Public
- Public
- Groups
- Popular
- People

Notices tagged with security

LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 28-Sep-2022 19:40:42 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

If you are using #Element-iOS , #Element-Android , #Schildichat, or any other #Matrix client powered by matrix-sdk, upgrade now. #Security release is out.

https://nu.federati.net/url/287969 [matrix org]
In conversation about 6 days ago from Shoyu permalink
Attachments
1. Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2 | Matrix.org
  
  from @matrixdotorg
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 11-Jun-2022 20:57:15 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
- GeniusMusing
https://nu.federati.net/url/286651 [arstechnica com]

> Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

> On Thursday, researchers from Intezer and The BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November.

/via @geniusmusing

#security #linux #backdoor #malware
In conversation about 4 months ago from web permalink
Attachments
1. New ultra-stealthy Linux backdoor isn’t your everyday malware discovery
  
  from @dangoodin001
  
  Symbiote gives remote access to any account. Normal methods don't detect it.
Bruja (gaba@systerserver.town)'s status on Tuesday, 17-May-2022 21:07:42 UTC Bruja
Remote profile options...

Leap is also hiring for VPN development https://leap.se/post/2022_05_16_go_dev/ #security #devs #jobs #hiring
In conversation about 5 months ago from systerserver.town permalink
Attachments
1. Invalid filename.
  
  Wanted: Go Application Developer to Fight Censorship | LEAP Encryption Access Project
  
  from LEAP
  
  We need you more than ever: Go app developer for fighting censorship
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 20-Apr-2022 23:49:38 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

https://nu.federati.net/url/285943 [it slashdot org] #Lenovo issues #security patches for over 100 Lenovo products.

Source: https://shitposter.club/objects/6f578473-d458-464d-92a8-086d8ce96abb
In conversation about 6 months ago from web permalink
Attachments
1. Hackers Can Infect Over 100 Lenovo Models With Unremovable Malware - Slashdot
  
  Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect. Ars Technica reports: Three vulnerabil...
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 07-Feb-2022 23:26:06 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

Some severe flaws in #Cisco small business routers. https://www.theregister.com/2022/02/04/cisco_smb_routers_critical_vulnerabilities/. [www theregister com]
At publication time, some flaws and some models had not yet been patched.
#security
In conversation about 8 months ago from AndStatus permalink
Attachments
1. Cisco reveals three critical flaws in small business routers
  
  RV family of routers is in trouble, and fixed software is yet to arrive for some models
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 18-Aug-2021 15:39:54 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
- Rysiekúr Memesson
#T-mobile #security

From 2018: https://nu.federati.net/url/282487

/via @rysiek @rysiek@mastodon.technology
In conversation about a year ago from web permalink
Attachments
1. T-Mobile Austria on Twitter
  
  “@Korni22 @c_pellegrino @PWTooStrong @Telekom_hilft @Korni22 What if this doesn't happen because our security is amazingly good? ^Käthe”
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 25-Apr-2021 06:48:04 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

University of #Minnesota researchers apologize to the #Linux kernel community, ask to restore trust.

https://nu.federati.net/url/280818 [lore kernel org]

#MN #UMN #security
In conversation Sunday, 25-Apr-2021 06:48:04 UTC from Shoyu permalink
Attachments
1. An open letter to the Linux community
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 18-Apr-2021 15:41:27 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
in reply to
- LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
Further info: https://news-web.php.net/php.internals/113838

And with the presumed compromise of git.php.net, all future development activities will take place on #GitHub.

#code-hosting #vcs #scm #security #git #php
In conversation Sunday, 18-Apr-2021 15:41:27 UTC from mustard permalink
Attachments
1. php.internals: Changes to Git commit workflow
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 25-Mar-2021 00:10:19 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

Detecting #curl-pipe-bash from the server-side: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/ [www idontplaydarts com]

#security #curl #wget #pipe #bash
In conversation Thursday, 25-Mar-2021 00:10:19 UTC from web permalink
Attachments
1. Detecting the use of "curl | bash" server side | Application Security
  
  Another reason not to pipe from curl to bash. Detecting curl | bash serverside.
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 17-Dec-2020 03:32:37 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

https://nu.federati.net/url/278948 [thejournal com]

Schools are now the most targeted segment for ransomware ... make up the majority of all ransomware attacks.

