Risky Bulletin: HTTP2 flaw enables massive DDoS attacks

Summary

Risky Bulletin: HTTP2 Flaw Enables Massive DDoS Attacks
Hosted by Claire Aird | August 15, 2025

The latest episode of Risky Bulletin, hosted by Claire Aird and prepared by Catalyn Kim and Panu, delves into several pressing cybersecurity issues impacting both global and national landscapes. This comprehensive summary highlights the key discussions, insights, and conclusions presented in the episode.

1. HTTP/2 Vulnerability Facilitating DDoS Attacks

At the outset of the episode, Claire Aird introduces a critical vulnerability in the HTTP/2 protocol that has significant implications for web security.

Overview of the Vulnerability:
Researchers at Deepness Lab uncovered the "madeyoureset" attack, which exploits a feature in HTTP/2 that allows connections to be cancelled and reset. Exploiting this feature, attackers can continuously initiate new connections before the cancellation of previous ones is complete, leading to resource exhaustion and massive Distributed Denial of Service (DDoS) attacks.
Impact and Mitigation:
This vulnerability poses a substantial threat to web servers, potentially crippling services reliant on HTTP/2. Organizations are urged to monitor developments and apply necessary patches as they become available.

"Attackers can cancel connections, but before the cancellation is complete they can initiate many more, leading to resource exhaustion."
— Claire Aird [02:15]

2. U.S. Government Embeds Trackers in Chip Shipments

The podcast highlights a controversial move by U.S. authorities to embed tracking devices within semiconductor shipments.

Details of the Tracking Initiative:
According to Reuters, tracking devices are being incorporated into shipments of hardware from companies like Supermicro, AMD, Nvidia, and Dell. These devices aim to detect and prevent the diversion of shipments to adversarial nations, particularly China.
Company Responses and Concerns:
Both Nvidia and Dell have publicly denied any involvement in the installation of these trackers, raising questions about the transparency and security implications of such measures.

"It's unclear where and how shipments are being interdicted," noted Claire Aird [05:40].

3. Expansion of Facial Recognition Vans in the UK

In a move to bolster security measures, the UK is deploying additional facial recognition vans.

Deployment Details:
Ten new vans, each equipped with advanced cameras capable of scanning faces in real-time, will be added to the existing fleet. These vans aim to monitor crowds and assist in the apprehension of wanted individuals.
Scale and Capability:
The new vans are approximately twice the size of those currently in operation, indicating a significant investment in surveillance infrastructure.

"They'll be deployed to scan crowds and help catch wanted people," explained Claire Aird [08:20].

4. Security Breach in Canadian Parliament

A notable security incident involving Canada's Parliament was discussed, emphasizing the ongoing threats to governmental digital infrastructure.

Incident Overview:
Canadian authorities are investigating a breach in the House of Commons where hackers exploited a recent Microsoft vulnerability. The intruders accessed a central database, stealing non-public data related to employees and government-issued devices.
Response and Impact:
The breach occurred last Friday, and details remain limited as officials aim to prevent public panic.

"They allegedly stole non public data about employees and government issued devices," Claire Aird reported [11:05].

5. Russia Tightens Control Over Messaging Apps

The episode covers Russia's intensified regulation of foreign messaging platforms.

Restrictions Implemented:
Russia's Internet watchdog, Roscomnadzor, has begun limiting WhatsApp and Telegram voice and video calls, citing their use in fraud and terrorist activities. Additionally, the Kremlin mandates that government officials transition their Telegram channels to the domestic app MAX.
Future Implications:
Official MAX accounts are expected to launch in the coming weeks, marking a significant shift in governmental communication protocols.

"The Kremlin has ordered government officials to migrate their telegram channels to the country's domestic messaging app, MAX," Claire Aird stated [14:30].

6. Cyber Attack on Polish Water Supply

Poland faced a cyber threat targeting its essential infrastructure.

Attack Details:
A cyber assault aimed at disrupting the water supply of a major city was reportedly thwarted by Polish authorities. The Deputy Prime Minister, Krzysztof Gabgowski, refrained from disclosing the city's name or the identities of the attackers to avoid public alarm.

