#ddos

The Personal Information Protection Law gives authorities the power to impose huge fines and blacklist companies. But the biggest impact may be felt outside the country.

Stockholm’s official app was a disaster. So annoyed parents built their own open source version—ignoring warnings that it might be illegal.

Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Qihoo 360's Netlab security team dubbed the botnet "

Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Qihoo 360's Netlab security team dubbed the botnet "

Packet in, says industry group

Atlassian vulnerability believed to be attack vector

A new attack takes advantage of weak WiFi passwords

A round up of the previous week's blogs and most interesting and relevant security events, hacks, and information. Categories: A week in security Tags: 0-day adselfservice plus avoid US sanction Chrome 0-day Chrome vulnerability computer cookies Dark Web ddos fake COVID vaccine certificate fake UPS fake vaccine certificate Gaggle lock and code lock and code podcast Lock and Code S02E17 Magecart Magecart Group 8 Matt Crape omigod phishing privacy children Puma ransomware South Africa SSL ssl certificate vulnerability zero-click *( Read more... ( https://blog.malwarebytes.com/a-week-in-security/2021/09/a-week-in-security-sept-13-2021-sept-19-2021/ ) )* The post A week in security (Sept 13 – Sept 19) appeared first on Malwarebytes Labs.

This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.