heise online English<p>regreSSHion gap: New SSH feature offers protection, proof of concept is none</p><p>A Qualys researcher explained the severity of the problem in an interview with heise security. A major new OpenSSH function additionally secures the service.</p><p><a href="https://www.heise.de/en/background/regreSSHion-gap-New-SSH-feature-offers-protection-proof-of-concept-is-none-9788421.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/background/regreSS</span><span class="invisible">Hion-gap-New-SSH-feature-offers-protection-proof-of-concept-is-none-9788421.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Recent searches
No recent searches
Search options
Not available on vocalounge.cafe.
vocalounge.cafe is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance specializing in Vocaloid, UTAU, and anything relevant to vocalsynth culture.
Administered by:
Server stats:
37active users
vocalounge.cafe: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#exploit
0 posts · 0 participants · 0 posts today
iX Magazin<p>heise+ | Schwachstellenanalyse: Wie man Zero-Day-Exploits findet – ein Beispiel</p><p>Es gibt prominente Fälle bislang unbekannter Schwachstellen, die Tausende IT-Systeme kompromittieren. Diese Zero-Day-Exploits sind der Schrecken der IT-Welt.</p><p><a href="https://www.heise.de/hintergrund/Schwachstellenanalyse-Wie-man-Zero-Day-Exploits-findet-ein-Beispiel-9985671.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/hintergrund/Schwachst</span><span class="invisible">ellenanalyse-Wie-man-Zero-Day-Exploits-findet-ein-Beispiel-9985671.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://social.heise.de/tags/IdentityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentityManagement</span></a> <a href="https://social.heise.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
heise Security<p>FortiManager-Update schließt offenbar bereits attackierte Sicherheitslücke</p><p>Ohne öffentliche Informationen hat Fortinet Updates für FortiManager veröffentlicht. Sie schließen offenbar attackierte Sicherheitslücken.</p><p><a href="https://www.heise.de/news/FortiManager-Update-schliesst-offenbar-bereits-attackierte-Sicherheitsluecke-9990393.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/FortiManager-Upd</span><span class="invisible">ate-schliesst-offenbar-bereits-attackierte-Sicherheitsluecke-9990393.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Netzpalaver<p><a href="https://social.tchncs.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a>: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich - Open-Source - Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen?</p><p>Statement von Zac Warren, <a href="https://social.tchncs.de/tags/Tanium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tanium</span></a> </p><p><a href="https://social.tchncs.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.tchncs.de/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoor</span></a> <a href="https://social.tchncs.de/tags/OpenSourceSoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSourceSoftware</span></a> <a href="https://social.tchncs.de/tags/Developer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Developer</span></a> <a href="https://social.tchncs.de/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://social.tchncs.de/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.tchncs.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.tchncs.de/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.tchncs.de/tags/Patching" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Patching</span></a> <a href="https://social.tchncs.de/tags/Schwachstelle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Schwachstelle</span></a> <a href="https://social.tchncs.de/tags/Cybersicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersicherheit</span></a></p>
Jason D. Moss 🇨🇦<p>"A vulnerability with a 9.9 CVSS indicates a low complexity to exploit and signs are pointing to the flaw existing at the core of the system ... Considering this is Linux, the scope of this vulnerability is massive and successful exploitation could be devastating ..." // <span class="h-card" translate="no"><a href="https://fosstodon.org/@brian_fox" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>brian_fox</span></a></span> </p><p><span class="h-card" translate="no"><a href="https://geeknews.chat/@theregister" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>theregister</span></a></span> <a href="https://mastodon.online/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mastodon.online/tags/Bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bug</span></a> <a href="https://mastodon.online/tags/Doomsday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Doomsday</span></a> <a href="https://mastodon.online/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <br><a href="https://www.theregister.com/2024/09/26/unauthenticated_rce_bug_linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2024/09/26/una</span><span class="invisible">uthenticated_rce_bug_linux/</span></a></p>
IAintShootinMis<p>Who is paying attention to <a href="https://digitaldarkage.cc/tags/EvilSocket" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EvilSocket</span></a> on X and wheres the conversation happening? I'd like to follow whoever's mastodon is talking about it. </p><p>If no one is, then there is a <a href="https://digitaldarkage.cc/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> unauth <a href="https://digitaldarkage.cc/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> being disclosed to openwall on the 30th. </p><p>Appears to affect Linux and <a href="https://digitaldarkage.cc/tags/BSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSD</span></a> with a 9.9 CVSS score. </p><p>From reading X thread seems to be not kernel or user space. Assuming protocol implementation? </p><p><a href="https://x.com/evilsocket/status/1838169889330135132" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">x.com/evilsocket/status/183816</span><span class="invisible">9889330135132</span></a></p><p><a href="https://digitaldarkage.cc/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://digitaldarkage.cc/tags/Vuln" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vuln</span></a> <a href="https://digitaldarkage.cc/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://digitaldarkage.cc/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://digitaldarkage.cc/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a></p>
Netzpalaver<p><a href="https://social.tchncs.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a>: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich - Open-Source - Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen?</p><p>Statement von Harold Butzbach, <a href="https://social.tchncs.de/tags/Sysdig" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sysdig</span></a></p><p><a href="https://social.tchncs.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.tchncs.de/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoor</span></a> <a href="https://social.tchncs.de/tags/OpenSourceSoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSourceSoftware</span></a> <a href="https://social.tchncs.de/tags/Developer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Developer</span></a> <a href="https://social.tchncs.de/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://social.tchncs.de/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.tchncs.de/tags/TimeBomb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TimeBomb</span></a> <a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.tchncs.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.tchncs.de/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.tchncs.de/tags/Cybersicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersicherheit</span></a> <a href="https://social.tchncs.de/tags/OpenSourceCommunity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSourceCommunity</span></a></p>
