Category: CyberSec / ITSec / Sicherheit / Security / SPAM

what if – instead of security – Google wants mass surveillance and a direct uplink to the US-Pentagon to blow all “terrorists” (basically anyone who is against Google) to hell? What if? as long as EVIL pays off (incentive) this […]

SecurityLab, [04.06.20 15:05] The Chinese-language cybercrime group Cycldek (also known as Goblin Panda or Conimes) has developed the malicious tool USBCulprit to carry out attacks on physically isolated systems and steal confidential data. Cycldek APT has developed a malware for […]

the nice: NAT is nice as it provides some form of protection/shielding of vms from the internet, by placing the host between (doing all the fire walling) the problem: server is exposed to regular dovecot and exim password bruteforce attempts, […]

KEEP BLUETOOTH OFF AT ALL TIMES! (switch it on when you need it and off when done (file transfer etc)) also saves energy on phones does usage of stylish ear bud bluetooth headsets increases security risk? (Bluetooth permanent on) this […]

ah oh! Debian says the problem is fixed in many versions. The table below lists information on source packages. Make sure to keep all internet facing systems as up to date as possible. this bug might be critical for all […]

guess with it-security and internet-security (internet = roads, cars = computers that users use every day) it is like with real-life-security – there is no 100% security. all users of a system are in constant potential danger of having an […]

SecurityLab, [21.04.20 15:35] Bitdefender experts have reported a malicious campaign against oil and gas companies. Attackers use targeted phishing and send emails to victims on behalf of logistics companies and engineering contractors. The goal of the campaign is to infect […]

Debian Security Advisory DSA-4655-1 firefox-esr — security update Date Reported: 08 Apr 2020 Affected Packages: firefox-esr Vulnerable: Yes Security database references: In Mitre’s CVE dictionary: CVE-2020-6821, CVE-2020-6822, CVE-2020-6825. More information: Multiple security issues have been found in the Mozilla Firefox […]

Videos: ssh thanks for sharing even when the audio is pretty crappy. slides (hard to read on video) can be found here: https://degabriele.info/slides/SSH_CCS_16.pdf “dropbear” is ambedded ssh server Made in Australia (wiki) also available as Android App naming: a “dropbear” […]

SecurityLab, [26.03.20 08:10] The largest free hosting provider on the darknet, Daniel’s Hosting, was hacked for the second time in 16 months, and stopped working on Wednesday, March 25. Unknown attackers deleted the entire database of the hosting provider, as […]

SecurityLab, [24.03.20 08: 05] Cybercriminals hack Windows PCs through a previously unknown vulnerability in the Adobe Type Manager library (atmfd.dll) used by the operating system to process PostScript type 1 fonts. Microsoft described attacks exploiting this vulnerability as “targeted” and […]

Weapons of Mac Destruction: MACs OSX no longer safe? Apple takes it security seriously iOS secured locked down “blackbox” zero days exist against fully patched iOS devices: at the same time the lock down makes it almost impossible for user […]

No. 1 Emotet — 36 026 samples Trojan was first discovered 2014 and was used to intercept data transferred via a secure connection. We will remind, in September of this year Emotet came back to life after 4 months of […]

SecurityLab, [24.12.19 10: 05] An attempt by Chinese farmers to fight drones infecting pigs with African plague has disabled the navigation systems of some aircraft. According to the South China Morning Post, an unauthorized GPS signal jamming device was installed […]

“As explained previously, this flaw could allow a remote attacker to execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.” https://thehackernews.com/2020/02/microsoft-windows-updates.html

now WITH SPICY COMMENTS X-D SecurityLab, [22.12.19 12:40] A Twitter user using the alias 08Tc3wBB created tfp0-an exploit that allows you to jailbreak the latest iPhone models with IOS 13.3. The functionality of the exploit has already been confirmed by […]

firewall & pinguin: iptables where do thou go? it is said that when using “ip-sets” iptables and nftables achieve almost same performance (amounts of ips possible to block, without server becoming slow/unresponsive) Redhat and nftables on DDoS “so the only […]

SecurityLab, [25.11.19 15:44] The Creator of the world wide web Tim Berners-Lee (Tim Berners-Lee) presented an action plan to protect the network from political manipulation, fake news, privacy violations and other harmful influences. Tim Berners-Lee: “control of information is hugely […]

for security reasons highly recommended: always keep Thunderbird up to date (go to … then it should start downloading the update automatically if there is any) DISABLE JAVASCRIPT! X-D get to Thunderbird’s preferences (in any language edition): if the “Edit” […]

SecurityLab, [22.11.19 08:23] French company Edenred reported a cyberattack using malware that affected an unknown number of computer systems. The company has launched an investigation to determine the extent of the contamination. Payment solution provider Edenred has been the victim […]

Pwn2Own 2020: opening a pdf can be enough to compromise system! https://youtu.be/u1udr7j9MQA?t=359 90% of companies DO NOT NEED JavaScript or macros to run in PDF but still it is there… and Adobe knows about it: “JavaScripts in PDFs as a […]

new Russian IT Security updates: thanks to https://www.securitylab.ru/ and https://translate.yandex.com/   SecurityLab, [06.11.19 16:12] The Libarchive compression library, which is included by default in Debian, Ubuntu, Gentoo, Arch Linux, FreeBSD, and NetBSD distributions, contains a vulnerability that allows an attacker […]

SecurityLab, [01.11.19 15:21] Google has released fixes for two vulnerabilities in Chrome, including a zero-day vulnerability exploited in real-world attacks. The issues are fixed in browser version 78.0.3904.87 for Windows, Mac and Linux, and users are strongly advised to install […]

A lot of things are not “Rocket Science” but Rocket Science is Rocket Science, which means: it involves solving a lot of technical problems. And just as in car racing… things are fast dangerous and sometimes crash… which gives it […]

All users are strongly encouraged to upgrade to the latest versions of PHP 7.3.11 and PHP 7.2.24. Vulnerability in PHP7 exposes sites to remote hacking risk The problem only applies to NGINX servers with PHP-FPM enabled. image A dangerous vulnerability […]

BitPaymer attack has blocked the work of the industrial giant Pilz one of the largest manufacturers of industrial automation tools Pilz GmbH & Co. KG Type GmbH & Co. KG Industry Automation technology Founded 1948 Headquarters Ostfildern , Germany Revenue […]

Another reason to NOT trust EVERY human task to machines… unless one wants to get killed by a robot dressed up as dinosaur. “great” X-D “Japanese travel agent H. I. S. Group ignored warnings about a vulnerability in its Tapia […]

“In the popular series of wireless keyboards Fujitsu LX390 found two dangerous vulnerabilities. According to researchers from the company SySS, exploitation of vulnerabilities allows nearby attackers to “spy” passwords entered on the keyboard, or even to seize control of the […]

  update: Emotet trying to spread by WIFI since 2018 https://thehackernews.com/2020/02/emotet-malware-wifi-hacking.html BUT ALSO VIA PDF! on the heise security conference last year was said: Virus Scanners since around 10 years are not sufficient anymore. (heise a computer focused news outlet […]

what IT can learn from nature: (src) mostly US users affected. Big Business: Big Companies and Big Money can afford Big Staff to maintain and secure their products, but they also provide Big Infrastructure (AWS, Office) and thus a single […]