Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

Patch Tuesday, October 2023 Edition

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.

Krebs on Security
Open in Source
#vulnerability#web#ios#windows#apple#google#microsoft#amazon#ddos#dos#rce#auth#zero_day#chrome#blog
GHSA-xpw8-rcwv-8f8p: io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack. ### Impact This is a DDOS attack, any http2 server is affected and so you should update as soon as possible. ### Patches This is patched in version 4.1.100.Final. ### Workarounds A user can limit the amount of RST frames that are accepted per connection over a timeframe manually using either an own `Http2FrameListener` implementation or an `ChannelInboundHandler` implementation (depending which http2 API is used). ### References - https://www.cve.org/CVERecord?id=CVE-2023-44487 - https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ - https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/

Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug

October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.

Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event

Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.

Hackers for Hire Hit Both Sides in Israel-Hamas Conflict

DDoS for hire and live attacks hit both sides as cyber campaigns continue.

HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,

CVE-2023-44487: CVE-2023-44487 - HTTP/2 Rapid Reset Attack

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

By Deeba Ahmed As the conflict escalates on the ground, hacktivists are gearing up for cyberwar. This is a post from HackRead.com Read the original post: Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

Unveiling Vulnerabilities: Penetration Testing Services

By Owais Sultan Human Mind and Attention as Clue in Penetration Testing Success Stories. This is a post from HackRead.com Read the original post: Unveiling Vulnerabilities: Penetration Testing Services

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.