KasTas

joined 1 year ago
MODERATOR OF
saugumas
sorted by: new top controversial old
4
New Ubuntu Linux security bypasses require manual mitigations (www.bleepingcomputer.com)
3
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China (gfw.report)
Clone2Leak: Your Git Credentials Belong To Us in c/[email protected]
[–] [email protected] 1 points 3 months ago

So, cloning a malicious repository on GitHub Codespaces using GitHub CLI will always leak the access token to the attacker’s hosts.

baha

2
Clone2Leak: Your Git Credentials Belong To Us (flatt.tech)
7
Remote code execution on public RSync <3.4.0 servers (www.bleepingcomputer.com)
6
PyPI now supports digital attestations - The Python Package Index Blog (blog.pypi.org)
4
Windows infected with backdoored Linux VMs in new phishing attacks (www.bleepingcomputer.com)
 

Laughed my ass off:

"Since QEMU is a legitimate tool that is also digitally signed, Windows does not raise any alarms about it running, and security tools cannot scrutinize what malicious programs are running inside the virtual machine."

2024 Conference in c/[email protected]
[–] [email protected] 1 points 5 months ago (1 children)

What about 38C3 this year? :}

7
Attacking UNIX Systems via CUPS, Part I (www.evilsocket.net)
9
US following EU lead: financial institutions have 30 days to disclose breaches under new rules (arstechnica.com)
14
BreachForums, a key English-language cybercrime forum, seized by the FBI (cyberscoop.com)
Novel attack against virtually all VPN apps neuters their entire purpose in c/[email protected]
[–] [email protected] 1 points 1 year ago

Excerpt on impact:

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It’s also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server.

4
Novel attack against virtually all VPN apps neuters their entire purpose (arstechnica.com)
11
eScan AV updates were delivered over HTTP for five years. (arstechnica.com)
Subject: backdoor in upstream xz/liblzma leading to ssh server compromise in c/[email protected]
[–] [email protected] 3 points 1 year ago

yay, signed patches

4
A new filesystem for pidfds [LWN.net] (lwn.net)
view more: next ›