Federati Nu: Federated N-series GNU Social
  • Login
It's "All Of Us For All Of Us" Or We're On Our Own
  • Public

    • Public
    • Groups
    • Popular
    • People

Notices tagged with security

  1. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 14-Dec-2022 22:35:42 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    #Ubuntu #security notice: #Emacs flaw allows code execution. https://ubuntu.com/security/notices/USN-5781-1 [ubuntu com]
    In conversation about 2 months ago from mustard permalink

    Attachments

    1. USN-5781-1: Emacs vulnerability | Ubuntu security notices | Ubuntu
      from /static/files/humans.txt?v=44f44f8
      Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
  2. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 05-Dec-2022 03:15:33 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    #Mastodon issue for #activitypub-troll denial-of-service vulnerability. https://github.com/mastodon/mastodon/issues/21977 with 2 pull requests. https://github.com/mastodon/mastodon/pull/22025 and https://github.com/mastodon/mastodon/pull/22026

    #security
    In conversation about 2 months ago from Choqok permalink

    Attachments

    1. Any idea to stop activitypub-troll.cf or likewise attacks? · Issue #21977 · mastodon/mastodon
      Pitch From about one hour ago, my instance's federated timeline was spammed with contents from activitypub-troll.cf, and the sidekiq queue is full of pulling requests. I have to purge all the t...
    2. Fix unbounded recursion in account discovery by ClearlyClaire · Pull Request #22025 · mastodon/mastodon
      Your self-hosted, globally interconnected microblogging community - Fix unbounded recursion in account discovery by ClearlyClaire · Pull Request #22025 · mastodon/mastodon
    3. Fix unbounded recursion in account discovery (v3.5 backport) by ClearlyClaire · Pull Request #22026 · mastodon/mastodon
      This is a straightforward backport of #22025 to stable-3.5. Some changes were needed for ActivityPub::FetchRemoteAccountService because it's been split into ActivityPub::FetchRemoteActorService bet...
  3. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 04-Dec-2022 22:26:16 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • admin de gnusocial.net
    • aab
    @administrator @aab I'm just guessing, but it could be related to an exploit someone launched against #Mastodon and #Misskey yesterday. From what I read, it brought several instances to their knees. Misskey released a #security patch yesterday.
    In conversation about 2 months ago from Choqok permalink
  4. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 04-Dec-2022 16:22:39 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    Tagging this thread with #Fediverse #Security ... whomever made the script obviously read some protocol docs and some source code. With just a little #JavaScript, they were able to knock some #Misskey and #Mastodon instances to their knees.

    This isn't the first, and it won't be the last. Remember when someone posted a humongous image and locked up any #GNUSocial instance that tried to download the image? Remember when someone's instance was replaced by some sort of cryptocurrency site and PuSH es from your site to theirs would crash your site because of their site's response? (I'll bet I still have that domain blocked at the firewall.)

    We have to stop being naive about the intentions of those in the current migration. The overwhelming majority will have benign, if not good, intentions. But a select few will have bad intentions. Among those intentions is to colonize the Fediverse with #Twitter's culture, to come here and impose that culture of anger and disrespect upon the inhabitants here ... which already happened once with the first wave of people joining #Mastodon instance, except it was Twitter and #Tumblr at that time.
    In conversation about 2 months ago from web permalink
  5. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 23-Oct-2022 07:00:54 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    Oh, good grief, #Microsoft. https://thehackernews.com/2022/10/microsoft-confirms-server.html [thehackernews com]

    Source: https://infosec.exchange/@jerry/109213542275494102

    #security #breach #Azure #cloud
    In conversation about 3 months ago from Shoyu permalink

    Attachments

    1. Jerry Bell (@jerry@infosec.exchange)
      from Jerry Bell
      Microsoft had a leaky storage bucket, exposing a LOT of client data: https://thehackernews.com/2022/10/microsoft-confirms-server.html
  6. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 28-Sep-2022 19:40:42 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    If you are using #Element-iOS , #Element-Android , #Schildichat, or any other #Matrix client powered by matrix-sdk, upgrade now. #Security release is out.

    https://nu.federati.net/url/287969 [matrix org]
    In conversation about 4 months ago from Shoyu permalink

    Attachments

    1. Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2 | Matrix.org
      from @matrixdotorg
  7. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 11-Jun-2022 20:57:15 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    • GeniusMusing
    https://nu.federati.net/url/286651 [arstechnica com]

    > Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

    > On Thursday, researchers from Intezer and The BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November.

