Notices tagged with security, page 33

infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Friday, 26-Apr-2019 10:01:59 EDT infosec-handbook.eu

"WooCommerce Checkout Manager" plugin for WooCommerce (WordPress), used by 60,000+ websites, vulnerable to arbitrary file uploads:
https://thehackernews.com/2019/04/wordpress-woocommerce-security.html
– the latest version of WooCommerce Checkout Manager (4.2.6) is still vulnerable to this
– there is no patch available
– mitigation: disable the "Categorize Uploaded Files" option in the setting, or disable the plugin completely
#woocommerce #wordpress #vulnerability #0day #zeroday #infosec #cybersecurity #security

In conversation Friday, 26-Apr-2019 10:01:59 EDT from mastodon.at permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Tuesday, 23-Apr-2019 23:59:32 EDT infosec-handbook.eu

Popular WordPress plugin "Social Warfare" actively exploited:
https://thehackernews.com/2019/04/wordpress-plugin-hacking.html
– last month, Social Warfare 3.5.3 was released, containing fixes for 2 security vulnerabilities (XSS, RCE)
– 37,000 WP websites out of 42,000 active sites use the outdated, vulnerable version
– update to Social Warfare 3.5.3
#wordpress #plugin #vulnerability #socialwarfare #infosec #security #cybersecurity

In conversation Tuesday, 23-Apr-2019 23:59:32 EDT from mastodon.at permalink
Thomas (tpheine@mstdn.io)'s status on Tuesday, 23-Apr-2019 12:17:24 EDT Thomas

Question: is #Mastodon the only #Fediverse service that offers #2FA? #Pixelfed? #Pleroma? #Friendica? #Diaspora? 🤔
#AskTheFediverse #Security

In conversation Tuesday, 23-Apr-2019 12:17:24 EDT from mstdn.io permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Monday, 22-Apr-2019 11:38:41 EDT infosec-handbook.eu

"Can I use my U2F security token for sudo instead of entering passwords?": Yes, you can.
We just updated our 2018 article about using a Yubico Security Key for local 2FA via PAM:
https://infosec-handbook.eu/blog/yubikey-2fa-pam/
– besides YubiKeys, you can also use Nitrokeys, or SoloKeys
– there are many more scenarios for U2F/WebAuthn
– post your own scenarios to help others
#u2f #webauthn #infosec #cybersecurity #security #yubikey #nitrokey #solokey #gdm #sudo

In conversation Monday, 22-Apr-2019 11:38:41 EDT from mastodon.at permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Monday, 22-Apr-2019 03:19:51 EDT infosec-handbook.eu

Steve Gibson on HTML pings:
"Imperva research has uncovered a DDoS attack […] to perform distributed denial of services attacks […]. In one attack, which peaked at 7500 requests per second, a total of 70 million requests were generated from approximately 4,000 IP address over the course of 4 hours."
See: https://grc.com/sn/SN-710-Notes.pdf
So, HTML pings (which are there for many years) are not only bad for privacy but also for security.
#html5 #ping #tracking #security #stevegibson #securitynow

In conversation Monday, 22-Apr-2019 03:19:51 EDT from mastodon.at permalink
ar.al🌻 (aral@mastodon.ar.al)'s status on Monday, 15-Apr-2019 09:16:55 EDT ar.al🌻

Just popped up on my XPS 13 updates:
“This update integrates the BIOSConnect feature into Dell SupportAssist OS Recovery. This feature connects the system to the Dell image server to download and recover the operating system.”
Umm… how about no, Dell, do not connect my BIOS to the Internet thank you very much.
Wtf is wrong with these people? *smh*
#security #privacy

In conversation Monday, 15-Apr-2019 09:16:55 EDT from mastodon.ar.al permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Sunday, 14-Apr-2019 00:55:21 EDT infosec-handbook.eu

