HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks
Different implementations of HTTP/2 are vulnerable to what is known as HTTP/2 CONTINUATION Flood. In this type of attack, an attacker can leverage a diversity of existing, vulnerable implementations to disrupt server availability, with consequences ranging from instant server crashes to Out of Memory crashes, to CPU exhaustion affecting servers’ performance. Some vendors reported limited impact on integrity as well.
The particularity of HTTP/2 CONTINUATION Flood is that in certain instances, a single machine – or a single TCP connection or even a handful of frames – are sufficient to cause a denial of service condition. In addition, requests that constitute an attack are not visible to admins in HTTP access logs. Media reporting assesses this attack type could be more severe than HTTP/2 Rapid Reset, a distributed denial of service (DDoS) attack considered up until now to be the most powerful hyper-volumetric attack
Analysis from our SOC team
Although not actively exploited, this vulnerability affects a large portion of the web servers installed on the Internet : Node.js, Tomcat, Apache, to name a few, are all affected.
Our advice: patch as soon as practically convenient.
You don’t have an asset inventory that highlights your exposed web servers? Approach Cyber can help evaluate your attack surface.
The Centre for Cybersecurity Belgium coordinates the Belgian cybersecurity strategy. It is a forward-looking vision for an open, free and secure cyberspace that responds to potential cyber threats that Belgium faces or may face.
You can discover the strategy now via a highly accessible e-learning module.
Analysis from our SOC team
It is a little known fact that the federal government maintains a e-learning platform that is open to every citizen. Login is done through standard eID or itsMe and you get access to a plethora of training content. Latest addition is a training on the country’s cybersecurity strategy that is worth a few minutes of your time.
Many threat actors are turning to malware to scan software vulnerabilities that they can use in future cyber-attacks. Security researchers at Unit 42, the threat intelligence branch of cybersecurity provider Palo Alto Networks, discovered a significant number of malware-initiated scans among the scanning attacks they detected in 2023.
Analysis from our SOC team
A vulnerability management program is a cornerstone of an efficient enterprise cybersecurity program. If you don’t look for vulnerabilities inside your network, the threat actors will. And it’s not in order to patch them …
Multiple vulnerabilities have been discovered in several LG TV models running webOS. These vulnerabilities could be exploited by malicious actors to compromise the devices. The vulnerabilities allow for attackers to create a new privileged user account and take over the device. The attackers need to have network access to exploit these devices. If your devices are not directly reachable from the internet, it can only be exploited by someone on the local network.
Access to a compromised devices could be used to pivot into the rest of your network or organization. The Centre for Cybersecurity Belgium notes that these types of devices, and other smart/IoT devices, are often exploited to become part of a larger botnet being used for all types of criminal cyber activities.
Analysis from our SOC team
The integration of « smart » devices within our networks in the recent years open up new vulnerabilities. Those devices are usually less secure and some of them do not update automatically when they are affected by a new vulnerability.
In enterprise networks, it is recommended to segregate the networks using VLANs and firewalls. At home, the only solution is to patch as soon as a vulnerability like this one is discovered.
In recent months, a number of people have fallen victim to phishing attacks when booking their holidays on online booking platforms.
Some Booking.com customers, for example, have been victims of fraud after hackers took possession of the e-mail accounts of some of the hotels and accommodation offered on the site.
Analysis from our SOC team
It’s that time of year where you stat planning summer vacations. Threat actors are aware of those cycles and don’t hesitate to use it to lure their victims.
You want to help the community ? Suspicious text messages and emails can be forwarded to any of the three email addresses from Safeonweb.
– verdacht@safeonweb.be
– suspect@safeonweb.be
– suspicious@safeonweb.be
Our SOC is also available to assist in case there are any doubts or suspicions about text or mail messages.
