HTTP protocol standardized in 2015, designed to improve web performance by introducing binary framing for efficient data transmission, multiplexing to allow multiple requests and responses over a single connection, and header compression to reduce overhead. The new CONTINUATION Flood vulnerabilities were discovered by researcher Barket Nowotarski, who says that it relates to the use of HTTP/2 CONTINUATION frames, which are not properly limited or checked in many implementations of the protocol.

New research has unveiled a vulnerability within the HTTP/2 protocol, known as HTTP/2 CONTINUATION Flood, that allows for denial-of-service (DoS) attacks. This issue, discovered by security researcher Bartek Nowotarski and reported to CERT/CC on January 25, 2024, arises from improper handling of CONTINUATION frames—a component used to transmit extended header lists within a single stream. CERT/CC's advisory highlights that attackers exploiting this vulnerability could send continuous CONTINUATION frames without concluding them with an END_HEADERS flag, leading to potential server crashes or significant performance drops due to out-of-memory conditions or CPU exhaustion.

While Ivanti said the remote code execution risks are limited to "Certain conditions," the company didn't provide details on the vulnerable configurations. "We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure," Ivanti added.

As many as 300,000 servers or devices on the public internet are thought to be vulnerable right now to the recently disclosed Loop Denial-of-Service technique that works against some UDP-based application-level services. It's pretty trivial, and basically relies on sending an error message to, let's say, vulnerable server A in such a way, using IP address source spoofing, that server A responds with an error message to vulnerable server B, which sends an error message to A, which responds to B, which responds to A, over and over again in an infinite loop.