"Authorities blocked the attack," confirmed Claire Aird [17:10].

7. Iranian Journalists Targeted by Hackers

The podcast sheds light on cyber espionage activities targeting Iranian media personnel.

Identification of Perpetrators:
Iran International traced the hack to Ali Bermud, a 27-year-old from Tabriz, linked to the Handala hacking group. The group operated via Telegram channels under the directives of Iran's intelligence agency, the MOIS.

"He ran the group's Telegram channel and took orders from Iran's intelligence agency," Claire Aird mentioned [19:45].

8. MyDocs Group Exploits Italian Hotel Data

A concerning data breach affecting the hospitality sector in Italy was discussed.

Breach Details:
The MyDocs group claims responsibility for hacking three unnamed Italian hotels between June and July, obtaining over 70,000 scanned passports and IDs. As of Thursday, more than 7,000 scans have been leaked, according to the Italian CERT.

"They stole more than 70,000 scanned passports and IDs," reported Claire Aird [22:00].

9. Cryptocurrency Exchange Hacks

Two significant breaches affecting cryptocurrency exchanges were highlighted.

BTC Turk and Another Exchange:
The Turkish cryptocurrency exchange, BTC Turk, was hacked twice, losing a total of $104 million ($49 million in the recent attack and $55 million last June). Following the latest breach, BTC Turk suspended operations to address the security lapse.

"BTC Turk also lost $55 million to a hack last June," Claire Aird noted [24:30].

10. Cloud Service Disruption at Colt

A cybersecurity incident has impacted Colt, a prominent cloud service provider.

Service Outage:
Colt's customer support portal and Voice API platform have been offline for at least three days. The company is collaborating with cybersecurity experts to investigate and resolve the issue.

"Colt says it's working with experts to investigate the incident," Claire Aird explained [27:15].

11. Monero Blockchain Under Threat

Concerns are rising within the cryptocurrency community regarding the security of the Monero blockchain.

Qubic's Control:
A company named Qubic claims to control over half of Monero's mining capacity, raising fears of a potential 51% attack that could allow for blockchain manipulation or transaction censorship. Qubic describes its actions as a "proof of concept" and an experimental endeavor.

"Users are worried Qubic may be able to execute a 51% attack," Claire Aird stated [29:50].

12. Sanctions on Russian Cryptocurrency Exchange Grinex

The U.S. Treasury Department has imposed sanctions on a Russian crypto exchange.

Grinex Sanctions:
Grinex, launched shortly after the FBI seized the GarretneX platform in March, is now sanctioned by the U.S. Treasury. Funds from GarretneX were reportedly transferred to Grinex wallets following the takedown. GarretneX itself was previously sanctioned in 2022 for facilitating money laundering linked to hacks and ransomware.

"The U.S. treasury Department has sanctioned Russian cryptocurrency exchange Grinex," Claire Aird informed listeners [33:20].

13. Legal Action Against Zelle for Fraud

The state of New York is taking legal steps against the payment platform Zelle over allegations of enabling fraud.

Lawsuit Details:
New York Attorney General Letitia James announced that scammers have siphoned over $1 billion from Zelle users between 2017 and 2023. The lawsuit accuses Zelle of prioritizing growth over implementing essential anti-fraud measures and failing to assist or reimburse affected users. Zelle is operated by a consortium of major American banks, including JPMorgan Chase, Bank of America, Capital One, and Wells Fargo.

"Scammers stole more than $1 billion from Zelle users," Claire Aird reported [36:45].

14. Arrests in Thailand for SMS Fraud

Two individuals in Thailand have been apprehended for their involvement in fraudulent SMS activities.

Details of the Arrests:
The suspects operated an SMS blaster from their vehicle in Bangkok, allegedly recruited via Telegram by a Chinese individual who compensated them $75 daily. Law enforcement agencies tracked and arrested the duo last week after monitoring their device activities.

"They were arrested last week after a local telco tracked down their device," Claire Aird explained [40:10].

15. Emergence of NFC Payment Malware in Brazil

A new Android Trojan targeting NFC payment transactions has surfaced in Brazil.

