Ars Technica

How DDoSers used the HTTP/2 protocol to deliver attacks of unprecedented size

What's missing from this article is a discussion of what the IETF HTTPBIS working group is doing about it. Here's a link to the thread on the mailing list: https ...
TechRepublic

How to secure your Apache 2 server in four steps

If you’re concerned about the security of your Apache server, these four tips will go a long way to keeping that system secure. Apache is one of the most widely used web servers on the planet, and ...
Bleeping Computer

New HTTP/2 DoS attack can crash web servers with a single connection

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
Ars Technica

Biggest DDoSes of all time generated by protocol 0-day in HTTP/2

In August and September, threat actors unleashed the biggest distributed denial-of-service attacks in Internet history by exploiting a previously unknown vulnerability in a key technical protocol.
Bleeping Computer

QNAP asks users to mitigate critical Apache HTTP Server bugs

QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices. The flaws ...
InfoWorld

HTTP/2: A jump-start for Java developers

HTTP/2 was approved in February 2015 as the successor to the original web communication protocol. While it is in the last stages of finalization, the standard has already been implemented by early ...
Threat Post

Apache Web Server Zero-Day Exposes Sensitive Data

The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating. Apache Software has quickly issued a fix for a zero-day security bug ...