Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 15 – 2024

Publication date

12.04.2024

Featured Story

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

Different implementations of HTTP/2 are vulnerable to what is known as HTTP/2 CONTINUATION Flood. In this type of attack, an attacker can leverage a diversity of existing, vulnerable implementations to disrupt server availability, with consequences ranging from instant server crashes to Out of Memory crashes, to CPU exhaustion affecting servers’ performance. Some vendors reported limited impact on integrity as well.

The particularity of HTTP/2 CONTINUATION Flood is that in certain instances, a single machine – or a single TCP connection or even a handful of frames – are sufficient to cause a denial of service condition. In addition, requests that constitute an attack are not visible to admins in HTTP access logs. Media reporting assesses this attack type could be more severe than HTTP/2 Rapid Reset, a distributed denial of service (DDoS) attack considered up until now to be the most powerful hyper-volumetric attack.

SOC Analysis: Although not actively exploited, this vulnerability affects a large portion of the web servers installed on the Internet: Node.js, Tomcat, Apache, to name a few, are all affected.

Our advice: patch as soon as practically convenient.

You don’t have an asset inventory that highlights your exposed web servers? Approach Cyber can help evaluate your attack surface.


Other Stories

Belgian Cybersecurity Strategy Now on E-Campus

The Centre for Cybersecurity Belgium coordinates the Belgian cybersecurity strategy—a vision for a secure and resilient digital space for all citizens. Now available via an accessible e-learning module on the federal platform, it presents national objectives to tackle growing cyber threats.

SOC Analysis: It is a little known fact that the federal government maintains an e-learning platform that is open to every citizen. Login is done through eID or itsMe, offering a plethora of cybersecurity training content. This new training on the national strategy is worth a few minutes of your time.

Hackers Use Malware to Hunt Software Vulnerabilities

According to Palo Alto Networks’ Unit 42, a growing number of malware strains are being deployed specifically to scan networks for software vulnerabilities. In 2023, these scans made up a significant share of detected scanning activity, showing how threat actors are automating the vulnerability discovery phase of attacks.

SOC Analysis: A vulnerability management program is a cornerstone of an efficient enterprise cybersecurity program. If you don’t look for vulnerabilities inside your network, the threat actors will. And it’s not in order to patch them …

LG TV Vulnerabilities Expose 91,000 Devices

Researchers discovered multiple vulnerabilities in LG TVs running webOS that could allow attackers to take full control of devices. Exploitation requires network access, and although most attacks would need local access, compromised devices could be leveraged for lateral movement or botnet recruitment.

SOC Analysis: The integration of “smart” devices in networks opens up new vulnerabilities. These devices often lack auto-update mechanisms. In enterprise environments, segment them using VLANs and firewalls. At home, patch immediately when notified of vulnerabilities.

Beware of Fraudulent Holiday Booking Messages

Cybercriminals are taking advantage of the holiday season by distributing phishing messages impersonating booking platforms. Some Booking.com users have fallen victim after hackers compromised hotel email accounts, leading to fraudulent communications and data theft.

SOC Analysis: It’s that time of year where people begin planning summer vacations. Threat actors use this seasonal pattern to increase phishing success. Remain cautious of any messages involving travel bookings.

Suspicious messages can be forwarded to:
– verdacht@safeonweb.be
– suspect@safeonweb.be
– suspicious@safeonweb.be


Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?