Custom search

HTTP Request Smuggling Vulnerability Riddled HAProxy

A serious security vulnerability existed in HAProxy that could allow HTTP request smuggling attacks. The vulnerability affected almost all HAProxy versions, which the maintainer patched accordingly. HAProxy Vulnerability Could Trigger HTTP Content Smuggling The HAProxy maintainer, Willy

Security Affairs

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

HTTP/2 CONTINUATION Flood: a new HTTP/2 vulnerability can be exploited to conduct powerful denial-of-service (DoS) attacks

Security Affairs

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943, addressed in the Apache HTTP server in March. “While CVE-2022-22719 and CVE-2022-22720 do […]

Latest Hacking News

A mitmproxy Vulnerability Could Allow HTTP Request Smuggling Attacks

A major security vulnerability appeared in the mitmproxy service that allowed an adversary to conduct HTTP request smuggling attacks. Thankfully, the vulnerability received a fix before facing exploit in the wild. mitmproxy HTTP Request Smuggling Bug According

DarkReading

New HTTP Request Smuggling Attacks Target Web Browsers

Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.

Cyber Security News

Detecting Malicious HTTP Traffic that Hides Under the Real Traffic

The malware generates malicious network behavior, often hiding it in HTTP traffic to avoid detection. So, cyber security detecting malicious traffic.

Latest Hacking News

T-Reqs – A Tool For HTTP Request Smuggling (HRS) attacks

T-Reqs tool employs grammar-based differential fuzzing to spot novel bugs triggering HTTP Request Smuggling attacks.

Ars Technica

Hackers infect users of antivirus service that delivered updates over HTTP

eScan AV updates were delivered over HTTP for five years.

The Hacker News

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

New research exposes vulnerability in HTTP/2 protocol! The CONTINUATION frame can be exploited for DoS attacks, warns security expert Bartek Nowotarsk

ZDNet

Apache's new security update for HTTP Server fixes two flaws | ZDNet

There's a fix for a critical flaw in Apache HTTP Server, the world's second most widely used web server.

SecurityWeek

Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks

Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date.

Ars Technica

How DDoSers used the HTTP/2 protocol to deliver attacks of unprecedented size

More than 8 years after the adoption of HTTP/2, DDoSers devise rapid reset attack.

Bleeping Computer

QNAP asks users to mitigate critical Apache HTTP Server bugs

QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices.

Bleeping Computer

Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks

The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter.

Cyber Security News

HTTP/2 Rapid Reset Zero-day Flaw Exploited to Launch Massive DDoS Attack

Cloudflare was unexpectedly hit by an enormous HTTP attack that peaked at over 201 million requests per second.

The Hacker News

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

QNAP has issued a notice recommending users update firmware for network-attached storage (NAS) appliances to fix flaws affecting Apache HTTP software.

The Hacker News

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

Cloudflare reported an industry-wide campaign that targeted AWS, Cloudflare, and Google Cloud, launching DDoS attacks exploiting HTTP/2 Rapid Reset.

Bleeping Computer

New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records

A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.

SecurityWeek

New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset

New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks.

SecurityWeek

‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.

The Hacker News

HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

⚡ Beware of the HTTP/2 Rapid Reset attack! A novel zero-day flaw is being exploited to launch record-breaking distributed denial-of-service (DDoS).

Cyber Security News

HTTP/2 Continuation Flood Attack : Single Machine Can Bring Down Server

The HTTP/2 CONTINUATION Flood allows a single machine, and in some cases, just a single TCP connection or a few frames, to cause significant disruptions to server operations, leading to crashes or severe performance degradation.

Bleeping Computer

New HTTP/2 DoS attack can crash web servers with a single connection

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.

PCMag

Cloudflare Is Building a Firewall for AI, Plans to 'Fight AI With AI'

Research suggests new AI security threats are on the horizon. Cloudflare is developing an AI Firewall and is using its own AI tools to defend against AI-powered cyberattacks.

