Cyber security researchers have discovered a loophole in HTTP/2 protocol, potentially aiding denial-of-service attacks. According to the report, the vulnerability originates from improper sanitation of the amount of CONTINUATION frames sent within a single stream. Further details revealed
“An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not be appended to the header list in memory but will still be processed and decoded by the server or will be appended to the header list, causing an out of memory (OOM) crash.”
HTTP 2/CONTINUATION Flood is the code name for the security vulnerability.
The Cactus ransomware group recently attacked McAlvain, a company providing design/build, construction management, general contraction, structural concrete, and architectural concrete. The attack exposed 175 GB of data. McAlvain has over 500 employees and a revenue of $199 million.
Ivanti Moves to Strengthen Security with Four New Security Patches
To reassure customers of their security, Ivanti, which has been in the news since the beginning of this year due to one security issue, has addressed four flaws (listed in the later part of this report) with the ability to cause a DoS.
Despite the possibility of the flaws resulting in malicious code execution and denial-of-service (DoS), the company has issued a statement denying the awareness of customer exploitation due to the security flaw.
- CVE-2024-21894, with a CVSS score of 8.2, is an overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure.
- CVE-2024-22052, with a CVSS score of 7.5, is a null pointer dereference vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure.
- CVE-2024-22053 (CVSS score: 8.2) is a heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure.
- CVE-2024-22023 (CVSS score: 5.3) – An XML entity expansion or XEE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests to cause resource exhaustion thereby resulting in a limited-time DoS temporarily.
Incransom ransomware group attacked Remitano, a cryptocurrency company specializing in Bitcoin, Trading, Escrow, Finance, Swap, AltCoin, P2P, Blockchain, Cryptocurrency Exchange, Fintech, Cryptocurrency, and Trading Platform. The company has over 200 employees and a revenue of $5.3 million.
Radiant Global Logistics (Canada), a Canadian company offering a range of non-asset and asset-based services and solutions that optimize the supply chain and improve business efficiency:
- One-stop integrated highway, rail, TL, LTL and warehousing services
- Access to over 6,000 carriers and all Class 1 North American railroads
- Advanced supply chain consulting, analysis, design and implementation
- Consolidated billing and customized reporting
- Climate Controlled Logistics (CCL) Reefer division fell victim to the Akira ransomware group. The company has over 500 employees and revenue of $888.3 million.