BUT: only 1.5% of all OpenSSL instances were found to be impacted by this security flaw HeartBleed revival party? why complexity is the enemy: “parser written in C was never properly tested for security problems” says golem.de “The Heartbleed bug would […]
How much is the ? it links to: (which obviously a hacked site?) host einbindung.com einbindung.com has address 119.18.54.44 einbindung.com mail is handled by 0 mail.einbindung.com. running on those servers: role: Hostgator India – Network Division address: Near Kings Park […]
“Attackers could attack Firefox, Firefox ESR, and Thunderbird in certain situations and execute malicious code in the worst case scenario. If this works, they are likely to completely compromise systems. The two web browsers may experience problems with parsing (CVE-2022-40 960 […]
software minimalism is key for stability, maintainability, security and performance so regularly check, what services are running and if they can be disabled/uninstalled 🙂 systemd: systemctl.man.txt # list all units (list can be /searched like less) systemctl # list all […]
“The biggest network security threat today is a remote code execution exploit for Intel’s Management Engine.” “Every computer with an Intel chipset produced in the last decade would be vulnerable to this exploit, and RCE would give an attacker full […]
lancom-systems.de is a major partner of Deutsche Telekom. “Würselen, August 26, 2002 – LANCOM Systems GmbH and Deutsche Telekom AG have agreed to cooperate on the sale of LANCOM Systems products.” https://my.lancom-systems.de/newsroom/presse/archiv/archivansicht/lancom-systems-kooperiert-mit-deutscher-telekom/ that’s how a lot of lancom products end […]
Open Source is about enabling users “Amazon, Microsoft, Google” and the White House, want to help make Open Source more secure… https://www.golem.de/news/openssf-150-millionen-us-dollar-sollen-open-source-absichern-2205-165382.html https://www.golem.de/news/openssf-linux-foundation-will-security-praxis-vereinheitlichen-2008-150036.html src of src: “White House OSS Mobilization Plan” 2022: https://openssf.org/blog/2022/05/11/testimony-to-the-us-house-committee-on-science-and-technology/ 2020: “The OpenSSF is a cross-industry collaboration […]
cyber is on heightened alarm levels … ya’ll know why. timeline of a successful attack on the most basic tools like: exiftool cve-2021-22204 (failed to properly validate parsed input) This was reported by a security researcher on April 7, 2021, […]
https://cve.circl.lu/cve/CVE-2019-19781 https://www.healthcare-computing.de/bsi-warnt-vor-schwachstelle-bei-vpn-produkten-von-citrix-a-964940/ https://www.cnblogs.com/lsgxeva/p/12116150.html hits healthcare hospital in Germany, causing death of (at least) 1 person https://www.businessinsider.de/politik/deutschland/hacker-legen-uniklinik-duesseldorf-lahm-staatsanwaltschaft-ermittelt-wegen-todesfall-einer-patientin/
“The Duri malware, for example, uses the Javascript blob technique. The attacks are triggered by visiting a website with the malicious code.” (this could be a well known, sincere, but hacked website) “By downloading, the malware can install itself on […]
criminals abusing tor for malicous behavior should be blocked, right? “50% of the attacks are leveraging the Tor anonymity service to mask their true origins” https://thehackernews.com/2021/12/new-local-attack-vector-expands-attack.html this could destroy the “honest” part of the network that truly exists, because it […]
update: 2022: ah oh: Pine community in Pain? https://blog.brixit.nl/why-i-left-pine64/ “In February 2021, PINE64 announced the end of the community editions. At this moment, PINE64’s focus shifted from supporting a diverse ecosystem of distributions and software projects around the PinePhone to […]
“log4j is a reliable, fast and flexible logging framework (APIs) written in Java, which is distributed under the Apache Software License.log4j has been ported to the C, C++, C#, Perl, Python, Ruby, and Eiffel languages.” (src: tutorialspoint.com) easy exploitable […]
just for info: this is NOT my PC, not using Windows 10 (Windows 7 only for gaming X-D) what the user sees is a perfectly windows fake update message, that says “Edge Update Version 94.0.4577 (official Version)” so the user […]