Infosecurity News

UK AI Safety Institute: A Blueprint for the Future of AI?

The UK Frontier AI Taskforce is evolving to become the UK AI Safety Institute

The Hacker News

Watch the Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks

Leveraging the power of AI in cybersecurity to outsmart ever-evolving threats. Discover how it can be your ultimate ally!

Infosecurity News

10 days ago

AI Seoul Summit: 16 AI Companies Sign Frontier AI Safety Commitments

The signatories of these new commitments in safe AI developments include Chinese and Emirati organizations

Infosecurity News

21 days ago

UK's AI Safety Institute Unveils Platform to Accelerate Safe AI Develo

The UK's open source AI safety evaluation platform, Inspect, is set to empower global collaboration for safer AI development

DataBreaches

Cloudflare thwarts largest reported HTTP DDoS attack

Waqas reports: Cloudflare stated that it had managed to mitigate multiple “hyper-volumetric” DDoS attacks that originated from more than 30,000 IP...

Bleeping Computer

3 years ago

Exploit released for wormable Windows HTTP vulnerability

Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.

CSO

23 days ago

Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats

The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies.

Cyber Security News

Microsoft Adds 5 New AI Tools to be Added with Azure AI

Azure AI continues to provide our customers with innovative technologies to safeguard their applications across the generative AI lifecycle.

The Hacker News

Predictive AI in Cybersecurity: Outcomes Demonstrate All AI is Not Created Equally

Discover how predictive AI is shaping the future of cybersecurity. Learn how BlackBerry's Cylance AI is outperforming the competition in malware.

DarkReading

10 days ago

WitnessAI Launches With Guardrails for AI

AI safety platform startup WitnessAI claims to help enterprises use AI safely and effectively with its platform addressing AI privacy, governance, and security.

Bleeping Computer

Microsoft: New critical Windows HTTP vulnerability is wormable

Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022.

Infosecurity News

Dozens of Malicious 'HTTP' Libraries Found on PyPI

ReversingLabs cybersecurity researchers spotted 41 malicious PyPI packages

CSO

5 months ago

AI dominates cybersecurity megatrends for 2024: Report

Three defining concerns associated with the security of AI include trust in AI, ethical application of AI, and cybersecurity of AI, according to the SIA research for cybersecurity megatrends in 2024.

SecurityWeek

6 months ago

Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges

Interview with Craig Martell, Chief Digital and AI Officer (CDAO) for the U.S. Department of Defense, about AI use in the military.

Ars Technica

Adobe Stock begins selling AI-generated artwork

AI-wielding artist must assert ownership and label each piece as "Generative AI."

Bleeping Computer

3 years ago

Wormable Windows HTTP vulnerability also affects WinRM servers

A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service.

SecurityWeek

6 months ago

CISA Outlines AI-Related Cybersecurity Efforts

CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI.

Ars Technica

10 months ago

Why AI detectors think the US Constitution was written by AI

Can AI writing detectors be trusted? We dig into the theory behind them.

Infosecurity News

AI Accountability Framework Created to Guide Use of AI in Security

The framework aims to mitigate ethical issues surrounding use of AI in security

CSO

Orca to offer armor against AI adoption risks

The company's new AI-security posture management (AI-SPM) offering is designed to secure an organization’s AI projects from sensitive access risks.

SecurityWeek

16 days ago

In First AI Dialogue, US Cites ‘Misuse’ of AI by China, Beijing Protests Washington’s Restrictions

US officials raised concerns on China’s “misuse of AI” while Beijing’s representatives rebuked the US over “restrictions and pressure” on AI.

Ars Technica

AI gains “values” with Anthropic’s new Constitutional AI chatbot approach

List of guiding AI values draws on UN Declaration of Rights—and Apple's terms of service

CSO

Protect AI adds LLM support with open source acquisition

Protect AI has integrated open source LLM Guard into proprietary AI security capabilities after acquiring Laiyer AI.

