Security News

New HTTP/2 DoS attack can crash web servers with a single connection
2024-04-04 15:28

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service attacks, crashing web servers with a single TCP connection in some implementations. HTTP/2 is an update to the HTTP protocol standardized in 2015, designed to improve web performance by introducing binary framing for efficient data transmission, multiplexing to allow multiple requests and responses over a single connection, and header compression to reduce overhead. The new CONTINUATION Flood vulnerabilities were discovered by researcher Barket Nowotarski, who says that it relates to the use of HTTP/2 CONTINUATION frames, which are not properly limited or checked in many implementations of the protocol.

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15

New research has unveiled a vulnerability within the HTTP/2 protocol, known as HTTP/2 CONTINUATION Flood, that allows for denial-of-service (DoS) attacks. This issue, discovered by security researcher Bartek Nowotarski and reported to CERT/CC on January 25, 2024, arises from improper handling of CONTINUATION frames—a component used to transmit extended header lists within a single stream. CERT/CC's advisory highlights that attackers exploiting this vulnerability could send continuous CONTINUATION frames without concluding them with an END_HEADERS flag, leading to potential server crashes or significant performance drops due to out-of-memory conditions or CPU exhaustion.

Hosting firm's VMware ESXi servers hit by new SEXi ransomware
2024-04-03 21:58

Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups. On Monday, PowerHost's Chile division, IxMetro, warned customers that it suffered a ransomware attack early Saturday morning that encrypted some of the company's VMware ESXi servers that are used to host virtual private servers for customers.

Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware
2024-04-03 21:58

Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups. On Monday, PowerHost's Chile division, IxMetro, warned customers that it suffered a ransomware attack early Saturday morning that encrypted some of the company's VMware ESXi servers that are used to host virtual private servers for customers.

9 Must-Do Tips to Secure Ubuntu Server
2024-04-03 16:00

So what do you do? In this TechRepublic Premium article, written by Jack Wallen, we'll share a handy list of nine things you should consider for all of your Ubuntu Server deployments. Ubuntu ships with a root account that isn't accessible, because no password has been set.

OWASP server blunder exposes decade of resumes
2024-04-02 18:30

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

DinodasRAT malware targets Linux servers in espionage campaign
2024-03-31 14:35

The Linux variant of the malware has not been described publicly, although the first version has been tracked to 2021. Cybersecurity company ESET has previously seen DinodasRAT compromising Windows systems in an espionage campaign dubbed 'Operation Jacana,' that targeted government entities.

Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk
2024-03-31 08:00

Beware! Backdoor found in XZ utilities used by many Linux distrosA vulnerability in XZ Utils, the XZ format compression utilities included in most Linux distributions, may "Enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely," Red Hat warns. Drozer: Open-source Android security assessment frameworkDrozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier.

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb
2024-03-28 07:45

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
2024-03-27 11:02

Attackers are leveraging a vulnerability in Anyscale's Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells."We observed hundreds of compromised clusters in the past three weeks alone. Each cluster uses a public IP address, and most clusters contain hundreds to thousands of servers. There are hundreds of servers that are still vulnerable and exposed."