    /via @geniusmusing

    #security #linux #backdoor #malware
    In conversation about 8 months ago from web permalink

    Attachments

    1. New ultra-stealthy Linux backdoor isn’t your everyday malware discovery
      from @dangoodin001
      Symbiote gives remote access to any account. Normal methods don't detect it.
  8. Bruja (gaba@systerserver.town)'s status on Tuesday, 17-May-2022 21:07:42 UTC Bruja Bruja
    Remote profile options...

    Leap is also hiring for VPN development https://leap.se/post/2022_05_16_go_dev/ #security #devs #jobs #hiring

    In conversation about 9 months ago from systerserver.town permalink

    Attachments

    1. Invalid filename.
      Wanted: Go Application Developer to Fight Censorship | LEAP Encryption Access Project
      from LEAP
      We need you more than ever: Go app developer for fighting censorship
  9. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 20-Apr-2022 23:49:38 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    https://nu.federati.net/url/285943 [it slashdot org] #Lenovo issues #security patches for over 100 Lenovo products.

    Source: https://shitposter.club/objects/6f578473-d458-464d-92a8-086d8ce96abb
    In conversation about 10 months ago from web permalink

    Attachments

    1. Hackers Can Infect Over 100 Lenovo Models With Unremovable Malware - Slashdot
      Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect. Ars Technica reports: Three vulnerabil...
  10. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 07-Feb-2022 23:26:06 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    Some severe flaws in #Cisco small business routers. https://www.theregister.com/2022/02/04/cisco_smb_routers_critical_vulnerabilities/. [www theregister com]
    At publication time, some flaws and some models had not yet been patched.
    #security
    In conversation about a year ago from AndStatus permalink

    Attachments

    1. Cisco reveals three critical flaws in small business routers
      RV family of routers is in trouble, and fixed software is yet to arrive for some models
  11. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 18-Aug-2021 15:39:54 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    • Rysiekúr Memesson
    #T-mobile #security

    From 2018: https://nu.federati.net/url/282487

    /via @rysiek @rysiek@mastodon.technology
    In conversation Wednesday, 18-Aug-2021 15:39:54 UTC from web permalink

    Attachments

    1. T-Mobile Austria on Twitter
      “@Korni22 @c_pellegrino @PWTooStrong @Telekom_hilft @Korni22 What if this doesn't happen because our security is amazingly good? ^Käthe”
  12. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 25-Apr-2021 06:48:04 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    University of #Minnesota researchers apologize to the #Linux kernel community, ask to restore trust.

    https://nu.federati.net/url/280818 [lore kernel org]

    #MN #UMN #security
    In conversation Sunday, 25-Apr-2021 06:48:04 UTC from Shoyu permalink

    Attachments

    1. An open letter to the Linux community
  13. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 18-Apr-2021 15:41:27 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    Further info: https://news-web.php.net/php.internals/113838

    And with the presumed compromise of git.php.net, all future development activities will take place on #GitHub.

    #code-hosting #vcs #scm #security #git #php
    In conversation Sunday, 18-Apr-2021 15:41:27 UTC from mustard permalink

    Attachments

    1. php.internals: Changes to Git commit workflow
  14. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 25-Mar-2021 00:10:19 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    Detecting #curl-pipe-bash from the server-side: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/ [www idontplaydarts com]

    #security #curl #wget #pipe #bash
    In conversation Thursday, 25-Mar-2021 00:10:19 UTC from web permalink

    Attachments

    1. Detecting the use of "curl | bash" server side | Application Security
      Another reason not to pipe from curl to bash. Detecting curl | bash serverside.
  15. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 17-Dec-2020 03:32:37 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    https://nu.federati.net/url/278948 [thejournal com]

    Schools are now the most targeted segment for ransomware ... make up the majority of all ransomware attacks.

    #security #ransomware #k-12 #schools
    In conversation Thursday, 17-Dec-2020 03:32:37 UTC from web permalink

    Attachments

    1. K–12 Has Become the Most Targeted Segment for Ransomware -- THE Journal
      Malicious actors have disrupted remote learning by targeting school systems in their ransomware, malware and DDoS attacks.
  16. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 14-Dec-2020 22:42:47 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    #Mattermost devs discover unfixable (?) flaws in #Go-Lang library https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ #security
    In conversation Monday, 14-Dec-2020 22:42:47 UTC from mustard permalink