Malware Details:
Threat Fabric identified the "Phantom Card Trojan," which mirrors one prevalent in the Chinese underground. The malware's developer is known for adapting foreign ransomware for the Brazilian market. Similar NFC relay malware has also been detected in Russia, China, Indonesia, and Czechoslovakia.

"NFC relay malware has now been seen in Russia, China, Indonesia and Czechiya," Claire Aird noted [42:55].

16. Exploitation of Zero Days in Enable’s N-Central Platform

The podcast discusses vulnerabilities within Enable's remote monitoring and management platform.

Vulnerability Exploits:
CISA reported that threat actors are leveraging 20 zero-day vulnerabilities to execute deserialization and command injection attacks against Enable's N-Central servers. A patch addressing these vulnerabilities was released on Wednesday. Enable asserts that only on-premises servers are affected and that attackers need authentication to exploit these flaws.

"A patch was released on Wednesday," Claire Aird mentioned [45:30].

17. Fortinet Patches Critical Security Flaw

Fortinet has addressed a significant security vulnerability in its FortiWeb firewalls.

Vulnerability Details:
The discovered flaw allowed attackers to forge session cookies and bypass authentication mechanisms. Security researcher Aviv Y identified the vulnerability, now termed the "FORT majeure bug." Fortinet is urging all customers to promptly apply patches to their FortiSIM devices to mitigate potential threats.

"The vulnerability allowed attackers to forge session cookies and bypass authentication," Claire Aird elaborated [48:15].

18. Command Injection Patch Released

A critical security update addressing command injection vulnerabilities has been launched.

Update Details:
The patched issue involves a command injection attack, with practical exploit code available online, suggesting imminent exploitation attempts. Immediate application of the security update is recommended to prevent potential breaches.

"Practical exploit code exists online and exploitation is expected to follow," Claire Aird warned [50:00].

19. Xerox Releases Security Updates for Print Orchestration Platform

Xerox has issued patches for vulnerabilities in its Free Flow Core print orchestration system.

Vulnerability Information:
Two key vulnerabilities have been identified that allow unauthenticated attackers to execute malicious code on the platform. Horizon 3 Security released technical write-ups and proof-of-concept exploits for both flaws, emphasizing the need for immediate updates.

"They patch two vulnerabilities that allow unauthenticated attackers to run malicious code on the platform," Claire Aird reported [52:25].

20. NIST Completes ASCON Cryptographic Standard

The U.S. National Institute of Standards and Technology (NIST) has finalized the ASCON cryptographic standard.

Standard Details:
ASCON comprises four cryptographic algorithms tailored for low-memory Internet of Things (IoT) devices, including RFID tags and implanted medical devices. Initiated in 2023, this standard aims to enhance security in constrained environments.

"It can work with devices as small as RFID tags and implanted medical devices," Claire Aird concluded [55:10].

Conclusion

The episode of Risky Bulletin provides an in-depth analysis of emerging cybersecurity threats and the measures being taken to counteract them. From vulnerabilities in widely-used protocols like HTTP/2 to sophisticated state-sponsored tracking and cyber attacks on critical infrastructure, the discussions underscore the evolving landscape of digital security challenges. Listeners are encouraged to stay informed and vigilant as these issues continue to develop.

For more detailed updates and expert insights, tune into the full episode of Risky Bulletin.

Summary

Risky Bulletin: HTTP2 Flaw Enables Massive DDoS Attacks
Hosted by Claire Aird | August 15, 2025

1. HTTP/2 Vulnerability Facilitating DDoS Attacks

At the outset of the episode, Claire Aird introduces a critical vulnerability in the HTTP/2 protocol that has significant implications for web security.

Overview of the Vulnerability:
Researchers at Deepness Lab uncovered the "madeyoureset" attack, which exploits a feature in HTTP/2 that allows connections to be cancelled and reset. Exploiting this feature, attackers can continuously initiate new connections before the cancellation of previous ones is complete, leading to resource exhaustion and massive Distributed Denial of Service (DDoS) attacks.
Impact and Mitigation:
This vulnerability poses a substantial threat to web servers, potentially crippling services reliant on HTTP/2. Organizations are urged to monitor developments and apply necessary patches as they become available.