Microsoft–compromised MS support agent account used to access e-mail accounts of customers:
https://techcrunch.com/2019/04/13/microsoft-support-agent-email-hack/
– Microsoft confirmed that "a limited number of people" had their accounts compromised
– affected are @msn.com and @hotmail.com accounts; no enterprise customers are affected
– the breach occurred between January 1 and March 28
#microsoft #databreach #breach #dataleak #leak #infosec #cybersecurity #security

In conversation Sunday, 14-Apr-2019 00:55:21 EDT from mastodon.at permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Thursday, 11-Apr-2019 23:46:01 EDT infosec-handbook.eu

Matrix.org publishes timeline after security breach:
https://matrix.org/blog/2019/04/11/security-incident/
– the attacker exploited vulnerabilities in Jenkins
– the attacker had full database access, including access to unencrypted content like private messages, passwords hashes, access tokens
– Matrix.org recommends changing your password (including NickServ password)
#matrix #breach #infosec #cybersecurity #security

In conversation Thursday, 11-Apr-2019 23:46:01 EDT from mastodon.at permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Thursday, 04-Apr-2019 23:44:19 EDT infosec-handbook.eu

Thousands of D-Link routers have been hacked to redirect their DNS traffic:
https://www.zdnet.com/article/hacker-group-has-been-hijacking-dns-traffic-on-d-link-routers-for-three-months/
– nearly 15,000 D-Link routers are affected, mostly DSL-2640B
– other affected manufacturers are TOTOLINK, and Secutech
– hacked routers modify the DNS settings of connected devices to redirect victims to malicious websites
#dlink #totolink #secutech #router #vulnerability #dsl2640b #infosec #cybersecurity #security #dns #dnschanger

In conversation Thursday, 04-Apr-2019 23:44:19 EDT from mastodon.at permalink
Gokulakrishna (gkrishnaks@framapiaf.org)'s status on Friday, 29-Mar-2019 05:03:39 EDT Gokulakrishna
- Yale Privacy Lab
Cloud Firewall addon is now featured in AlternativesTo article!
https://alternativeto.net/software/cloud-firewall/
#CloudFirewall #Privacy #Security #Decentralization #Cloud
Gitlab (which is in GCP..) and install link available at :
https://framapiaf.org/@gkrishnaks/101727497214557035
cc @privacylab
In conversation Friday, 29-Mar-2019 05:03:39 EDT from framapiaf.org permalink
Attachments
1. Invalid filename.
  
  Cloud Firewall for Web and Firefox - AlternativeTo.net
  
  from AlternativeTo
  
  Cloud Firewall is a browser extension/addon that allows users to block connections to sites, pages and web resources (images, videos, etc) hosted in major cloud services if the user wishes to do so. Example 1: If...
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Friday, 29-Mar-2019 00:36:43 EDT infosec-handbook.eu

Newly disclosed SQL injection in widespread e-commerce platform Magento:
https://www.ambionics.io/blog/magento-sqli
– according to the article, Magento 2.2.x/2.3.x is affected
– attackers can read anything from the database, including password hashes
– fixed in Magento 2.3.1 (along with many other vulnerabilities)
– besides, Magento 2.2.8 and 2.1.17 were released
#magento #ecommerce #cms #infosec #cybersecurity #security

In conversation Friday, 29-Mar-2019 00:36:43 EDT from mastodon.at permalink
codesections (codesections@fosstodon.org)'s status on Thursday, 28-Mar-2019 14:04:27 EDT codesections
- cancel
@cancel
> If you have some established track record with security auditing then email me cancel@cancel.fm (my PGP key is on keybase) and I will grant access to the source code.
I don't have a security background, but I hope someone else can help. I'll boost this toot to see if we can find one of the great #infosec and #security folks in the fediverse.
The fact you've build a native discord/slack replacement is incredibly awesome, and I really hope someone can help with an audit of ripcord!

