Denial-of-service Attack | Breaking Cybersecurity News | The Hacker News

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed  HTTP/2 CONTINUATION Flood  by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream," CERT/CC  said  in an advisory on April 3, 2024. "An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not be appended to the header list in memory but will still be processed and decoded by the server or will be appended to the header list, causing an out of memory (OOM) crash." Like in HTTP/1, HTTP/2 uses header fields within requests and responses. These  header fields  can comprise header lists, which in turn, are serialized and broken into  header blocks . The head

Do you support WikiLeaks? Are you angry at critics trying to suppress it? Maybe you're considering joining online protests to shut down the websites of its opponents. Don't. A group of vigilantes named Anonymous has turned their Operation Payback campaign, previously targeting antipiracy organizations, on PayPal, Visa, MasterCard, Senator Joe Lieberman, Sarah Palin, and others who have criticized WikiLeaks or stopped doing business with the document-sharing project. The fallout from WikiLeaks has reached a fever pitch since the site began releasing diplomatic cables last month, causing embarrassment for U.S. diplomatic efforts. Launching denial-of-service (DOS) attacks against target websites to send a message and disrupt their operations is the modern-day equivalent of walking the picket line with a sign. However, the electronic version is illegal. "Participating in a botnet with the intention of shutting down a website violates the Computer Fraud and Abuse Act,"

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.