"Attackers can cancel connections, but before the cancellation is complete they can initiate many more, leading to resource exhaustion."
— Claire Aird [02:15]

2. U.S. Government Embeds Trackers in Chip Shipments

The podcast highlights a controversial move by U.S. authorities to embed tracking devices within semiconductor shipments.

Details of the Tracking Initiative:
According to Reuters, tracking devices are being incorporated into shipments of hardware from companies like Supermicro, AMD, Nvidia, and Dell. These devices aim to detect and prevent the diversion of shipments to adversarial nations, particularly China.
Company Responses and Concerns:
Both Nvidia and Dell have publicly denied any involvement in the installation of these trackers, raising questions about the transparency and security implications of such measures.

"It's unclear where and how shipments are being interdicted," noted Claire Aird [05:40].

3. Expansion of Facial Recognition Vans in the UK

In a move to bolster security measures, the UK is deploying additional facial recognition vans.

Deployment Details:
Ten new vans, each equipped with advanced cameras capable of scanning faces in real-time, will be added to the existing fleet. These vans aim to monitor crowds and assist in the apprehension of wanted individuals.
Scale and Capability:
The new vans are approximately twice the size of those currently in operation, indicating a significant investment in surveillance infrastructure.

"They'll be deployed to scan crowds and help catch wanted people," explained Claire Aird [08:20].

4. Security Breach in Canadian Parliament

A notable security incident involving Canada's Parliament was discussed, emphasizing the ongoing threats to governmental digital infrastructure.

Incident Overview:
Canadian authorities are investigating a breach in the House of Commons where hackers exploited a recent Microsoft vulnerability. The intruders accessed a central database, stealing non-public data related to employees and government-issued devices.
Response and Impact:
The breach occurred last Friday, and details remain limited as officials aim to prevent public panic.

"They allegedly stole non public data about employees and government issued devices," Claire Aird reported [11:05].

5. Russia Tightens Control Over Messaging Apps

The episode covers Russia's intensified regulation of foreign messaging platforms.

Restrictions Implemented:
Russia's Internet watchdog, Roscomnadzor, has begun limiting WhatsApp and Telegram voice and video calls, citing their use in fraud and terrorist activities. Additionally, the Kremlin mandates that government officials transition their Telegram channels to the domestic app MAX.
Future Implications:
Official MAX accounts are expected to launch in the coming weeks, marking a significant shift in governmental communication protocols.

"The Kremlin has ordered government officials to migrate their telegram channels to the country's domestic messaging app, MAX," Claire Aird stated [14:30].

6. Cyber Attack on Polish Water Supply

Poland faced a cyber threat targeting its essential infrastructure.

Attack Details:
A cyber assault aimed at disrupting the water supply of a major city was reportedly thwarted by Polish authorities. The Deputy Prime Minister, Krzysztof Gabgowski, refrained from disclosing the city's name or the identities of the attackers to avoid public alarm.

"Authorities blocked the attack," confirmed Claire Aird [17:10].

7. Iranian Journalists Targeted by Hackers

The podcast sheds light on cyber espionage activities targeting Iranian media personnel.

Identification of Perpetrators:
Iran International traced the hack to Ali Bermud, a 27-year-old from Tabriz, linked to the Handala hacking group. The group operated via Telegram channels under the directives of Iran's intelligence agency, the MOIS.

"He ran the group's Telegram channel and took orders from Iran's intelligence agency," Claire Aird mentioned [19:45].

8. MyDocs Group Exploits Italian Hotel Data

A concerning data breach affecting the hospitality sector in Italy was discussed.

Breach Details:
The MyDocs group claims responsibility for hacking three unnamed Italian hotels between June and July, obtaining over 70,000 scanned passports and IDs. As of Thursday, more than 7,000 scans have been leaked, according to the Italian CERT.

"They stole more than 70,000 scanned passports and IDs," reported Claire Aird [22:00].