    Attachments

    1. Coordinated disclosure of XML round-trip vulnerabilities in Go XML
      from Juho Nurminen
      If you maintain a Go-based project that relies on XML integrity, we urge you to read this post carefully.
  17. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 13-Dec-2020 23:54:44 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • GeniusMusing
    The Guardian's text is pretty similar to the Jerusalem Post's: https://nu.federati.net/url/278891

    #US_Treasury #security #breach
    In conversation Sunday, 13-Dec-2020 23:54:44 UTC from web permalink

    Attachments

    1. Suspected Russian hackers spied on US Treasury emails - sources
      The hack is so serious it led to a National Security Council meeting at the White House on Saturday.
  18. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 09-Dec-2020 02:15:44 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    US #cybersecurity firm #FireEye discloses breach, theft of tools https://finance.yahoo.com/news/u-cybersecurity-firm-fireeye-discloses-210424354.html [finance yahoo com]

    #SEC #security #breach #filing
    In conversation Wednesday, 09-Dec-2020 02:15:44 UTC from web permalink

    Attachments

    1. U.S. cybersecurity firm FireEye discloses breach, theft of hacking tools
      (Reuters) -FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that it had been hacked, likely by a government, and that an arsenal of hacking tools used to test the defenses of its clients had been stolen. The hack of FireEye, a company with an array of contracts across the national security space both in the United States and its allies, is among the most significant breaches in recent memory. The FireEye breach was disclosed in a public filing with the Securities and Exchange Commission citing CEO Kevin Mandia.
  19. GeniusMusing (geniusmusing@nu.federati.net)'s status on Wednesday, 09-Dec-2020 01:06:10 UTC GeniusMusing GeniusMusing
    OpenSSL Releases Security Update CISA
    https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/openssl-releases-security-update

    >OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.

    openssl.org/news/secadv/20201208.txt
    https://www.openssl.org/news/secadv/20201208.txt

    >EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
    >======================================================
    >
    >Severity: High
    >
    >The X.509 GeneralName type is a generic type for representing different types
    >of names. One of those name types is known as EDIPartyName. OpenSSL provides a
    >function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
    >to see if they are equal or not. This function behaves incorrectly when both
    >GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
    >may occur leading to a possible denial of service attack.
    >
    >OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
    >1) Comparing CRL distribution point names between an available CRL and a CRL
    > distribution point embedded in an X509 certificate
    >2) When verifying that a timestamp response token signer matches the timestamp
    > authority name (exposed via the API functions TS_RESP_verify_response and
    > TS_RESP_verify_token)
    >
    >If an attacker can control both items being compared then that attacker could
    >trigger a crash.
    >...

    #OpenSSL #Security #Update
    In conversation Wednesday, 09-Dec-2020 01:06:10 UTC from web permalink

    Attachments

    1. OpenSSL Releases Security Update | CISA
      OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.
  20. GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 08-Dec-2020 17:32:50 UTC GeniusMusing GeniusMusing
    Multiple Embedded TCP/IP Stacks CISA
    https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

    >1. EXECUTIVE SUMMARY
    >
    > CVSS v3 9.8
    > ATTENTION: Exploitable remotely/low skill level to exploit
    > Vendor: Multiple (open source)
    > Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net
    > Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination
    >
    >CISA is aware of a public report, known as “AMNESIA:33” that details vulnerabilities found in multiple open-source TCP/IP stacks. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
    >
    >The various open-source stacks may be implemented in forked repositories.
    >2. RISK EVALUATION
    >
    >Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.
    >3. TECHNICAL DETAILS
    >3.1 AFFECTED PRODUCTS
    >
    >The following are affected:
    >
    > uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior
    > uIP-Contiki-NG, Version 4.5 and prior
    > uIP (EOL), Version 1.0 and prior
    > open-iscsi, Version 2.1.12 and prior
    > picoTCP-NG, Version 1.7.0 and prior
    > picoTCP (EOL), Version 1.7.0 and prior
    > FNET, Version 4.6.3
    > Nut/Net, Version 5.1 and prior
    >...
    #Security
    In conversation Tuesday, 08-Dec-2020 17:32:50 UTC from web permalink

    Attachments

    1. Multiple Embedded TCP/IP Stacks | CISA
      1.
  • Before

Feeds

  • Activity Streams
  • RSS 1.0
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Federati Nu: Federated N-series GNU Social is a social network, courtesy of Federati Networks. It runs on GNU social, version 2.0.0-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Federati Nu: Federated N-series GNU Social content and data are available under the Creative Commons Attribution 3.0 license.

Switch to mobile site layout.