Cybersecurity Advisory: NCSC echoes discovery of new cyberattack - 'HTTP/2 Rapid Reset Attack’10/28/2023
The National Cyber Security Center (NCSC) under the PNG Department of Information and Communications Technology (DICT) has announced the discovery of a new kind of cyber-attack called the 'HTTP/2 Rapid Reset Attack’. FortiGuard described the new attack as a Distributed Denial-of-Service (DDoS) attack, which it takes advantage of a weakness in the way the HTTP/2 protocol works. This is a serious problem because it's a previously unknown vulnerability that's being actively used by hackers, meaning it’s a previously unknown and unpatched weakness in the software that hackers take advantage. Here's how it works: The attack sends a lot of web requests to servers that use HTTP/2, overloading them and causing resource exhaustion. This can lead to these servers becoming inaccessible, causing a disturbed denial of service. To protect your online applications from such attacks, security experts at FortiGuard recommend using services like a Web Application Firewall (WAF) and an Application Delivery service, which can help balance the load and improve security. If you're using web services that use HTTP/2, it's important to regularly check for patches and other ways to defend against this type of attack. For added security, Forti Web customers can limit the number of requests a single user can make using the 'HTTP Protocol Constraints.' Also read Comments are closed.
|
PNG TECH TIMESHome to PNG technology News and Tips. Software review, Website design tips, Making money through ICT, Social Media Marketing, computer Applications etc. |