![HTTP2 Flaw Puts Web Servers at Risk of DoS Attacks [CVE-2024-27983]](https://cdn.sensorstechforum.com/wp-content/uploads/2024/04/HTTP2-Flaw-Puts-Web-Servers-at-Risk-of-DoS-Attacks-CVE-2024-27983-1024x585.jpg "HTTP/2 Flaw Puts Web Servers at Risk of DoS Attacks [CVE-2024-27983]")
A new research conducted by security expert Bartek Nowotarski has unearthed a potential vulnerability in the HTTP/2 protocol. Known as the CONTINUATION Flood, this exploit allows attackers to conduct denial-of-service (DoS) attacks by flooding a server with CONTINUATION frames. The…
A recent analysis has revealed that the malicious code embedded in the widely-used open-source library XZ Utils (present in multiple Linux distros) can enable remote code execution. The attack scenario is based on the critical CVE-2024-3094 vulnerability. CVE-2024-3094 Explained This…
In response to a class action lawsuit filed in 2020, Google has opted to settle by agreeing to delete billions of data records concerning users’ browsing activities. The lawsuit alleged that Google tracked users without their consent while using the…
In a startling development, gamers playing “Call of Duty” have fallen victim to a sophisticated cyber attack aimed at draining Bitcoin wallets. The attack, orchestrated through third-party cheat software, has sent shockwaves through the gaming community, raising concerns about the…
A recently identified vulnerability affecting the “wall” command in the util-linux package has raised concerns among Linux users. Assigned CVE-2024-28085 and named WallEscape by security researcher Skyler Ferrante, the flaw allows unprivileged users to manipulate terminal output, potentially leaking passwords…
A recently patched security vulnerability in Microsoft Edge could have allowed malicious actors to stealthily install arbitrary extensions on users’ systems, potentially leading to harmful actions. CVE-2024-21388 Explained Discovered by Guardio Labs security researcher Oleg Zaytsev and tracked as CVE-2024-21388,…
The Oligo research team recently uncovered an ongoing attack campaign, dubbed ShadowRay, targeting a vulnerability in Ray, a widely utilized open-source AI framework. This vulnerability, currently unresolved and lacking a patch, poses a critical threat to thousands of companies and…
Researchers unearthed a significant vulnerability lurking within Apple’s M-1 and M-2 chips, potentially exposing a chink in the armor of the tech giant’s acclaimed security infrastructure. Dubbed “GoFetch,” this exploit targets the microarchitecture of Apple’s chips, exploiting a flaw that…
A newly identified denial-of-service attack, named Loop DoS, is causing concerns among cybersecurity experts. This sophisticated attack targets application layer protocols and can lead to large-scale traffic disruptions by creating indefinite communication loops between network services. Researchers at the CISPA…
A sophisticated phishing campaign against U.S. organizations has been deploying a remote access trojan known as NetSupport RAT. Dubbed “Operation PhantomBlu,” the activity has been closely monitored by Israeli cybersecurity firm Perception Point. According to security researcher Ariel Davidpur, the…
A DarkGate malware campaign observed in mid-January 2024 has highlighted the exploitation of a recently patched security flaw in Microsoft Windows as a zero-day vulnerability, utilizing counterfeit software installers to propagate its nefarious payload. Trend Micro reported that during this…
In a recent cyber attack on Nissan Oceania’s systems, around 100,000 individuals in Australia and New Zealand have fallen victim to data theft, possibly orchestrated by the notorious Akira ransomware gang. The breach, which occurred in December 2023, has left…
Microsoft has rolled out its latest batch of security fixes for March 2024 Patch Tuesday, addressing a total of 59 CVE-numbered vulnerabilities. The good news is that none of these vulnerabilities are currently known to be publicly exploited, offering a…
A financially motivated cyber threat, dubbed “Magnet Goblin” by Check Point researchers, is leveraging known vulnerabilities in on public-facing services to distribute tailored malware to unpatched Windows and Linux systems. The Magnet Goblin threat actor, known for their persistent activity,…
The French Prime Minister’s office declared on Monday that several government agencies had fallen victim to severe cyberattacks of “intense” magnitude, commencing late Sunday night. While the precise nature of these assaults remains unconfirmed, indications point towards distributed-denial-of-service (DDoS) attacks…
Cisco unveiled patches aimed at rectifying a high-severity security flaw discovered within its Secure Client software. This vulnerability, identified as CVE-2024-20337, poses a significant risk, allowing malicious actors to exploit it for unauthorized access to VPN sessions of targeted users.…
A new threat has emerged targeting unsuspecting Facebook users. Dubbed “Snake,” this Python-based information stealer is engineered to infiltrate systems and capture sensitive data through Facebook messages. Python-based Snake Info Stealer Variants in the Wild According to Cybereason researcher Kotaro…
Apple has taken measures to address two zero-day vulnerabilities detected in iOS, which were actively exploited in the wild. The tech giant promptly issued emergency security updates to patch the vulnerabilities. CVE-2024-23225 and CVE-2024-23296 Acknowledging the severity of the situation,…
A recent report by Group-IB has unveiled concerning statistics regarding compromised ChatGPT credentials. Between January and October 2023, over 225,000 logs containing these credentials were discovered on underground markets. These compromised credentials were identified within information stealer logs linked to…
Researchers from Palo Alto Networks’ Unit 42 have uncovered a new variant of the long-standing Bifrost remote access trojan (RAT) specifically targeting Linux systems. This latest iteration of Bifrost introduces several innovative evasion techniques, posing a significant challenge to detection…
