4chan Restored After Hackers Exploited Years of Neglected Tech Debt
#CyberSecurity #4chan #DataBreach #Hacked #Outage #TechDebt #Ghostscript #Moderator #Privacy #InfoSec #SoyjakParty #SecurityVulnerabilities
#securityvulnerabilities
🇬🇧 #Cybercrimeinfo #Newsletter361 provides updates on #cyberthreats, #securityvulnerabilities in #VMware and #WordPress, #ransomware trends, #policeactions, #cryptomoneylaundering, and #darkweb dangers.
Appleの最新世代CPUに新たなサイドチャネル脆弱性が影響 – InfoQ https://www.yayafa.com/2199038/ #Apple #AppleCpuSideChannelSlapFlop #DevOps #SCIENCE #Science&Technology #SecurityVulnerabilities #Technology #セキュリティ #テクノロジー #デベロップメント #科学 #科学&テクノロジー
https://www.walknews.com/791606/ Appleの最新世代CPUに新たなサイドチャネル脆弱性が影響 – InfoQ #Apple #AppleCpuSideChannelSlapFlop #DevOps #Science #Science&Technology #SecurityVulnerabilities #Technology #セキュリティ #テクノロジー #デベロップメント #科学 #科学&テクノロジー
https://www.wacoca.com/news/2431316/ Appleの最新世代CPUに新たなサイドチャネル脆弱性が影響 – InfoQ ##デベロップメント #Apple #AppleCpuSideChannelSlapFlop #DevOps #Science&Technology #ScienceNews #SecurityVulnerabilities #TechnologyNews #セキュリティ #テクノロジー #科学 #科学&テクノロジー
Went on @trtworld over the weekend to provide live commentary on the Crowdstrike global IT outage on the Newshour programme and explain why it isn't an easy fix, as well as why we really should be looking at Microsoft to make changes in order to avoid this happening again. Thanks for the chat Maria Ramos!
Here's a clip from the segment, you can watch the full video here 📹:
https://www.youtube.com/watch?v=NNDg52RPhMY
#Crowdstrike #Crowdstrikeoutage #Microsoft #IToutage #bigtech #kernel #cybersecurity #securityvulnerabilities #technologynews
#vulnerabilities #webapplicationfirewall #waap #ddosattacks #botattacks #owasp #webapplications #webappvulnerabilities #cybersecurity #securityvulnerabilities #apptrana #indusface
It looks like it might be time to replace the network gear. I hate #unifi and the #uniquity platform (named for the ubiquitous #securityvulnerabilities) but I couldn't exactly afford to rip it all out and replace it. That is, until they EOLd the fancy "enterprise-class" gateway I bought 3 years ago. In proper #unifi style it was never actually capable of the enterprise-class features they promoted, but that doesn't mean I'm not using it anyway.
Some quick examples from my 'prosumer' home use. If you turn on traffic inspection, the total throughput drops to about 30%. If you want to add (or disable, or rename) a firewall rule you can expect 5 minutes of reloading where connectivity sometimes just goes spinning beachball.. And I'm not getting into the terrible no good web interface, the increasing push towards monthly subscriptions, or what a mess the guest network setup is.
The only 'enterprise' feature that actually functions is the WAN failover. It doesn't support custom routes or anything, just a choice of 50/50 or failover, but it works.
The question is, do I buy the replacement gateway? It isn't the cost, the thing is cheap, but I just don't want to keep encouraging them. Supposedly the new one can do everything the enterprise one originally claimed, except for the only feature that actually worked.. :rick: (It doesn't do failover, but I only had failover for like a month anyway before elmo went nuts and we cancelled.)
#networking #wifi #selfhosting
Have clients that are still on Ruby versions well beyond #EOL (end-of-life)? For some of them, it may be a lack of budget, staff, or skills to perform system-wide upgrades. Performing #majorVersionUpgrades can be hard, but opening yourself up to known #securityvulnerabilities is more costly in the long run.
