Notices tagged with security

Brian Ó (blacksam@social.gibberfish.org)'s status on Friday, 29-Mar-2024 14:15:44 EDT Brian Ó

https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/

#linux #xz #backdoor #security
In conversation about a year ago from social.gibberfish.org permalink
Attachments
1. Red Hat warns of backdoor in XZ tools used by most Linux distros
  
  from BleepingComputer
  
  Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Tuesday, 08-Aug-2023 13:50:18 EDT lnxw48a1

UK election registry breached from 2021 onward. https://www.bbc.co.uk/news/uk-politics-66441010 [www bbc co uk]

#security
In conversation Tuesday, 08-Aug-2023 13:50:18 EDT from nu.federati.net permalink
Attachments
1. Cyber-attack on UK's electoral registers revealed
  
  from BBC News
  
  The Electoral Commission warns the public to be vigilant for unauthorised use of their personal data.
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Thursday, 03-Aug-2023 14:35:45 EDT lnxw48a1

Tenable CEO slams #Microsoft for not being transparent and fast to act on #Azure #Active_Directory #security holes https://nu.federati.net/url/291175 [www databreachtoday com]
In conversation Thursday, 03-Aug-2023 14:35:45 EDT from nu.federati.net permalink
Attachments
1. Tenable CEO Slams Microsoft for Failing to Quickly Patch Bug
  
  Tenable CEO Amit Yoran once again accused Microsoft of irresponsible security practices, this time for letting a critical Azure vulnerability stay unpatched for
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 30-Jul-2023 22:14:30 EDT lnxw48a1

#US Senator: #Microsoft negligent in #security #breach that affected Syate Dept., #USDOJ and rest of #USGovt should hold them accountable. https://nu.federati.net/url/291129 [arstechnica com]
In conversation Sunday, 30-Jul-2023 22:14:30 EDT from nu.federati.net permalink
Attachments
1. US senator blasts Microsoft for “negligent cybersecurity practices”
  
  from Ars Technica
  
  Rebuke follows recent breach that exposed email accounts of US federal officials.
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Wednesday, 12-Jul-2023 18:42:34 EDT lnxw48a1

#Security

#Microsoft_365 breached by #China

See thread starting at https://cyberplace.social/@GossiTheDog/110700908976946435 ... https://cyberplace.social/@GossiTheDog/110702046297147809

> For anybody interested - the “acquired Microsoft account (MSA) consumer signing key” used in this must have come from inside Microsoft’s internal network. -- https://cyberplace.social/@GossiTheDog/110702228469010595

Includes the following links:

* https://nu.federati.net/url/290987 [msrc microsoft com]

* https://nu.federati.net/url/290988 [edition cnn com]

* https://nu.federati.net/url/290989 [www cisa gov | pdf]

* https://www.wsj.com/articles/chinese-hackers-spied-on-state-department-13a09f03 [www wsj com]

#US_Govt #Microsoft #MSFT #Azure #Office_365 #penetration #Outlook #Exchange #cloud
In conversation Wednesday, 12-Jul-2023 18:42:34 EDT from nu.federati.net permalink
Attachments
1. China-based hackers breached US government email accounts, Microsoft and White House say | CNN Politics
  
  from CNN
2. Chinese Hackers Spied on State Department
  
  from WSJ
  
  The State Department was among the federal agencies compromised in a newly discovered Chinese hacking campaign, according to people familiar with the matter.
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Tuesday, 18-Apr-2023 00:19:31 EDT lnxw48a1
- clacke: inhibited exhausted pixie dream boy 🇸🇪🇭🇰💙💛
Seen via @clacke:

https://nondeterministic.computer/@mjg59/110216984788495049

> If you installed a Linux system with disk encryption more than a couple of years ago, there's a decent chance it's using a weak key derivation function and someone who cares enough would be in a position to brute-force it. https://mjg59.dreamwidth.org/66429.html has more details and instructions on how to update to a better KDF.