#security #ransomware #k-12 #schools
In conversation Thursday, 17-Dec-2020 03:32:37 UTC from web permalink
Attachments
1. K–12 Has Become the Most Targeted Segment for Ransomware -- THE Journal
  
  Malicious actors have disrupted remote learning by targeting school systems in their ransomware, malware and DDoS attacks.
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 14-Dec-2020 22:42:47 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

#Mattermost devs discover unfixable (?) flaws in #Go-Lang library https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ #security
In conversation Monday, 14-Dec-2020 22:42:47 UTC from mustard permalink
Attachments
1. Coordinated disclosure of XML round-trip vulnerabilities in Go XML
  
  from Juho Nurminen
  
  If you maintain a Go-based project that relies on XML integrity, we urge you to read this post carefully.
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 13-Dec-2020 23:54:44 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
in reply to
- GeniusMusing
The Guardian's text is pretty similar to the Jerusalem Post's: https://nu.federati.net/url/278891

#US_Treasury #security #breach
In conversation Sunday, 13-Dec-2020 23:54:44 UTC from web permalink
Attachments
1. Suspected Russian hackers spied on US Treasury emails - sources
  
  The hack is so serious it led to a National Security Council meeting at the White House on Saturday.
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 09-Dec-2020 02:15:44 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

US #cybersecurity firm #FireEye discloses breach, theft of tools https://finance.yahoo.com/news/u-cybersecurity-firm-fireeye-discloses-210424354.html [finance yahoo com]

#SEC #security #breach #filing
In conversation Wednesday, 09-Dec-2020 02:15:44 UTC from web permalink
Attachments
1. U.S. cybersecurity firm FireEye discloses breach, theft of hacking tools
  
  (Reuters) -FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that it had been hacked, likely by a government, and that an arsenal of hacking tools used to test the defenses of its clients had been stolen. The hack of FireEye, a company with an array of contracts across the national security space both in the United States and its allies, is among the most significant breaches in recent memory. The FireEye breach was disclosed in a public filing with the Securities and Exchange Commission citing CEO Kevin Mandia.
GeniusMusing (geniusmusing@nu.federati.net)'s status on Wednesday, 09-Dec-2020 01:06:10 UTC GeniusMusing

OpenSSL Releases Security Update CISA
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/openssl-releases-security-update

>OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.

openssl.org/news/secadv/20201208.txt
https://www.openssl.org/news/secadv/20201208.txt

>EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
>======================================================
>
>Severity: High
>
>The X.509 GeneralName type is a generic type for representing different types
>of names. One of those name types is known as EDIPartyName. OpenSSL provides a
>function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
>to see if they are equal or not. This function behaves incorrectly when both
>GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
>may occur leading to a possible denial of service attack.
>
>OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
>1) Comparing CRL distribution point names between an available CRL and a CRL
> distribution point embedded in an X509 certificate
>2) When verifying that a timestamp response token signer matches the timestamp
> authority name (exposed via the API functions TS_RESP_verify_response and
> TS_RESP_verify_token)
>
>If an attacker can control both items being compared then that attacker could
>trigger a crash.
>...

#OpenSSL #Security #Update
In conversation Wednesday, 09-Dec-2020 01:06:10 UTC from web permalink
Attachments
1. OpenSSL Releases Security Update | CISA
  
  OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.
GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 08-Dec-2020 17:32:50 UTC GeniusMusing

Multiple Embedded TCP/IP Stacks CISA
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

