In a groundbreaking analysis, security researcher Bartek Nowotarski has detailed a new class of vulnerabilities within the HTTP/2 protocol, known as the CONTINUATION Flood. This technical deep dive into HTTP/2‘s inner workings reveals a potential for significant disruptions, overshadowing even the notorious Rapid Reset attack dubbed the largest Distributed Denial of Service (DDoS) attack to date. The Inherent Flaw HTTP/2 was designed to improve upon its predecessor HTTP/1.1 by introducing efficiencies such as binary data framing and multiplexing. However, these same features have opened a door ..read more

In a significant development in the realm of cybersecurity, two critical vulnerabilities in Microsoft SharePoint Server, identified as CVE-2023-24955 and CVE-2023-29357, have been brought to light, underscoring the persistent threat landscape that organizations navigate. CVE-2023-29357: The Elevation of Privilege Menace CVE-2023-29357, a critical elevation of privilege (EoP) vulnerability, has been assigned a CVSSv3 score of 9.8, marking it as a severe threat. This vulnerability permits attackers to escalate their privileges within Microsoft SharePoint Server, potentially allowing unauthorized ..read more

In a significant cybersecurity incident, the Cybersecurity and Infrastructure Security Agency (CISA) was breached last month due to vulnerabilities in Ivanti software products. This breach underscores the ongoing threat data breaches pose to businesses, government agencies, and critical infrastructure, emphasizing the importance of robust cybersecurity measures. The Incident at CISA CISA, the agency responsible for protecting the United States’ critical infrastructure, fell victim to a cyberattack facilitated by vulnerabilities in Ivanti’s Connect Secure and Policy Safe products. These product ..read more

HiddenLayer’s recent research has uncovered a series of concerning vulnerabilities within Google’s latest Large Language Models (LLMs) family, known as Gemini. These vulnerabilities present significant security risks, including the manipulation of user queries, the leakage of system prompts, and indirect injections that could lead to profound misuse of the technology. Gemini, Google’s newest suite of LLMs, comprises three models: Nano, Pro, and Ultra, each designed for varying levels of complexity and tasks. Despite its innovative approach to handling a wide array of media types, including tex ..read more

At the recent SO-CON security conference, researchers have brought to light significant misconfigurations in Microsoft’s System Center Configuration Manager (SCCM), now known as Configuration Manager. These misconfigurations, if exploited, could lead to severe security vulnerabilities, allowing cyber attackers to infiltrate and compromise systems. A team of security researchers has meticulously created a knowledge base repository focusing on attack and defense techniques stemming from improper setups of Microsoft’s Configuration Manager. This repository serves as a crucial resource for cyberse ..read more

In recent times, the cybersecurity landscape has witnessed a significant uptick in the exploitation of misconfigured servers across various platforms, including YARN (Yet Another Resource Negotiator), Docker, Confluence, and Redis. Hackers have been leveraging these vulnerabilities to carry out crypto mining operations unlawfully. This article delves into the intricacies of these attacks, exploring the nature of the vulnerabilities, the modus operandi of the attackers, the implications for businesses and individual users, and the measures that can be taken to mitigate such risks. Understanding ..read more

The recent findings from McAfee Labs have unveiled a worrying trend in the cybersecurity landscape: a significant increase in malware distribution through PDF files. This revelation is particularly concerning because it challenges the conventional wisdom that malware primarily spreads through suspicious websites or downloads. Instead, it appears that seemingly innocuous emails, especially those with PDF attachments, are becoming a favored vector for cybercriminals. Why PDFs? The shift towards exploiting PDF files can be traced back to Microsoft’s implementation of macro-blocking measures for O ..read more

In the ever-evolving landscape of cybersecurity, a new vulnerability identified as CVE-2023-40547 has emerged, casting a shadow over the security of most Linux systems. This vulnerability, discovered within the shim bootloader—a cornerstone component for supporting Secure Boot—poses a critical risk, potentially allowing attackers to gain unauthorized control over the boot process of affected systems. Understanding Shim and Its Role in Secure Boot Shim plays a pivotal role in the Linux boot process, especially in systems utilizing Secure Boot, a security standard developed to ensure that a devi ..read more

In a significant cybersecurity incident, Cloudflare, a leading web security and performance company, disclosed that it had been targeted by a sophisticated hacking attempt by a nation-state actor. The attack, which took place in November 2023, involved the compromise of Cloudflare’s self-hosted Atlassian server. The threat actor conducted reconnaissance between November 14 and 17, targeting Cloudflare’s internal wiki and bug database. They returned on November 22, establishing persistent access through ScriptRunner for Jira, and attempted to infiltrate Cloudflare’s source code management syste ..read more

Recent developments in cybersecurity have brought to light multiple security vulnerabilities in the runC command line tool. These vulnerabilities pose significant risks as they could potentially be exploited by threat actors to compromise containerized environments. runC is a command-line tool used for spawning and running containers according to the Open Container Initiative (OCI) specification. It’s a cornerstone in container technology, widely used in various container management systems like Docker. The tool is essential for creating and managing container environments, making it a critica ..read more