warning: no guarantee of completeness! contains ads! (but owner of blog get’s nothing, maybe source of source does) Are the odds against the (itsec) defenders? It certainly feels that way, because no human can ever find all bugs, so Fuzzing […]
affected CPUs: (src: intel.com) Intel® Processors supporting SGX2: Code Name Product Collection Ice Lake Xeon-SP (HCC, XCC) 3rd Gen Intel® Xeon® Scalable processor family Ice Lake 10th Generation Intel® Core™ Processor Family Gemini Lake Intel® Pentium® Processor Silver Series, Intel® […]
the wiki: https://en.wikipedia.org/wiki/OWASP the top 10: https://owasp.org/www-project-top-ten/2017/Top_10.html the ebook: https://github.com/OWASP/owasp-mstg/releases/download/v1.2/OWASP_MSTG-1.2.pdf the text: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration the conferences: https://owasp.org/www-board/ https://www.blackhat.com/us-21/ the costs: https://training.owasp.org/ 2-part Training: $505 Member 2-part Training: $455 * For member discount code contact events ÄT owasp DOOOT com https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/ it’s […]
updates are a bless (fixes to problems, keep system secure from hackerz) but also a curse (it might break things) on systems that follow the UNIX K.I.S.S principle, they should “just work”, to the extreme of (kernel) live patching (currently […]
in short: humans per default, without an education might just be “better” apes. Some parts of mankind behave very primitive and clearly show no signs of higher intelligence or education. The troubles start, when the tools become more and more […]
every user want’s a fast & responsive internet. BIND and DNS – the Phonebook of the internet – Berkeley Internet Name Domain – how to benchmark dns servers (find fastest) – LibreDNS There is nothing more anoying than slow loading […]
Yes! RSS (“Really Simple Syndication“) FEEDs are still a very practical thing to follow certain websites & blogs & news outlets & aggregators & stay current on those platforms. Instead of letting big media outlets shovel news indiscriminately down the […]
“In 2019, spending in the cybersecurity industry reached around $40.8 billion, with forecasts suggesting that the market will eclipse 54 billion U.S. dollars by 2021 as the best-case scenario, taking into account the coronavirus (COVID-19) impact. As many organizations around […]
SecurityLab, [12.01.21 15:23] The developer of the Salaat First (Prayer Times) app, which reminds Muslims when to pray, recorded and sold detailed information about their location to a data broker without the users ‘ knowledge, who in turn sold the […]
why are those data leaks problematic? because scammers and spammers will use this data to even better scam (social engineer) the affected users that is why it is essential to give those platforms (if the user needs them) as little […]
computers are no way perfect: the rise of the machines: who is scared of killer robots? who is scared of doctors, judges and police blindly trusting in AI and computer output? “we are driving in (heavy) rain right now with […]
scroll down to ENGLISH “Zehntausende Mail-Server wegen Exchange-Lücke gehackt. Wegen einer vor wenigen Tagen bekanntgewordenen Sicherheitslücke sind laut US-Medienberichten Zehntausende E-Mail-Server von Unternehmen, Behörden und Bildungseinrichtungen Opfer von Hacker-Attacken geworden. “Deutsche Unternehmen sind im internationalen Vergleich besonders stark von dieser […]
SecurityLab, [22.12.20 10:00] Google has explained the reasons for the massive failure of its services that took place last week. Recall that on December 14 of this year, users around the world for 47 minutes could not access Gmail, YouTube […]
convenience vs security problem: remote support via internet in COVID19 pandemic days is basically a must for many companies, but does it have to run non-stop on computers that control sensitive machines and systems such as energy and water-supply? ABSOLUTELY […]
not sure if the news rang through… the Amazon Cloud (AWS) guy will be the new CEO of Amazon. What cloud? Amazon “cloud” Hetzner “cloud” cloud (centralized digital infrastructure) can be designed / implemented in different ways. from: the user/admin […]
SecurityLab, [03.12.20 11:15] Vulnerabilities in open source software can go undetected for more than four years before being discovered. According to the GitHub State of the Octoverse annual report, the use of open source projects, components, and libraries is more […]