Tootfinder

Junk-Traffic-Flut: Rekord-DDoS-Angriff auf Provider mit 7,3 TBit/s
Groß angelegte DDoS-Attacken werden immer heftiger. Cloudflare meldet einen Angriff mit einer Datenmenge von 7,3 Terabit pro Sekunde auf einen Host-Provider.

DDoS incident disrupts internet for thousands in Moscow https://therecord.media/moscow-internet-provider-asvt-ddos-attack

#5 🧾 Validate file uploads with proper size, type and filename sanitization
🍪 Configure secure cookie settings with httpOnly and sameSite attributes
📈 Implement rate limiting to prevent brute force and #DDoS attacks

Check out today's Metacurity for the most critical infosec developments you should know, including
--US House of Representatives bans WhatsApp on security grounds
--US Cybercom played a role in Iran attack,
--Crypto scam services return after Telegram beheading,
--NoName DDoS'ed Dutch cities ahead of NATO summit,
--REvil members released in Russia,
--Coinbase poseur stole millions from crypto holders,
--Critical infrastructure defense project …

US House of Representatives bans WhatsApp on security grounds
US Cybercom played a role in Iran attack, Crypto scam services return after Telegram beheading, NoName DDoS'ed Dutch cities ahead of NATO summit, REvil members released in Russia, Coinbase poseur stole millions from crypto holders, Critical infrastructure defense project disbanded, much more

Threat intel experts have told me that CISOs should be prepared for DDoS attacks in terms of Iranian threats.
"'313 Team' claimed responsibility for a Distributed Denial-of-Service (DDoS) attack on Trump’s Truth Social platform just hours after the U.S. strikes."

Iranian-Aligned Hackers Claim Responsibility for Attack on Trump’s Truth Social Platform
A group of Iranian-aligned hackers has reportedly attacked something President Donald Trump holds dear — his Truth Social platform.

They (or an intentional DDoS) have been pounding the #SpamAssassin RuleQA site into catatonia. They construct URLs which are legitimate and which each cause the site to go digging for the specific performance of a rule on an arbitrary date in the past. Hundreds of rules tested daily for ~20 years.

ExtendAttack: Attacking Servers of LRMs via Extending Reasoning
Zhenhao Zhu, Yue Liu, Yingwei Ma, Hongcheng Gao, Nuo Chen, Yanpei Guo, Wenjie Qu, Huiying Xu, Xinzhong Zhu, Jiaheng Zhang
https://arxiv.org/abs/2506.13737

ExtendAttack: Attacking Servers of LRMs via Extending Reasoning
Large Reasoning Models (LRMs) have demonstrated promising performance in complex tasks. However, the resource-consuming reasoning processes may be exploited by attackers to maliciously occupy the resources of the servers, leading to a crash, like the DDoS attack in cyber. To this end, we propose a novel attack method on LRMs termed ExtendAttack to maliciously occupy the resources of servers by stealthily extending the reasoning processes of LRMs. Concretely, we systematically obfuscate characte…

Ukraine tallies up Russian cyberattacks on local media since start of war https://therecord.media/ukraine-media-cyberattacks-russia-ssscip-report

Grey Rhino Warning: IPv6 is Becoming Fertile Ground for Reflection Amplification Attacks
Ling Hu, Tao Yang, Yu Pang, Bingnan Hou, Zhiping Cai, Bo Yu
https://arxiv.org/abs/2506.04768

Grey Rhino Warning: IPv6 is Becoming Fertile Ground for Reflection Amplification Attacks
Distributed Denial-of-Service (DDoS) attacks represent a cost-effective and potent threat to network stability. While extensively studied in IPv4 networks, DDoS implications in IPv6 remain underexplored. The vast IPv6 address space renders brute-force scanning and amplifier testing for all active addresses impractical. Innovatively, this work investigates AS-level vulnerabilities to reflection amplification attacks in IPv6. One prerequisite for amplification presence is that it is located in …

Also: anyone who feels like donating anti-DDoS services to the #ASF #SpamAssassin project could find interest from the PMC and sysadmin team... https://

ExtendAttack: Attacking Servers of LRMs via Extending Reasoning
Zhenhao Zhu, Yue Liu, Yingwei Ma, Hongcheng Gao, Nuo Chen, Yanpei Guo, Wenjie Qu, Huiying Xu, Xinzhong Zhu, Jiaheng Zhang
https://arxiv.org/abs/2506.13737

ExtendAttack: Attacking Servers of LRMs via Extending Reasoning
Large Reasoning Models (LRMs) have demonstrated promising performance in complex tasks. However, the resource-consuming reasoning processes may be exploited by attackers to maliciously occupy the resources of the servers, leading to a crash, like the DDoS attack in cyber. To this end, we propose a novel attack method on LRMs termed ExtendAttack to maliciously occupy the resources of servers by stealthily extending the reasoning processes of LRMs. Concretely, we systematically obfuscate characte…

I have a trick for getting into a box that’s being clobbered by a crawler DDoS: set the ITerm2 profile to auto-restart and open a half-dozen duplicate sessions. Basically: put a bunch of my SYNs in the queues to compete with the bots.
Ugly as sin, but it ultimately works.
Also: fuck those guys. And fuck their ISPs for being so comatose that they don't notice.
#InfoSec