Ars Technica

AI firms working on “constitutions” to keep AI from spewing toxic content

Broken guardrails for AI systems lead to push for new safety measures .

ZDNet

How to upgrade Opera connections from HTTP to HTTPS

To keep your browser navigation as safe as possible, you should force connections to use HTTPS. Find out how to enable this feature in the Opera browser.

The Hacker News

6 months ago

AI Solutions Are the New Shadow IT

AI Solutions Are the New Shadow IT - Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks

Infosecurity News

Google Launches Framework to Secure Generative AI

The Secure AI Framework (SAIF) is a first step to help collaboratively secure AI technology, said Alphabet’s subsidiary

Infosecurity News

AI Safety Summit: OWASP Urges Governments to Agree on AI Standards

The OWASP Foundation has released a call to action ahead of the UK’s AI Safety Summit

Ars Technica

EU votes to ban AI in biometric surveillance, require disclosure from AI systems

Nonbinding EU draft AI law gets tougher, but it's still open to negotiation.

Naked Security

MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”

Twice more unto the breach… third patch tested and released, shut down web access until you’ve applied it

Infosecurity News

AI Safety Summit: Biden Administration Launches US AI Safety Institute

Led by NIST, USAISI will be tasked to facilitate the development of standards for the safety, security, and testing of AI models

CyberNews

"AI would've invented Bitcoin": is BTC and AI a match made in heaven?

AI and Bitcoin are a potentially perfect match as both technologies continue to scale

Ars Technica

“AI took my job, literally”—Gizmodo fires Spanish staff amid switch to AI translator

Meanwhile, readers say that some AI-penned articles switch languages halfway through.

SecurityWeek

SecurityWeek to Host Cyber AI & Automation Summit

Cyber AI Summit will explore cybersecurity use-cases for artificial intelligence (AI) technology and the race to protect LLM algorithms from adversarial use.

Infosecurity News

11 days ago

AI Chatbots Highly Vulnerable to Jailbreaks, UK Researchers Find

The UK AI Safety Institute tested four mainstream AI chatbots with basic jailbreak attacks

Infosecurity News

3 months ago

Google Warns Unfair AI Rules Could Empower Hackers

Google has called for safeguards in AI development as it launches its AI Cyber Defense Initiative which aims to transform online security

SecurityWeek

28 days ago

Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster

Horizon3.ai's AISaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities.

PCMag

North Korean Hackers Spotted Using Generative AI

So far, the North Korean hackers are not using generative AI to conduct actual cyberattacks. Instead, it looks like they are tapping today’s AI models for planning purposes.

Infosecurity News

Governments Eye Disclosure Requirements for AI Development Labs

AI scientist Inma Martinez predicts governments will start requiring ‘frontier’ AI labs full disclosure on the purpose of the tools they are developing

Latest Hacking News

Brave Launches ‘Leo’ AI Assistant For Android Users

The privacy-focused browser Brave has now developed an exciting AI experience for Android users. As announced, Brave has launched ‘Leo’ as its very own AI assistant for Android browsers, hoping to enhance users’ experience. Brave AI

DarkReading

24 days ago

Feds: Reducing AI Risks Requires Visibility & Better Planning

While attackers have targeted AI systems, failures in AI design and implementation are far more likely to cause headaches, so companies need to prepare.

Ars Technica

AI vs. Hollywood: Writers battle “plagiarism machines” in union talks

WGA writers don't want to train AI or clean up AI-generated "sloppy first drafts."

Cyber Security News

Researchers Detailed Red Teaming Malicious Use Cases For AI

Researchers investigated potential malicious uses of AI by threat actors and experimented with various AI models, including large language

CSO

New critical AI vulnerabilities in TorchServe put thousands of AI models at risk

The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said.

