Security News
New research has unveiled a vulnerability within the HTTP/2 protocol, known as HTTP/2 CONTINUATION Flood, that allows for denial-of-service (DoS) attacks. This issue, discovered by security researcher Bartek Nowotarski and reported to CERT/CC on January 25, 2024, arises from improper handling of CONTINUATION frames—a component used to transmit extended header lists within a single stream. CERT/CC's advisory highlights that attackers exploiting this vulnerability could send continuous CONTINUATION frames without concluding them with an END_HEADERS flag, leading to potential server crashes or significant performance drops due to out-of-memory conditions or CPU exhaustion.
The past three months have seen dramatic developments among the ransomware ecosystem to include the takedown of LockBit's ransomware blog, BlackCat exiting the ecosystem, and the emergence of several smaller ransomware groups. Ransomware as a Service has emerged as the dominant business model among large ransomware groups.
The London Mayor's Office for Policing and Crime is being rapped by regulators for untidy tech practices that made public the personal data of hundreds of people who filed complaints against the Metropolitan Police Service. Between November 11-14 2022, an unnamed employee of the GLA had meant to permit four colleagues access to data shared via the web forms but instead made both forms open to anyone on the internet.
As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete....
"Our Web-Based PLC malware resides in PLC memory, but ultimately gets executed client-side by various browser-equipped devices throughout the ICS environment. From there, the malware uses ambient browser-based credentials to interact with the PLC's legitimate web APIs to attack the underlying real-world machinery," the researchers explained. "While previous attacks on PLCs infect either the control logic or firmware portions of PLC computation, our proposed malware exclusively infects the web application hosted by the emerging embedded webservers within the PLCs," the researchers noted.
An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks. ...
More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show....
Web Check offers thorough open-source intelligence and enables users to understand a website's infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence. Web Check provides insight into the inner workings of any specified website, enabling users to identify possible security vulnerabilities, scrutinize the underlying server architecture, inspect security settings, and discover the various technologies employed by the site.
The murder of 16-year-old schoolgirl Brianna Ghey has kickstarted a debate around limiting children's access to the dark web in the UK, with experts highlighting the difficulty in achieving this. Ciaran Martin, the National Cyber Security Centre's first CEO and current Oxford University professor, weighed into the discussion on Thursday, saying that there is no single technology-based solution and that there should be a greater focus on the dark web in the country's schools.
TL;DR: Learn how to stop cyber criminals with the Cyber Security Specialist Workshop, featuring 16 live training sessions, now just $499.99 for a limited time. Want a career that offers longevity as well as a great salary to boot? Then start preparing now for the opportunities that come with the Cyber Security Specialist Workshop, offered at half price for a limited time.