Category: CyberSec / ITSec / Sicherheit / Security / SPAM

it might be the biggest “cyber” story of the year 2024 already: buy this guy MANY MANY COFFEES! he spotted the problem via know how but also luck 😀 it was a VERY VERY LONG and WILD COMPLEX and HIGHLY […]

Hetzner is already doing it with very energy efficient Ampere ARM servers delivering world-class-cost-and-energy-saving-virtual-servers. (Gigabyte has them as well UNTESTED!) #SuperCharge #IT processes with #OpenSource + #GNU #Linux (call it #GNU #Linux and give the dude that wrote gcc some […]

“execute built-in macros without warning” https://nvd.nist.gov/vuln/detail/CVE-2023-6186 why copy bad concepts aka mistakes? why repeat mistakes? NO MACRO LANG JAVASCRIPT BS SHALL BE EMBEDDABLE IN ANY FORMAT, NOT IN WORD.DOC NOT IN WRITER.ODT NOT FILE.PDF! UNLESS U ACTUALLY GET PAID BY […]

ssh can be regarded as “critical core infrastructure” time spend on it’s security is time well spend time + money well invested: https://www.openssh.com https://github.com/openssh current manpage: ssh.man.txt WARNING: this howto guide IS MOST LIKELY INCOMPLETE! WARNING! WHEN RUNNING THE SCRIPT: […]

this might be the ULTIMATE motivation to make companies (!) (finally?) migrate to GNU Linux? No? ‘The company also plans to publish further findings on the activities in Microsoft’s network in the future. Why the company does not manage to […]

per default Debian (unfortunately) does not log ssh logins (why? afraid of harddisk overflows?) every user and admin wants to see “who and what is going on” the system usefull also for debugging purposes: what if a ssh client is […]

ssh next to https (TLS/SSL) is probably THE most essential building block of secure (unhacked) open source networked computing. CVE-2023-48795  is a (wo)man-in-the-middle-attack, so an attacker would have to sit on the same network (LAN) or somewhere between ssh client […]

vendors & users can do: keep firmware and apps as up to date as possible this requires that vendors also publish patches for critical security problems for old devices (!!! AVM Fritz does it, Samsung & Apple can too!) install […]

https://source.android.com/docs/security/bulletin/2023-12-01?hl=en <- unfortunately does not export an RSS feed so a user needs to write a converter-aggregator https://www.heise.de/news/Patchday-Android-Android-11-12-13-und-14-fuer-Schadcode-Attacken-anfaellig-9548839.html as seen in https://www.heise.de/security/rss/alert-news-atom.xml for the news junkies – how to read news in the 21st century (APPs & RSS FEEDS) – […]

No matter if docker repository called “hub”, Google’s App Store “PlayStore” or Apple’s App Store they are ALL facing the same security problems: https://www.bleepingcomputer.com/news/security/google-explains-how-android-malware-slips-onto-google-play-store/ plus: https://www.bleepingcomputer.com/news/security/thousands-of-android-apks-use-compression-trick-to-thwart-analysis/ what if… a malicious actor uploads an App or docker container that is totaly […]

https://www.youtube.com/watch?v=UheOilps2zQ “know in some countries they believe Telegram is safe. I will show you how safe it is,” he said, before showing a screen in which he appeared to scroll through the Telegram contacts of one Kenyan strategist https://www.theguardian.com/world/2023/feb/15/revealed-disinformation-team-jorge-claim-meddling-elections-tal-hanan SS7 […]

the positive: Okay let’s ALWAYS focus on the positive first: data, the web, free flow of information has given mankind new abilities: online learning-from-each-other (“social learning” one of said to be strong points of humans vs animals) better decision making […]

a well faked Mail Attachment.pdf.zip was opened by a team member, infecting a (Windows 10?) PC in the background browser login tokens in the form of cookies & browser passwords were exfiltrated mail attachments are STILL the #No1 threat in […]

(knowing that manually auto-translating Russian CyberSec news to English, is not a feasable concept and need to be automated, but as this blog is non-profit, it is for curiosity.) Booking.com found an authentication vulnerability that allows account hijacking A vulnerability […]

“know in some countries they believe Telegram is safe. I will show you how safe it is,” he said, before showing a screen in which he appeared to scroll through the Telegram contacts of one Kenyan strategist https://www.theguardian.com/world/2023/feb/15/revealed-disinformation-team-jorge-claim-meddling-elections-tal-hanan

and again: another “Elon Musk will give you bitcoin if you scan this QR code” fake scam live stream of an recorded video in loop 2023-01: (using the same video X-D) this also works so well because youtube allows the […]

