Notices tagged with security, page 2
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 25-Mar-2021 00:10:19 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} Detecting #curl-pipe-bash from the server-side: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/ [www idontplaydarts com]
#security #curl #wget #pipe #bash -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 17-Dec-2020 03:32:37 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://nu.federati.net/url/278948 [thejournal com]
Schools are now the most targeted segment for ransomware ... make up the majority of all ransomware attacks.
#security #ransomware #k-12 #schools -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 14-Dec-2020 22:42:47 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} #Mattermost devs discover unfixable (?) flaws in #Go-Lang library https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ #security In conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 13-Dec-2020 23:54:44 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} The Guardian's text is pretty similar to the Jerusalem Post's: https://nu.federati.net/url/278891
#US_Treasury #security #breachIn conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 09-Dec-2020 02:15:44 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} US #cybersecurity firm #FireEye discloses breach, theft of tools https://finance.yahoo.com/news/u-cybersecurity-firm-fireeye-discloses-210424354.html [finance yahoo com]
#SEC #security #breach #filingIn conversation from nu.federati.net permalink Attachments
-
GeniusMusing (geniusmusing@nu.federati.net)'s status on Wednesday, 09-Dec-2020 01:06:10 UTC GeniusMusing OpenSSL Releases Security Update CISA
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/openssl-releases-security-update
>OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.
openssl.org/news/secadv/20201208.txt
https://www.openssl.org/news/secadv/20201208.txt
>EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
>======================================================
>
>Severity: High
>
>The X.509 GeneralName type is a generic type for representing different types
>of names. One of those name types is known as EDIPartyName. OpenSSL provides a
>function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
>to see if they are equal or not. This function behaves incorrectly when both
>GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
>may occur leading to a possible denial of service attack.
>
>OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
>1) Comparing CRL distribution point names between an available CRL and a CRL
> distribution point embedded in an X509 certificate
>2) When verifying that a timestamp response token signer matches the timestamp
> authority name (exposed via the API functions TS_RESP_verify_response and
> TS_RESP_verify_token)
>
>If an attacker can control both items being compared then that attacker could
>trigger a crash.
>...
#OpenSSL #Security #UpdateIn conversation from nu.federati.net permalink -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 05-Dec-2020 19:42:34 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://pluralistic.net/2020/12/05/trusting-trust/
> WARNING WARNING WARNING WARNING
> Security researchers are alarmed: the already-notorious Trickbot malware has been spottied probing infected computers to find out which version of UEFI they're running. This is read as evidence that Trickbot has figured out how to pull off a really scary feat.
Source: https://mamot.fr/@pluralistic/105329139472008620
#Security #UEFI #BIOS #TPM #Trusted-Computing
CC: @mangeurdenuage @geniusmusing @musicman
It's a long article, but well worth your time.In conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Friday, 20-Nov-2020 23:49:34 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} "So you want to get into Infosec?"
https://hackers.town/@thegibson/105243991039588873 Some links to discounted or free training in that thread.
#infosec #security #training #educationIn conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 05-Nov-2020 17:03:48 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} @aab has found something to block some traffic from unwanted portscans: https://dodweil.us/security/ufw-fail2ban-portscan.html
#security #NoteToSelfIn conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 01-Nov-2020 17:06:34 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} @geniusmusing See https://hackers.town/@devrandom/105136083240782878
#securityIn conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 31-Oct-2020 16:32:38 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} #Google discloses #Microsoft #Windows 10 #zero-day vulnerability that is currently being exploited in the wild. Also patched a #Chrome zero-day. https://www.zdnet.com/article/google-discloses-windows-zero-day-exploited-in-the-wild/ [www zdnet com]
#Win10 #security
Patch incoming 2020-11-10, #Patch_Tuesday.In conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 28-Sep-2020 02:43:43 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} FastCompany: Don't share #passwords with your GF or BF until you read this https://www.fastcompany.com/90556503/dont-share-passwords-with-your-gf-or-bf-until-you-read-this [www fastcompany com]
I didn't know people still did this.
#security #relationshipsIn conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 23-Sep-2020 01:57:14 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} Chinese antivirus firm part of malware / ransomware group https://krebsonsecurity.com/2020/09/chinese-antivirus-firm-was-part-of-apt41-supply-chain-attack/ #security In conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Friday, 21-Aug-2020 21:05:22 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} #ISC's #BIND continues to have security holes one after another. I do sometimes wonder why we (the world as a whole) haven't migrated to something descended from DJBDNS.
#DNS #securityIn conversation from nu.federati.net permalink -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 30-Jul-2020 15:21:28 UTC GeniusMusing VU174059 GRUB2 bootloader is vulnerable to buffer overflow
https://www.kb.cert.org/vuls/id/174059
>Overview
>
>The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled.
I cannot say this is related but I updated grub last night on my backup server and it no longer boots.
#security #buffer #overflow #grub2In conversation from nu.federati.net permalink -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Friday, 12-Jun-2020 20:18:23 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://finance.yahoo.com/news/nintendo-now-says-300-000-165803999.html [finance yahoo com]
#Nintendo now estimates almost twice as many accounts were breached as its previous estimate. 300K online accounts were compromised, exposing PII. According to the company, this is still less than 1% of its userbase.
#security #breach #accounts #crack #compromise #repasswordIn conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 13-May-2020 05:20:56 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://www.zdnet.com/article/huawei-denies-involvement-in-buggy-linux-kernel-patch-proposal/ [www zdnet com]
#Huawei says the #HKSP project and its recently-submitted security patch for the #Linux kernel is not an official company project, but an employee's personal project. "Trivially exploitable" flaws found in patch.
#security #patch #Linux_kernel #GRSecurityIn conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Tuesday, 07-Apr-2020 23:30:12 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://www.theregister.co.uk/2020/04/03/dont_use_zoom_if_privacy/ [www theregister co uk]
Yet another reason to wonder whether #Zoom’s management is just ignorant about #privacy and #security, or actively malicious. “End to end” encryption has a specific meaning, namely that messages sent from your device are encrypted until they arrive at your recipients’ devices, so that no one in between, including any service providers, can read the message payload. If that is not the case, it is not #E2EE.In conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 06-Apr-2020 23:29:08 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} US schools banning #Zoom and switching to #MSTeams https://betanews.com/2020/04/05/us-schools-ban-zoom/ [betanews com] due to widespread #harassment (“Zoombombing”) and #security and #privacy issues. In conversation from nu.federati.net permalink Attachments
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 23-Mar-2020 22:34:00 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} Oh, wonderful. A #Zero-day with #RCE on #Windows ... currently unpatched.
See: https://freeradical.zone/@tek/103874683857159931
#security #infosecIn conversation from nu.federati.net permalink Attachments