#Linux #LUKS #security #encryption #privacy

In conversation Tuesday, 18-Apr-2023 00:19:31 EDT from nu.federati.net permalink
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 12-Mar-2023 00:49:24 EST lnxw48a1

School district data breach involves student data, but law does not require notification https://infosec.exchange/@PogoWasRight/110005462926344518

https://nu.federati.net/url/289870 [www databreaches net]

#security #ransomware #security_breach
In conversation Sunday, 12-Mar-2023 00:49:24 EST from nu.federati.net permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  Highly sensitive files from Berkeley County Schools dumped by ransomware gang
  
  By Dissent from DataBreaches.net
  
  Highly sensitive files from Berkeley County Schools dumped by ransomware gang
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Wednesday, 14-Dec-2022 17:35:42 EST lnxw48a1

#Ubuntu #security notice: #Emacs flaw allows code execution. https://ubuntu.com/security/notices/USN-5781-1 [ubuntu com]
In conversation Wednesday, 14-Dec-2022 17:35:42 EST from nu.federati.net permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  USN-5781-1: Emacs vulnerability | Ubuntu security notices | Ubuntu
  
  from Ubuntu
  
  Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 04-Dec-2022 22:15:33 EST lnxw48a1

#Mastodon issue for #activitypub-troll denial-of-service vulnerability. https://github.com/mastodon/mastodon/issues/21977 with 2 pull requests. https://github.com/mastodon/mastodon/pull/22025 and https://github.com/mastodon/mastodon/pull/22026

#security
In conversation Sunday, 04-Dec-2022 22:15:33 EST from nu.federati.net permalink
Attachments
1. Any idea to stop activitypub-troll.cf or likewise attacks? · Issue #21977 · mastodon/mastodon
  
  from GitHub
  
  Pitch From about one hour ago, my instance's federated timeline was spammed with contents from activitypub-troll.cf, and the sidekiq queue is full of pulling requests. I have to purge all the t...
2. Fix unbounded recursion in account discovery by ClearlyClaire · Pull Request #22025 · mastodon/mastodon
  
  from GitHub
3. Fix unbounded recursion in account discovery (v3.5 backport) by ClearlyClaire · Pull Request #22026 · mastodon/mastodon
  
  from GitHub
  
  This is a straightforward backport of #22025 to stable-3.5. Some changes were needed for ActivityPub::FetchRemoteAccountService because it's been split into ActivityPub::FetchRemoteActorService bet...
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 04-Dec-2022 17:26:16 EST lnxw48a1
- aab
@administrator @aab I'm just guessing, but it could be related to an exploit someone launched against #Mastodon and #Misskey yesterday. From what I read, it brought several instances to their knees. Misskey released a #security patch yesterday.

In conversation Sunday, 04-Dec-2022 17:26:16 EST from nu.federati.net permalink
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 04-Dec-2022 11:22:39 EST lnxw48a1
in reply to
- lnxw48a1
Tagging this thread with #Fediverse #Security ... whomever made the script obviously read some protocol docs and some source code. With just a little #JavaScript, they were able to knock some #Misskey and #Mastodon instances to their knees.

This isn't the first, and it won't be the last. Remember when someone posted a humongous image and locked up any #GNUSocial instance that tried to download the image? Remember when someone's instance was replaced by some sort of cryptocurrency site and PuSH es from your site to theirs would crash your site because of their site's response? (I'll bet I still have that domain blocked at the firewall.)

We have to stop being naive about the intentions of those in the current migration. The overwhelming majority will have benign, if not good, intentions. But a select few will have bad intentions. Among those intentions is to colonize the Fediverse with #Twitter's culture, to come here and impose that culture of anger and disrespect upon the inhabitants here ... which already happened once with the first wave of people joining #Mastodon instance, except it was Twitter and #Tumblr at that time.