In conversation Thursday, 28-Mar-2019 14:04:27 EDT from fosstodon.org permalink
Hex (hexmasteen@chaos.social)'s status on Wednesday, 27-Mar-2019 01:45:26 EDT Hex

They talk about #security without specifying what a system or user should be protected from. I don't get it. #SecurityByDesign

In conversation Wednesday, 27-Mar-2019 01:45:26 EDT from chaos.social permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Tuesday, 26-Mar-2019 01:19:06 EDT infosec-handbook.eu

Compromissed ASUS update servers delivered signed malware to hundreds of thousands of customers in 2018:
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
– it is a targeted attack since the malware is only active if your device has certain MAC addresses
– most victims are in Russia, Germany, and France
– technical details, and affected MAC addresses: https://securelist.com/operation-shadowhammer/89992/
#asus #supplychain #attack #malware #update #security #infosec #cybersecurity #shadowhammer
In conversation Tuesday, 26-Mar-2019 01:19:06 EDT from mastodon.at permalink
Attachments
1. Invalid filename.
  
  Operation ShadowHammer
  
  By GReAT from Securelist - English - Global - securelist.com
  
  Operation ShadowHammer
ClaudioM (claudiom@mastodon.xyz)'s status on Friday, 22-Mar-2019 11:42:21 EDT ClaudioM

#Firefox67 will include an add-on that warns you about breached sites. #mozilla #firefox #foss #floss #security
https://www.bleepingcomputer.com/news/software/mozilla-firefox-67-to-warn-about-breached-sites-using-new-add-on/

In conversation Friday, 22-Mar-2019 11:42:21 EDT from mastodon.xyz permalink
puresick (puresick@toot.cafe)'s status on Friday, 22-Mar-2019 03:18:56 EDT puresick

A few weeks ago:
“Hey, we at Facebook taking privacy serious now.”
Yesterday:
“Facebook saved millions of passwords in plain text”
Just quit.
#facebook #security

In conversation Friday, 22-Mar-2019 03:18:56 EDT from toot.cafe permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Friday, 22-Mar-2019 01:37:24 EDT infosec-handbook.eu

Repos hosted on GitHub and similar platforms often leak crypto secrets and API keys:
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf (PDF file)
– researchers scanned 13% of public GitHub repos
– 100,000 repos contained secrets; thousands of new secrets are leaked every day
– GitHub develops "token scanning" to help removing secrets, however, dedicated scanners like TruffleHog are ineffective according to the paper
#github #gitlab #token #key #leak #infosec #cybersecurity #security #development #trufflehog

In conversation Friday, 22-Mar-2019 01:37:24 EDT from mastodon.at permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 16-Mar-2019 17:13:22 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#CryptoSink #Security Scare
http://www.tuxmachines.org/node/121794

In conversation Saturday, 16-Mar-2019 17:13:22 EDT from pleroma.site permalink
clacke: inhibited exhausted pixie dream boy 🇸🇪🇭🇰💙💛 (clacke@libranet.de)'s status on Saturday, 16-Mar-2019 00:48:16 EDT clacke: inhibited exhausted pixie dream boy 🇸🇪🇭🇰💙💛

mastodon.xyz/@claudiom/1016990…

♲ @claudiom@mastodon.xyz: So you thought that your shiny new #Intel #CPU was secure now that it's hardware-mitigated for #Spectre and #Meltdown?

Let me "spoil" that for you....

So far, AMD and ARM look unaffected.

#spoiler #security #vulnerability

www.zdnet.com/article/all-inte…

In conversation Saturday, 16-Mar-2019 00:48:16 EDT from libranet.de permalink
infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Wednesday, 13-Mar-2019 00:38:06 EDT infosec-handbook.eu

Automatic Certificate Management Environment (ACME) is officially RFC 8555 now:
https://tools.ietf.org/html/rfc8555
"This document describes a protocol that a CA and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation."
#acme #certificate #ca #letsencrypt #infosec #cybersecurity #security #https #rfc8555

In conversation Wednesday, 13-Mar-2019 00:38:06 EDT from mastodon.at permalink

After
Before

Public

Notices tagged with security, page 33