Tag Archives: dangerous

Cybersecurity researchers have recently discovered a new vulnerability in the HTTP/2 protocol, which allows threat actors to mount denial of service (DoS) attacks and even crash servers with a single TCP connection.

The vulnerability relates to the use of HTTP/2 CONTINUATION frames, which is why the researcher who found it, Barket Nowotarski, dubbed it “CONTINUATION Flood”.

• Michael Bugeja is a distinguished professor of liberal arts and sciences at Iowa State University.

Long after risks became apparent 20 years ago — including screen addiction, loss of face-to-face communication, cyber stalking, bullying and harassment — lawmakers finally are trying to restrict social media accounts of underage users and monitor effects of these perilous platforms.

Lack of legislation has allowed tech CEOs to deflect deleterious effects, hire D.C. lobbyists and write service terms so obtuse that users simply ignore them and click “I agree,” the most pervasive lie told every day across Iowa.

As the Des Moines Register reported, the Iowa House has approved a bill (House File 2523), requiring children under age 18 to get parental approval to open social media accounts…

North Korean state-sponsored threat actors were observed using the recently discovered ScreenConnect vulnerabilities to steal sensitive data from their targets. 

A new report from Kroll shared with TechRadar Pro found a group known as Kimsuky (AKA Thallium) abused two flaws found in ConnectWise’s solution to drop ToddleShark, an upgraded version of the group’s other backdoors, BabyShark and ReconShark. 

Tens of thousands of Microsoft Exchange servers are vulnerable to a flaw that is already being abused in the wild, experts have warned.

The vulnerability, tracked as CVE-2024-21410, is a privilege escalation flaw that allows threat actors to perform NTLM relay attacks on Microsoft Exchange Servers and escalate their privileges on the target endpoint. As a result, they could steal sensitive information and confidential data being shared via email, or could use the access as a stepping stone for more devastating attacks.