Bleeping Computer

HTTP DDoS attacks reach unprecedented 17 million requests per second

A distributed denial-of-service (DDoS) attack earlier this year takes the top spot for the largest such incident, peaking at 17.2 million requests per second (rps).

Ars Technica

At Senate AI hearing, news executives fight against “fair use” claims for AI training data

Media orgs want AI firms to license content for training, and Congress is sympathetic.

SC Magazine

EU AI Act: Cyber pros sound off on rules for ‘high-risk’ AI, deepfakes

The regulations will likely have a global impact and influence as AI tech rapidly evolves, experts say.

SecurityWeek

9 months ago

Microsoft Shares Guidance and Resources for AI Red Teams

Microsoft has shared guidance and resources from its AI Red Team program to help organizations and individuals with AI security.

Infosecurity News

HTTP/S DDoS Attacks Soar 487% in Three Years

Website takedowns driven by Russian hacktivists

Infosecurity News

10 months ago

Plurilock Launches Generative AI ‘Guardrails’ Product for Workforces

PromptGuard is a new cloud access security broker (CASB) that supports employee AI use while ensuring that sensitive data is not released to AI systems

HACKRead

Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks

Cybersecurity firm Wiz.io found that AI-as-a-service (aka AI Cloud) platforms like Hugging Face are vulnerable to critical risks.

CSO

3 months ago

AI adoption in security taking off amid budget, trust, and skill-based issues

Defensive AI emerged as a critical AI use, with 58% of respondents to a survey saying their organization is investing in AI to stop AI-based attacks.

DarkReading

AI Progam Aims to Advance Cybersecurity in Abu Dhabi

The nation's new AI council will be responsible for developing policies and strategies related to research, infrastructure, and investments in AI.

CyberSecurity Dive

23 days ago

Generative AI is a looming cybersecurity threat

Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.

Ars Technica

Artist receives first known US copyright registration for generative AI art

Registration of AI-assisted comic comes amid fierce online debate about AI art ethics.

DarkReading

8 days ago

Critical Flaw in AI Platform Exposes Proprietary Data

The finding underscores the challenges of protecting data from multiple customers across AI-as-a-service solutions, especially in environments that run AI models from untrusted sources.

Bleeping Computer

New Microsoft bug bounty program focuses on AI-powered Bing

Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000.

Latest Hacking News

TROJANPUZZLE Attack Compels AI Assistants To Suggest Rogue Codes

Researchers have devised a novel attack strategy against AI assistants. Dubbed “TrojanPuzzle,” the data poisoning attack maliciously trains AI assistants to suggest wrong codes, troubling software engineers. TROJANPUZZLE Attack Exploits AI Assistants Researchers from the University of

Trend Micro

9 months ago

Cybersecurity Threat 1H 2023 Brief with Generative AI

How generative AI influenced threat trends in 1H 2023

CyberNews

9 days ago

Google’s AI Overview regurgitates hogwash about blinker fluid

Google proudly calls its brand new AI search feature, AI Overview, the future of browsing. But so far, the quick answers it provides can be simply nonsensical.

SecurityWeek

Critical Vulnerabilities Found in Open Source AI/ML Platforms

Security researchers flag multiple severe vulnerabilities in open source AI/ML solutions MLflow, ClearML, Hugging Face.

SecurityWeek

Applying AI to API Security

Five ways in which artificial intelligence (AI) can be leveraged to improve API security to help enterprises improve their security posture.

ZDNet

Singapore identifies six generative AI risks, sets up foundation to guide adoption

AI Verify Foundation will develop test toolkits that mitigate the risks of AI.

The Hacker News

Who's Experimenting with AI Tools in Your Organization?

See how you can find out in minutes with Nudge Security. Automate discovery of new AI tools as they are introduced, collect context on how AI tools ar

Ars Technica

3 months ago

Will Smith parodies viral AI-generated video by actually eating spaghetti

Actor pokes fun at 2023 AI video by eating spaghetti messily and claiming it's AI-generated.

The Cyber Express