a well faked Mail Attachment.pdf.zip was opened by a team member, infecting a (Windows 10?) PC in the background browser login tokens in the form of cookies & browser passwords were exfiltrated mail attachments are STILL the #No1 threat in […]
(knowing that manually auto-translating Russian CyberSec news to English, is not a feasable concept and need to be automated, but as this blog is non-profit, it is for curiosity.) Booking.com found an authentication vulnerability that allows account hijacking A vulnerability […]
JavaScript screwed up …. AGAIN! (another example for “why is it NOT cool for executable script languages to be allowed to embedd into PDF or any other file format”) used to steal BILLIONS of NF… ucking Ts: https://research.checkpoint.com/2022/how-hackers-make-nfts-disappear/ really should […]
“The biggest network security threat today is a remote code execution exploit for Intel’s Management Engine.” “Every computer with an Intel chipset produced in the last decade would be vulnerable to this exploit, and RCE would give an attacker full […]
Open Source is about enabling users “Amazon, Microsoft, Google” and the White House, want to help make Open Source more secure… https://www.golem.de/news/openssf-150-millionen-us-dollar-sollen-open-source-absichern-2205-165382.html https://www.golem.de/news/openssf-linux-foundation-will-security-praxis-vereinheitlichen-2008-150036.html src of src: “White House OSS Mobilization Plan” 2022: https://openssf.org/blog/2022/05/11/testimony-to-the-us-house-committee-on-science-and-technology/ 2020: “The OpenSSF is a cross-industry collaboration […]
cyber is on heightened alarm levels … ya’ll know why. timeline of a successful attack on the most basic tools like: exiftool cve-2021-22204 (failed to properly validate parsed input) This was reported by a security researcher on April 7, 2021, […]
https://cve.circl.lu/cve/CVE-2019-19781 https://www.healthcare-computing.de/bsi-warnt-vor-schwachstelle-bei-vpn-produkten-von-citrix-a-964940/ https://www.cnblogs.com/lsgxeva/p/12116150.html hits healthcare hospital in Germany, causing death of (at least) 1 person https://www.businessinsider.de/politik/deutschland/hacker-legen-uniklinik-duesseldorf-lahm-staatsanwaltschaft-ermittelt-wegen-todesfall-einer-patientin/
“The Duri malware, for example, uses the Javascript blob technique. The attacks are triggered by visiting a website with the malicious code.” (this could be a well known, sincere, but hacked website) “By downloading, the malware can install itself on […]
0) for security: keep all internet connected devices as up to date as possible! “Freifunk updates its router firmware and closes a critical security vulnerability that could allow attackers to install their own firmware on the devices” (src: heise.de) Also […]
criminals abusing tor for malicous behavior should be blocked, right? “50% of the attacks are leveraging the Tor anonymity service to mask their true origins” https://thehackernews.com/2021/12/new-local-attack-vector-expands-attack.html this could destroy the “honest” part of the network that truly exists, because it […]
update: 2022: ah oh: Pine community in Pain? https://blog.brixit.nl/why-i-left-pine64/ “In February 2021, PINE64 announced the end of the community editions. At this moment, PINE64’s focus shifted from supporting a diverse ecosystem of distributions and software projects around the PinePhone to […]