JavaScript screwed up …. AGAIN! (another example for “why is it NOT cool for executable script languages to be allowed to embedd into PDF or any other file format”) used to steal BILLIONS of NF… ucking Ts: https://research.checkpoint.com/2022/how-hackers-make-nfts-disappear/ really should […]

BUT: only 1.5% of all OpenSSL instances were found to be impacted by this security flaw HeartBleed revival party? why complexity is the enemy: “parser written in C was never properly tested for security problems” says golem.de “The Heartbleed bug would […]

How much is the ? it links to: (which obviously a hacked site?) host einbindung.com einbindung.com has address 119.18.54.44 einbindung.com mail is handled by 0 mail.einbindung.com. running on those servers: role: Hostgator India – Network Division address: Near Kings Park […]

“Attackers could attack Firefox, Firefox ESR, and Thunderbird in certain situations and execute malicious code in the worst case scenario. If this works, they are likely to completely compromise systems. The two web browsers may experience problems with parsing (CVE-2022-40 960 […]

software minimalism is key for stability, maintainability, security and performance so regularly check, what services are running and if they can be disabled/uninstalled 🙂 systemd: systemctl.man.txt # list all units (list can be /searched like less) systemctl # list all […]

“The biggest network security threat today is a remote code execution exploit for Intel’s Management Engine.” “Every computer with an Intel chipset produced in the last decade would be vulnerable to this exploit, and RCE would give an attacker full […]

lancom-systems.de is a major partner of Deutsche Telekom. “Würselen, August 26, 2002 – LANCOM Systems GmbH and Deutsche Telekom AG have agreed to cooperate on the sale of LANCOM Systems products.” https://my.lancom-systems.de/newsroom/presse/archiv/archivansicht/lancom-systems-kooperiert-mit-deutscher-telekom/ that’s how a lot of lancom products end […]

Open Source is about enabling users “Amazon, Microsoft, Google” and the White House, want to help make Open Source more secure… https://www.golem.de/news/openssf-150-millionen-us-dollar-sollen-open-source-absichern-2205-165382.html https://www.golem.de/news/openssf-linux-foundation-will-security-praxis-vereinheitlichen-2008-150036.html src of src: “White House OSS Mobilization Plan” 2022: https://openssf.org/blog/2022/05/11/testimony-to-the-us-house-committee-on-science-and-technology/ 2020: “The OpenSSF is a cross-industry collaboration […]

cyber is on heightened alarm levels … ya’ll know why. timeline of a successful attack on the most basic tools like: exiftool cve-2021-22204 (failed to properly validate parsed input) This was reported by a security researcher on April 7, 2021, […]

https://cve.circl.lu/cve/CVE-2019-19781 https://www.healthcare-computing.de/bsi-warnt-vor-schwachstelle-bei-vpn-produkten-von-citrix-a-964940/ https://www.cnblogs.com/lsgxeva/p/12116150.html hits healthcare hospital in Germany, causing death of (at least) 1 person https://www.businessinsider.de/politik/deutschland/hacker-legen-uniklinik-duesseldorf-lahm-staatsanwaltschaft-ermittelt-wegen-todesfall-einer-patientin/

“The Duri malware, for example, uses the Javascript blob technique. The attacks are triggered by visiting a website with the malicious code.” (this could be a well known, sincere, but hacked website) “By downloading, the malware can install itself on […]

criminals abusing tor for malicous behavior should be blocked, right? “50% of the attacks are leveraging the Tor anonymity service to mask their true origins” https://thehackernews.com/2021/12/new-local-attack-vector-expands-attack.html this could destroy the “honest” part of the network that truly exists, because it […]

update: 2022: ah oh: Pine community in Pain? https://blog.brixit.nl/why-i-left-pine64/ “In February 2021, PINE64 announced the end of the community editions. At this moment, PINE64’s focus shifted from supporting a diverse ecosystem of distributions and software projects around the PinePhone to […]

  “log4j is a reliable, fast and flexible logging framework (APIs) written in Java, which is distributed under the Apache Software License.log4j has been ported to the C, C++, C#, Perl, Python, Ruby, and Eiffel languages.” (src: tutorialspoint.com) easy exploitable […]