9. Cryptocurrency Exchange Hacks

Two significant breaches affecting cryptocurrency exchanges were highlighted.

BTC Turk and Another Exchange:
The Turkish cryptocurrency exchange, BTC Turk, was hacked twice, losing a total of $104 million ($49 million in the recent attack and $55 million last June). Following the latest breach, BTC Turk suspended operations to address the security lapse.

"BTC Turk also lost $55 million to a hack last June," Claire Aird noted [24:30].

10. Cloud Service Disruption at Colt

A cybersecurity incident has impacted Colt, a prominent cloud service provider.

Service Outage:
Colt's customer support portal and Voice API platform have been offline for at least three days. The company is collaborating with cybersecurity experts to investigate and resolve the issue.

"Colt says it's working with experts to investigate the incident," Claire Aird explained [27:15].

11. Monero Blockchain Under Threat

Concerns are rising within the cryptocurrency community regarding the security of the Monero blockchain.

Qubic's Control:
A company named Qubic claims to control over half of Monero's mining capacity, raising fears of a potential 51% attack that could allow for blockchain manipulation or transaction censorship. Qubic describes its actions as a "proof of concept" and an experimental endeavor.

"Users are worried Qubic may be able to execute a 51% attack," Claire Aird stated [29:50].

12. Sanctions on Russian Cryptocurrency Exchange Grinex

The U.S. Treasury Department has imposed sanctions on a Russian crypto exchange.

Grinex Sanctions:
Grinex, launched shortly after the FBI seized the GarretneX platform in March, is now sanctioned by the U.S. Treasury. Funds from GarretneX were reportedly transferred to Grinex wallets following the takedown. GarretneX itself was previously sanctioned in 2022 for facilitating money laundering linked to hacks and ransomware.

"The U.S. treasury Department has sanctioned Russian cryptocurrency exchange Grinex," Claire Aird informed listeners [33:20].

13. Legal Action Against Zelle for Fraud

The state of New York is taking legal steps against the payment platform Zelle over allegations of enabling fraud.

Lawsuit Details:
New York Attorney General Letitia James announced that scammers have siphoned over $1 billion from Zelle users between 2017 and 2023. The lawsuit accuses Zelle of prioritizing growth over implementing essential anti-fraud measures and failing to assist or reimburse affected users. Zelle is operated by a consortium of major American banks, including JPMorgan Chase, Bank of America, Capital One, and Wells Fargo.

"Scammers stole more than $1 billion from Zelle users," Claire Aird reported [36:45].

14. Arrests in Thailand for SMS Fraud

Two individuals in Thailand have been apprehended for their involvement in fraudulent SMS activities.

Details of the Arrests:
The suspects operated an SMS blaster from their vehicle in Bangkok, allegedly recruited via Telegram by a Chinese individual who compensated them $75 daily. Law enforcement agencies tracked and arrested the duo last week after monitoring their device activities.

"They were arrested last week after a local telco tracked down their device," Claire Aird explained [40:10].

15. Emergence of NFC Payment Malware in Brazil

A new Android Trojan targeting NFC payment transactions has surfaced in Brazil.

Malware Details:
Threat Fabric identified the "Phantom Card Trojan," which mirrors one prevalent in the Chinese underground. The malware's developer is known for adapting foreign ransomware for the Brazilian market. Similar NFC relay malware has also been detected in Russia, China, Indonesia, and Czechoslovakia.

"NFC relay malware has now been seen in Russia, China, Indonesia and Czechiya," Claire Aird noted [42:55].

16. Exploitation of Zero Days in Enable’s N-Central Platform

The podcast discusses vulnerabilities within Enable's remote monitoring and management platform.

Vulnerability Exploits:
CISA reported that threat actors are leveraging 20 zero-day vulnerabilities to execute deserialization and command injection attacks against Enable's N-Central servers. A patch addressing these vulnerabilities was released on Wednesday. Enable asserts that only on-premises servers are affected and that attackers need authentication to exploit these flaws.

"A patch was released on Wednesday," Claire Aird mentioned [45:30].

17. Fortinet Patches Critical Security Flaw

Fortinet has addressed a significant security vulnerability in its FortiWeb firewalls.