If you're still on an old Ruby version, it's past time to upgrade. It's well worth the effort from both a security and a performance perspective!
#Cloudflare, Google & #AWS revealed a new zero-day vulnerability known as the "HTTP/2 Rapid Reset" attack: https://bit.ly/40xtSYA
This attack exploits a weakness in the #HTTP2 protocol to generate enormous #DDoSAttacks, up to almost 400 million rps.
Stay informed with #InfoQ!
Dive into the lessons learned from three major #opensource security events:
1️⃣ The Equifax breach via Struts
2️⃣ The Log4j vulnerabilities
3️⃣ The Spring4Shell exploit
#InfoQ video with #transcript included: https://bit.ly/3EXsy7p
✅Hear about prevention security strategies that help build a more secure solution in the cloud.
✅Learn how to address some security issues as prevention measures rather than having them develop as painful problems.
#InfoQ video by Travis McPeak: https://bit.ly/44Wmw1f
#transcript & Q&A included
⚠️ Beware of "alert fatigue" in your security processes!
Learn why integrating #SoftwareCompositionAnalysis in your CI/CD pipeline is crucial for safeguarding your software from vulnerabilities: https://bit.ly/3LnT6Ci
#InfoQ article by Lukáš Křečan
DeepSec 2023 Talk: Zero-Touch-Pwn: Abusing Zoom’s Zero Touch Provisioning for Remote Attacks on Desk Phones – Moritz Abrell
Cloud communication platforms like Zoom have become a fundamental aspect of modern communication and
https://blog.deepsec.net/deepsec-2023-talk-zero-touch-pwn-abusing-zooms-zero-touch-provisioning-for-remote-attacks-on-desk-phones-moritz-abrell/
#Conference #DeepSec2023 #DesktopPhone #RemoteAttacks #SecurityVulnerabilities #Talk #Zoom #ZoomZeroTouchProvisioning
#SecurityVulnerabilities - According to Check Point, cybercriminals are already using #ChatGPT to develop malicious programs on the Dark Web. It makes it possible for even unskilled threat actors to create functioning #malware.
Learn more on #InfoQ: http://bit.ly/3GMbMbJ
VulChatGPT - An IDA PRO plugin that helps find vulnerabilities in binaries:
https://github.com/ke0z/VulChatGPT
#threatdetection #threatintel
#chatgpt #securityvulnerabilities
#idapro
Just released version 1.4 of git-vuln-finder which fixes an annoying bug with the language detection.
:github: https://github.com/cve-search/git-vuln-finder
:python: https://pypi.org/project/git-vuln-finder/
🌐 https://cve-search.github.io/git-vuln-finder/
What is git-vuln-finder?
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output. The input can be any git repositories or even a GH archive source.
Jetzt wo viele #Neuhier sind: Ein kleiner reminder 2 Faktor Authentifizierung (2FA) zu aktivieren.
So kann niemand euren Account "hacken" sogar wenn er*sie das Passwort kennt oder ihr Opfer von Phishing gewesen seid.
Falls jemand ne Anleitung braucht kann ich gerne hier nochmal was dazu drunter schreiben :)
#securityvulnerabilities #cybersecurity
HIRING: Security Engineer II / Scottsdale, Arizona - https://infosec-jobs.com/job/6256-security-engineer-ii/ #InfoSec #infosecjobs #CyberSecurity #CyberCareer #cyberjobs #encryption #security #jobsearch #techjobs #hiringnow #DNS #Linux #Python #Ruby #securityvulnerabilities #VPNs #vulnerabilities
‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices - A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devi... https://threatpost.com/amnesia33-tcp-ip-flaws-iot-devices/161928/ #securityvulnerabilities #operationaltechnology #internetofthings #vulnerabilities #embeddedsystems #tcp/ipstack #amnesia:33 #opensource #podcasts #routers #tcp/ip #flaws #patch #iot #ot
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst