Profile picture
, 3 tweets, 1 min read
⚡ CPDoS Attack

A new cache poisoning DoS attack lets attackers trick popular CDN services into delivering “error pages” to visitors of a targeted site, instead of the “legitimate content”—just by sending a single HTTP request for each targeted resource.

thehackernews.com/2019/10/cdn-ca…
CPDoS attack affects reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs) services, including Amazon CloudFront, Cloudflare, Fastly, Akamai, and CDN77.
"The problem arises when an attacker can generate an HTTP request for a cacheable resource where the request contains inaccurate fields that are ignored by the caching system but raise an error while processed by the origin server."
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with The Hacker News

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @TheHackersNews see all

Profile picture
The Hacker News
@TheHackersNews
New Unpatched Bug Could Allow Client-Side Attackers to Bypass #Windows Lock Screen On RDP Sessions

Read more — thehackernews.com/2019/06/rdp-wi…

All the attacker needs to do is… interrupt the network connectivity of a targeted client system and Tadaaaa...! the lock screen will disappear
Starting with Windows 10 1803 and #Windows Server 2019, this flaw exists when login over #RDP requires the clients to authenticate with Network Level Authentication, an option that #Microsoft recently recommended as a workaround against the critical #BlueKeep RDP vulnerability.
Moreover...

"Two-factor authentication systems that integrate with the Windows login screen, such as Duo Security MFA, are also bypassed using this mechanism. Any login banners enforced by an organization will also be bypassed." @wdormann confirmed.
Read 6 tweets
Profile picture
The Hacker News
@TheHackersNews
EXCLUSIVE — A hacker who previously claimed to have hacked massive databases [millions of records] from multiple websites and then put them online for sale in 3 rounds has now come back with a new set of databases breached from 6 other websites

(story coming shortly, stay tuned)
[ROUND 4] List of breached sites:

1) Youthmanual — Indonesian college and career platform
2) GameSalad — Online learning platform
3) Bukalapak — Online Shopping Site
4) Lifebear — Japanese Online Notebook
5) EstanteVirtual — Online Bookstore
6) Coubic — Appointment Scheduling
[Story] Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On the Dark Web

thehackernews.com/2019/03/data-b…

If you have an account with any of the above-listed sites, you should change your passwords immediately and also on other services if you re-use the same password.
Read 8 tweets
Profile picture
The Hacker News
@TheHackersNews
We all love your media player, but that’s really rude #VLC 🙄

VLC developers refused to consider #software "update-over-HTTP" as a threat.

Responded→ “no threat model. no proof. no #security bug"

It wouldn't hurt if you simply consider the suggestion.

trac.videolan.org/vlc/ticket/217…
Though VLC updates are "signed and authenticated with OpenPGP," as developers said, adding an inexpensive but an important extra later of security is a considerable suggestion.
Yes, absolutely. But Looking at your software' popularity and the user base, adding another "easy to implement" second-factor authentication is not a bad idea. Or is it?

Read 3 tweets

Related threads

Profile picture
G. Elliott Morris
@gelliottmorris
#NEW poll of the 2020 Democratic primary from The Economist and YouGov:

% support among likely voters (change v last month)
Warren: 28 (+4)
Biden: 25 (+1)
Sanders: 13 (-4)
Harris: 5 (0)
Buttigieg: 5 (-1)
Yang: 3 (+1)
Bullock: 2 (+1)
Klobuchar: 2 (+1)

All else ≤ 1%
% of Democratic primary voters considering voting for each candidate (over last month):

Warren: 55%
Biden: 47
Sanders: 39
Harris: 30
Buttigieg: 28
Booker: 18
O'Rourke: 16
Yang: 13
Klobuchar: 11
Castro: 11

All else < 10%
% of Democratic primary voters who would be disappointed if ___ candidate won the nomination (over the last month):

Williamson: 32
Gabbard: 23
Biden: 22
Delaney: 21
Steyer: 20
Sanders: 19
Bennet: 17
Yang: 17
O'Rourke: 16
Booker: 13
Buttigieg: 11
Warren: 8
Read 7 tweets
Profile picture
Filomena Rocha
@Filomen03258997
44. The Legacy of US, UK, France, Israel, Saudi Arabia, Turkey, Bahrain, Canada, Qatar, United Arab Emirates, Germany, Belgium, Netherlands, Australia, Jordan, Nato in Syria
#RegimeChange #FakeNews #FalseFlag #terrorism #SyriaInvasion #WarCrimes #CrimesAgainstHumanity
1 to 20. The Legacy of US, UK, France, Israel, Saudi Arabia, Turkey, Bahrain, Canada, Qatar, United Arab Emirates, Germany, Belgium, Netherlands, Australia, Jordan, Nato in Syria 🤨👇🏼
threadreaderapp.com/thread/1136642…
21 to 40. The Legacy of US, UK, France, Israel, Saudi Arabia, Turkey, Bahrain, Canada, Qatar, United Arab Emirates, Germany, Belgium, Netherlands, Australia, Jordan, Nato in Syria 🤨👇🏼
threadreaderapp.com/thread/1164175…
Read 468 tweets
Profile picture
Victoria Brownworth 🏳️‍🌈
@VABVOX
#NEW: @aurabogado reports that DHS is farming out children of migrants.
One of those places is Bethany Services in Pennsylvania, about which I have reported.

The US is quietly opening shelters for babies and young kids. One has 12 children and no mothers revealnews.org/article/the-us…
Bethany Services is linked to Betsy DeVos and has been involved in abuses of kids, and has disturbing anti-LGBTQ policies. This is not a good agency for any children to be housed by, but has numerous sites nationally.
Read Aura's piece and her thread. 📌📌📌 This just gets worse and worse.
Read 3 tweets
Profile picture
ΞLΞVΞNTH
@3L3V3NTH
#New Trump Tower meeting emerges with Donald Trump Jr. and Saudi representative to discuss "Iran policy." huffpost.com/entry/erik-pri…
The meeting also reportedly included now-top White House aide Stephen Miller and Israeli social media expert Joel Zamel.
Who is Joel Zamel, the Australian-Israeli linked to Mueller’s Trump Probe? haaretz.com/israel-news/.p…
Read 8 tweets
Profile picture
Jikku Varghese Jacob
@Jikkuvarghese
#Thread We started our series on online bank frauds and data security with @LukasStefanko 's revelation on three fake Indian bank apps stealing sensitive data of hundreds of Indians. (1/n)
We also published an exclusive email interview with @LukasStefanko in which he alarms India regarding the upcoming bank frauds. (2/n)
We were shocked to know that per day bank frauds are looting 1.5 lakhs from Kerala. In 8 months starting from last August Rs 3 crores went to their accounts. Ernakulam and Trivandrum tops in the list with 80 and 70 lakhs respectively. (3/n)
Read 22 tweets
Profile picture
Ari Schulman
@AriSchulman
The replace-libraries-with-Amazon thing is such a fascinating microcosm of the wretchedness of our current take culture.
First some hapless, unheard-of practitioner of the dismal science has, as is his discipline's wont, a very rational and logical epiphany about the market inefficiency of an institution whose very purpose is to provide a service outside the market.
In times of yore the take would have been read by a few other academics, or perhaps raised some eyebrows in a regional paper, and in either case been promptly forgotten.
Read 22 tweets

Trending hashtags

#SyrianArmy #BlackMarket #Iraq #Syria #FearTheBeard #interference #NEW #Americans #Sirian #CIA #Thieves #AssOverApples #New #Erdogan #Afghanistan #GifMignogna #Diplomats #QSD #Hafez #Lebanon #GIA #WarCrimes #video #DHS #Forces
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!