Brief #46: HTTP/2 Flaws, Latrodectus Malware, Microsoft Exchange Breach

Week 14: Severe HTTP/2 vulnerabilities enable DoS attacks, new Latrodectus malware emerges, and the US Cyber Safety Board reports on a preventable Microsoft Exchange breach.

7 min read
mandos brief week 14 of 2024 nikoloz kokhreidze

Greetings from week 14!

In this week's cybersecurity roundup I cover critical incidents and developments, from the discovery of severe HTTP/2 vulnerabilities to the emergence of new malware strains like Latrodectus and JSOutProx, as well as insights from the US Cyber Safety Board's report on a preventable Microsoft Exchange Online intrusion.

🌐 This Week in Cybersecurity

New JSOutProx Malware Targets Financial Institutions in APAC and MENA

US Cyber Safety Board Releases Report on Preventable Microsoft Exchange Online Intrusion by China-Linked Hackers

HTTP/2 CONTINUATION Flood Vulnerabilities Enable Severe DoS Attacks

The CONTINUATION Flood vulnerabilities pose a significant threat to web servers, as HTTP/2 is widely adopted and the attacks can be difficult to detect without advanced frame analytics. System administrators should promptly upgrade impacted servers and libraries to mitigate the risk of exploitation by threat actors seeking to incorporate these new DDoS techniques into their attacks.

New Latrodectus Malware Emerges as Potential Successor to IcedID

Multiple Healthcare Providers and Vendors Report Data Breaches Affecting Over 300,000 Individuals

🛠️ Security Tools

🚀 Startup Watch

⭐️ 3 Ways I Can Help You

  1. Work with me. I love helping people! Let's discuss your challenges, career, or ask me anything about cybersecurity in 25 minutes.
  2. Get access to Cyber Strategy OS. My curated collection of valuable resources for every cybersecurity professional..
  3. Looking for something different? Reach out.

If this sparked your interest, I'd love to hear from you in the comments. Stay tuned for more and consider following me on LinkedIn and X.


Share This Post

Check out these related posts

Brief #51: VPN Decloaking Attack, Azure Health Bot Vulnerabilities, CISO Dissatisfaction, and Incident Response Challenges

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read

Brief #50: Postman API Credential Leaks, DHS AI Threat Guidelines, Effective Risk Communication, Cybersecurity Analyst Insights

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read

Brief #49: Palo Alto XDR Exploit, GPT-4 Vulnerability Exploitation, CISO Insights, and Top Cybersecurity Courses

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 7 min read