In conversation Sunday, 04-Dec-2022 11:22:39 EST from nu.federati.net permalink
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 23-Oct-2022 03:00:54 EDT lnxw48a1

Oh, good grief, #Microsoft. https://thehackernews.com/2022/10/microsoft-confirms-server.html [thehackernews com]

Source: https://infosec.exchange/@jerry/109213542275494102

#security #breach #Azure #cloud

In conversation Sunday, 23-Oct-2022 03:00:54 EDT from nu.federati.net permalink
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Wednesday, 28-Sep-2022 15:40:42 EDT lnxw48a1

If you are using #Element-iOS , #Element-Android , #Schildichat, or any other #Matrix client powered by matrix-sdk, upgrade now. #Security release is out.

https://nu.federati.net/url/287969 [matrix org]
In conversation Wednesday, 28-Sep-2022 15:40:42 EDT from nu.federati.net permalink
Attachments
1. Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2 | Matrix.org
  
  from Matrix.org
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 11-Jun-2022 16:57:15 EDT lnxw48a1
- GeniusMusing
https://nu.federati.net/url/286651 [arstechnica com]

> Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

> On Thursday, researchers from Intezer and The BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November.

/via @geniusmusing

#security #linux #backdoor #malware
In conversation Saturday, 11-Jun-2022 16:57:15 EDT from nu.federati.net permalink
Attachments
1. New ultra-stealthy Linux backdoor isn’t your everyday malware discovery
  
  from Ars Technica
  
  Symbiote gives remote access to any account. Normal methods don't detect it.
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Wednesday, 20-Apr-2022 19:49:38 EDT lnxw48a1

https://nu.federati.net/url/285943 [it slashdot org] #Lenovo issues #security patches for over 100 Lenovo products.

Source: https://shitposter.club/objects/6f578473-d458-464d-92a8-086d8ce96abb
In conversation Wednesday, 20-Apr-2022 19:49:38 EDT from nu.federati.net permalink
Attachments
1. Hackers Can Infect Over 100 Lenovo Models With Unremovable Malware - Slashdot
  
  Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect. Ars Technica reports: Three vulnerabil...
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 07-Feb-2022 18:26:06 EST lnxw48a1

Some severe flaws in #Cisco small business routers. https://www.theregister.com/2022/02/04/cisco_smb_routers_critical_vulnerabilities/. [www theregister com]
At publication time, some flaws and some models had not yet been patched.
#security
In conversation Monday, 07-Feb-2022 18:26:06 EST from nu.federati.net permalink
Attachments
1. Cisco reveals three critical flaws in small business routers
  
  RV family of routers is in trouble, and fixed software is yet to arrive for some models
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Wednesday, 18-Aug-2021 11:39:54 EDT lnxw48a1
- Rysiekúr Memesson
#T-mobile #security

From 2018: https://nu.federati.net/url/282487

/via @rysiek @rysiek@mastodon.technology
In conversation Wednesday, 18-Aug-2021 11:39:54 EDT from nu.federati.net permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  T-Mobile Austria on Twitter
  
  from Twitter
  
  “@Korni22 @c_pellegrino @PWTooStrong @Telekom_hilft @Korni22 What if this doesn't happen because our security is amazingly good? ^Käthe”
Brad Koehn ☑️ (bkoehn@diaspora.koehn.com)'s status on Friday, 30-Jul-2021 11:20:19 EDT Brad Koehn ☑️

arstechnica.com/gadgets/2021/0…

#security #foss

In conversation Friday, 30-Jul-2021 11:20:19 EDT from friendica.mrpetovan.com permalink
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 25-Apr-2021 02:48:04 EDT lnxw48a1

University of #Minnesota researchers apologize to the #Linux kernel community, ask to restore trust.

https://nu.federati.net/url/280818 [lore kernel org]

#MN #UMN #security

In conversation Sunday, 25-Apr-2021 02:48:04 EDT from nu.federati.net permalink
lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 18-Apr-2021 11:41:27 EDT lnxw48a1
in reply to
- lnxw48a1
Further info: https://news-web.php.net/php.internals/113838

And with the presumed compromise of git.php.net, all future development activities will take place on #GitHub.

#code-hosting #vcs #scm #security #git #php

In conversation Sunday, 18-Apr-2021 11:41:27 EDT from nu.federati.net permalink

Before

Public

Notices tagged with security