>1. EXECUTIVE SUMMARY
>
> CVSS v3 9.8
> ATTENTION: Exploitable remotely/low skill level to exploit
> Vendor: Multiple (open source)
> Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net
> Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination
>
>CISA is aware of a public report, known as “AMNESIA:33” that details vulnerabilities found in multiple open-source TCP/IP stacks. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
>
>The various open-source stacks may be implemented in forked repositories.
>2. RISK EVALUATION
>
>Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.
>3. TECHNICAL DETAILS
>3.1 AFFECTED PRODUCTS
>
>The following are affected:
>
> uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior
> uIP-Contiki-NG, Version 4.5 and prior
> uIP (EOL), Version 1.0 and prior
> open-iscsi, Version 2.1.12 and prior
> picoTCP-NG, Version 1.7.0 and prior
> picoTCP (EOL), Version 1.7.0 and prior
> FNET, Version 4.6.3
> Nut/Net, Version 5.1 and prior
>...
#Security
In conversation Tuesday, 08-Dec-2020 17:32:50 UTC from web permalink
Attachments
1. Multiple Embedded TCP/IP Stacks | CISA
  
  1.
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 05-Dec-2020 19:42:34 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
https://pluralistic.net/2020/12/05/trusting-trust/

> WARNING WARNING WARNING WARNING

> Security researchers are alarmed: the already-notorious Trickbot malware has been spottied probing infected computers to find out which version of UEFI they're running. This is read as evidence that Trickbot has figured out how to pull off a really scary feat.

Source: https://mamot.fr/@pluralistic/105329139472008620

#Security #UEFI #BIOS #TPM #Trusted-Computing

CC: @mangeurdenuage @geniusmusing @musicman

It's a long article, but well worth your time.
In conversation Saturday, 05-Dec-2020 19:42:34 UTC from web permalink
Attachments
1. Pluralistic: 05 Dec 2020
  
  from Cory Doctorow
2. Cory Doctorow's linkblog (@pluralistic@mamot.fr)
  
  from Cory Doctorow's linkblog
  
  Attached: 1 image WARNING WARNING WARNING WARNING This is a long-ass thread, even by my long-ass standards. If you'd prefer to read it on the web, here you go: https://pluralistic.net/2020/12/05/trusting-trust/ WARNING WARNING WARNING WARNING Security researchers are alarmed: the already-notorious Trickbot malware has been spottied probing infected computers to find out which version of UEFI they're running. This is read as evidence that Trickbot has figured out how to pull off a really scary feat. 1/
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Friday, 20-Nov-2020 23:49:34 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

"So you want to get into Infosec?"

https://hackers.town/@thegibson/105243991039588873 Some links to discounted or free training in that thread.

#infosec #security #training #education
In conversation Friday, 20-Nov-2020 23:49:34 UTC from web permalink
Attachments
1. The_Gibson: APT 3319 (@thegibson@hackers.town)
  
  from The_Gibson: APT 3319
  
  Content warning: So you want to get into infosec?
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 05-Nov-2020 17:03:48 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
- aab
@aab has found something to block some traffic from unwanted portscans: https://dodweil.us/security/ufw-fail2ban-portscan.html

#security #NoteToSelf

In conversation Thursday, 05-Nov-2020 17:03:48 UTC from web permalink
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 01-Nov-2020 17:06:34 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
- GeniusMusing
@geniusmusing See https://hackers.town/@devrandom/105136083240782878

#security
In conversation Sunday, 01-Nov-2020 17:06:34 UTC from mustard permalink
Attachments
1. /DΞV/ЯДИDФM (@devrandom@hackers.town)
  
  from /DΞV/ЯДИDФM
  
  Attached: 1 image Oh. This could be “fun”.
Sami Lehtinen (sl@loadaverage.org)'s status on Sunday, 01-Nov-2020 12:20:39 UTC Sami Lehtinen
Remote profile options...

#NAT #slipstreaming https://samy.pl/slipstream/
#Internet #security #MSS #MTU #ALG #WebRTC #TURN #TCP #UDP #SIP #FTP #DCC #pptp #h323 #attack #exploit
In conversation Sunday, 01-Nov-2020 12:20:39 UTC from loadaverage.org permalink
Attachments
1. Samy Kamkar - NAT Slipstreaming
  
  exploit NAT/firewalls to access TCP/UDP services bound on a victim machine

Before

Feeds

Federati Nu: Federated N-series GNU Social is a social network, courtesy of Federati Networks. It runs on GNU social, version 2.0.0-dev, available under the GNU Affero General Public License.

All Federati Nu: Federated N-series GNU Social content and data are available under the Creative Commons Attribution 3.0 license.

Switch to mobile site layout.