Denial-of-service Attack | Breaking Cybersecurity News | The Hacker News

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed  HTTP/2 CONTINUATION Flood  by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream," CERT/CC  said  in an advisory on April 3, 2024. "An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not be appended to the header list in memory but will still be processed and decoded by the server or will be appended to the header list, causing an out of memory (OOM) crash." Like in HTTP/1, HTTP/2 uses header fields within requests and responses. These  header fields  can comprise header lists, which in turn, are serialized and broken into  header blo...

Do you support WikiLeaks? Are you angry at critics trying to suppress it? Maybe you're considering joining online protests to shut down the websites of its opponents. Don't. A group of vigilantes named Anonymous has turned their Operation Payback campaign, previously targeting antipiracy organizations, on PayPal, Visa, MasterCard, Senator Joe Lieberman, Sarah Palin, and others who have criticized WikiLeaks or stopped doing business with the document-sharing project. The fallout from WikiLeaks has reached a fever pitch since the site began releasing diplomatic cables last month, causing embarrassment for U.S. diplomatic efforts. Launching denial-of-service (DOS) attacks against target websites to send a message and disrupt their operations is the modern-day equivalent of walking the picket line with a sign. However, the electronic version is illegal. "Participating in a botnet with the intention of shutting down a website violates the Computer Fraud and Abuse Act," ...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...