Vulnerability Details:
The discovered flaw allowed attackers to forge session cookies and bypass authentication mechanisms. Security researcher Aviv Y identified the vulnerability, now termed the "FORT majeure bug." Fortinet is urging all customers to promptly apply patches to their FortiSIM devices to mitigate potential threats.

"The vulnerability allowed attackers to forge session cookies and bypass authentication," Claire Aird elaborated [48:15].

18. Command Injection Patch Released

A critical security update addressing command injection vulnerabilities has been launched.

Update Details:
The patched issue involves a command injection attack, with practical exploit code available online, suggesting imminent exploitation attempts. Immediate application of the security update is recommended to prevent potential breaches.

"Practical exploit code exists online and exploitation is expected to follow," Claire Aird warned [50:00].

19. Xerox Releases Security Updates for Print Orchestration Platform

Xerox has issued patches for vulnerabilities in its Free Flow Core print orchestration system.

Vulnerability Information:
Two key vulnerabilities have been identified that allow unauthenticated attackers to execute malicious code on the platform. Horizon 3 Security released technical write-ups and proof-of-concept exploits for both flaws, emphasizing the need for immediate updates.

"They patch two vulnerabilities that allow unauthenticated attackers to run malicious code on the platform," Claire Aird reported [52:25].

20. NIST Completes ASCON Cryptographic Standard

The U.S. National Institute of Standards and Technology (NIST) has finalized the ASCON cryptographic standard.

Standard Details:
ASCON comprises four cryptographic algorithms tailored for low-memory Internet of Things (IoT) devices, including RFID tags and implanted medical devices. Initiated in 2023, this standard aims to enhance security in constrained environments.

"It can work with devices as small as RFID tags and implanted medical devices," Claire Aird concluded [55:10].

Conclusion

For more detailed updates and expert insights, tune into the full episode of Risky Bulletin.

Powered by Wave AI

Summary

1. HTTP/2 Vulnerability Facilitating DDoS Attacks

2. U.S. Government Embeds Trackers in Chip Shipments

3. Expansion of Facial Recognition Vans in the UK

4. Security Breach in Canadian Parliament

5. Russia Tightens Control Over Messaging Apps

6. Cyber Attack on Polish Water Supply

7. Iranian Journalists Targeted by Hackers

8. MyDocs Group Exploits Italian Hotel Data

9. Cryptocurrency Exchange Hacks

10. Cloud Service Disruption at Colt

11. Monero Blockchain Under Threat

12. Sanctions on Russian Cryptocurrency Exchange Grinex

13. Legal Action Against Zelle for Fraud

14. Arrests in Thailand for SMS Fraud

15. Emergence of NFC Payment Malware in Brazil

16. Exploitation of Zero Days in Enable’s N-Central Platform

17. Fortinet Patches Critical Security Flaw

18. Command Injection Patch Released

19. Xerox Releases Security Updates for Print Orchestration Platform

20. NIST Completes ASCON Cryptographic Standard

Summary

1. HTTP/2 Vulnerability Facilitating DDoS Attacks

2. U.S. Government Embeds Trackers in Chip Shipments

3. Expansion of Facial Recognition Vans in the UK

4. Security Breach in Canadian Parliament

5. Russia Tightens Control Over Messaging Apps

6. Cyber Attack on Polish Water Supply

7. Iranian Journalists Targeted by Hackers

8. MyDocs Group Exploits Italian Hotel Data

9. Cryptocurrency Exchange Hacks

10. Cloud Service Disruption at Colt

11. Monero Blockchain Under Threat

12. Sanctions on Russian Cryptocurrency Exchange Grinex

13. Legal Action Against Zelle for Fraud

14. Arrests in Thailand for SMS Fraud

15. Emergence of NFC Payment Malware in Brazil

16. Exploitation of Zero Days in Enable’s N-Central Platform

17. Fortinet Patches Critical Security Flaw

18. Command Injection Patch Released

19. Xerox Releases Security Updates for Print Orchestration Platform

20. NIST Completes ASCON Cryptographic Standard