Category: CyberSec / ITSec / Sicherheit / Security / SPAM

2024 is the year + SuperCharge IT processes with OpenSource + GNU Linux + kvm + there is still more potential + Intel Xeon vs AMD EPYC vs Altra ARM CPU vs Apple M1 benchmark battle! + M$ Office for GNU Linux
30.03.2024

Hetzner is already doing it with very energy efficient Ampere ARM servers delivering world-class-cost-and-energy-saving-virtual-servers. (Gigabyte has them as well UNTESTED!) #SuperCharge #IT processes with #OpenSource + #GNU #Linux (call it #GNU #Linux and give the dude that wrote gcc some […]

GNU Linux howto ssh sshd config hardening security guide
10.03.2024

update: 2024-06: ed25519 is currently “the way to go” ssh can be regarded as “critical core infrastructure” time spend on it’s security is time well spend time + money well invested: https://www.openssh.com https://github.com/openssh current manpage: ssh.man.txt WARNING: this howto guide […]

All Android users: Update, Update, Update
05.12.2023

https://source.android.com/docs/security/bulletin/2023-12-01?hl=en <- unfortunately does not export an RSS feed so a user needs to write a converter-aggregator https://www.heise.de/news/Patchday-Android-Android-11-12-13-und-14-fuer-Schadcode-Attacken-anfaellig-9548839.html as seen in https://www.heise.de/security/rss/alert-news-atom.xml for the news junkies – how to read news in the 21st century (APPs & RSS FEEDS) – […]

the hardcore security challenge any app store faces
05.08.2023

No matter if docker repository called “hub”, Google’s App Store “PlayStore” or Apple’s App Store they are ALL facing the same security problems: https://www.bleepingcomputer.com/news/security/google-explains-how-android-malware-slips-onto-google-play-store/ plus: https://www.bleepingcomputer.com/news/security/thousands-of-android-apks-use-compression-trick-to-thwart-analysis/ what if… a malicious actor uploads an App or docker container that is totaly […]

the positive the negative: bigdata + AI could help early detect cancer | privacy is security – why mass surveillance – German court rules mass bulk data gathering (calls, SMS, IP including location) illegal
31.03.2023

the positive: Okay let’s ALWAYS focus on the positive first: data, the web, free flow of information has given mankind new abilities: online learning-from-each-other (“social learning” one of said to be strong points of humans vs animals) better decision making […]

2023-03 IT Cyber Security Updates – Unfixed Cisco routers, Google ads to distribute malware, Evil Dota 2 game mods, Reddit’s internal documents and source code stolen, Apple zero-day vulnerabilities, malware in images, stealthy malware, fileless malware, SIM-Swapping scammer, Street magic steals crypto, Gootkit malware is actively attacking medical and financial institutions, American Megatrends BMC vulnerabilities, publicly accessible QNAP NAS again at risk, worm via USB drives, first suggested attacks on quantum cryptography, hurray for the cloud: misconfigured cloud database leaked data on ALL Australien citizens (spell it “klaut” wich is German for “steal”), Hackers modify DNS settings to redirect victims to malicious via vulnerable WiFi routers
05.03.2023

(knowing that manually auto-translating Russian CyberSec news to English, is not a feasable concept and need to be automated, but as this blog is non-profit, it is for curiosity.) Booking.com found an authentication vulnerability that allows account hijacking A vulnerability […]

Stop using Telegram – it is not safe – at all
22.02.2023

“know in some countries they believe Telegram is safe. I will show you how safe it is,” he said, before showing a screen in which he appeared to scroll through the Telegram contacts of one Kenyan strategist https://www.theguardian.com/world/2023/feb/15/revealed-disinformation-team-jorge-claim-meddling-elections-tal-hanan

Rust vs Go – Open Source is about enabling users – Rust lang will complement C around the GNU Linux Kernel (for better safety) “Amazon, Microsoft, Google” and the White House, want to make Open Source more secure
16.05.2022

Open Source is about enabling users “Amazon, Microsoft, Google” and the White House, want to help make Open Source more secure… https://www.golem.de/news/openssf-150-millionen-us-dollar-sollen-open-source-absichern-2205-165382.html https://www.golem.de/news/openssf-linux-foundation-will-security-praxis-vereinheitlichen-2008-150036.html src of src: “White House OSS Mobilization Plan” 2022: https://openssf.org/blog/2022/05/11/testimony-to-the-us-house-committee-on-science-and-technology/ 2020: “The OpenSSF is a cross-industry collaboration […]

FreeBSD based Citrix VPN hacked in massive hostpital healthcare hack in Germany CVE 2019 19781 – hits healthcare hospital in Germany, causing death of (at least) 1 person
27.04.2022

https://cve.circl.lu/cve/CVE-2019-19781 https://www.healthcare-computing.de/bsi-warnt-vor-schwachstelle-bei-vpn-produkten-von-citrix-a-964940/ https://www.cnblogs.com/lsgxeva/p/12116150.html hits healthcare hospital in Germany, causing death of (at least) 1 person https://www.businessinsider.de/politik/deutschland/hacker-legen-uniklinik-duesseldorf-lahm-staatsanwaltschaft-ermittelt-wegen-todesfall-einer-patientin/