Netzpalaver<p><a href="https://social.tchncs.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a>: Reports that cybercriminals are infiltrating open source software with dangerous exploits or backdoors are on the rise. Is there a security time bomb ticking in freely available software? How can developers in particular protect themselves against dangerous backdoors or malware?</p><p>Statement from Nico Dekens, SANS Institute</p><p><a href="https://social.tchncs.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.tchncs.de/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoor</span></a> <a href="https://social.tchncs.de/tags/OpenSourceSoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSourceSoftware</span></a> <a href="https://social.tchncs.de/tags/Developer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Developer</span></a> <a href="https://social.tchncs.de/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://social.tchncs.de/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.tchncs.de/tags/TimeBomb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TimeBomb</span></a> <a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.tchncs.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.tchncs.de/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.tchncs.de/tags/Cybersicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersicherheit</span></a> <br>@SANSInstitute <a href="https://social.tchncs.de/tags/Code" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Code</span></a></p>
DansLeRuSH ᴱᶰ<p>Useful against attempts to exploit <a href="https://floss.social/tags/SSHD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSHD</span></a> :</p><p>« <a href="https://floss.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> introduces options to penalize undesirable behavior […] In a recent commit, Damien Miller (<span class="h-card" translate="no"><a href="https://cybervillains.com/@djm" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>djm</span></a></span>) introduced the new SSHD configurations options, "PerSourcePenalties" and "PerSourcePenaltyExemptList", to provide a built in facility in SSHD itself to penalize undesirable behavior, and to shield specific clients from penalty, respectively »</p><p>› <a href="https://undeadly.org/cgi?action=article;sid=20240607042157" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20240607042157</span></a> </p><p><a href="https://floss.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://floss.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://floss.social/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a></p>
Soatok Dreamseeker<p>Six months of non-response and then hides the disclosure, still doesn't fix it, and still hasn't communicated at all.</p><p>So early in the year, and we have a contender for Lamest Vendor Response already?</p><p><a href="https://furry.engineer/tags/PwnieAwards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PwnieAwards</span></a> <a href="https://furry.engineer/tags/Pwnies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pwnies</span></a> <a href="https://furry.engineer/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://furry.engineer/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> -_-</p>
Free Software Foundation<p>Does your device have [critical vulnerabilities that only the manufacturer may remove?](<a href="https://u.fsf.org/42a" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">u.fsf.org/42a</span><span class="invisible"></span></a>)? If so, try GNU, as well as other freedom-respecting software, today! Enjoy DRM-free usability; the freedom to study, tinker, and identify malicious code before it reaches your device; the freedom to fix and repair; the freedom to patch; the freedom to share and sell; enjoy all these freedoms and more! Try GNU now: <a href="https://www.gnu.org/gnu/gnu.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">gnu.org/gnu/gnu.html</span><span class="invisible"></span></a> <a href="https://hostux.social/tags/GNU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GNU</span></a> <a href="https://hostux.social/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> <a href="https://hostux.social/tags/iMessage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iMessage</span></a> <a href="https://hostux.social/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> ;)</p>
Greg Lloyd<p><span class="h-card" translate="no"><a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>arstechnica</span></a></span> 🧵Triangulation exploit</p><p>A deep dive into a remarkable Apple silicon exploit that threaded a needle through four zero-day CVE vulnerabilities to own an iPhone or Mac that read a poisoned iMessage.</p><p><a href="https://federate.social/tags/kaspersky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kaspersky</span></a> <a href="https://federate.social/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> <a href="https://federate.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Marcus "MajorLinux" Summers<p>Yet again, go update yo shit!</p><p>iOS 17.0.3 fixes security breach that had been actively exploited <a href="https://9to5mac.com/2023/10/04/ios-17-0-3-security-breach-exploit/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5mac.com/2023/10/04/ios-17-</span><span class="invisible">0-3-security-breach-exploit/</span></a></p><p><a href="https://toot.majorshouse.com/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iOS</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://toot.majorshouse.com/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a></p>
Marco Ivaldi<p>Escaping the Google <a href="https://infosec.exchange/tags/kCTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kCTF</span></a> Container with a Data-Only <a href="https://infosec.exchange/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a></p><p><a href="https://h0mbre.github.io/kCTF_Data_Only_Exploit/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">h0mbre.github.io/kCTF_Data_Onl</span><span class="invisible">y_Exploit/</span></a></p>
John Scott-Railton ☕<p>3/. This kind of exploit delivery through injection DOES NOT require a target to click as our collaborator, the brilliant <br>Maddie stone points out in her post.</p><p>It's a seriously dangerous kind of attack & hard to protect against.</p><p><a href="https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.google/threat-analysis-gr</span><span class="invisible">oup/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/</span></a></p><p><a href="https://mastodon.social/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a> <a href="https://mastodon.social/tags/spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spyware</span></a> <a href="https://mastodon.social/tags/predator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>predator</span></a> <a href="https://mastodon.social/tags/zeroday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zeroday</span></a> <a href="https://mastodon.social/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a><br><span class="h-card" translate="no"><a href="https://mastodon.social/@citizenlab" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>citizenlab</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@maddiestone" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>maddiestone</span></a></span></p>
CatSalad🐈🥗 (D.Burch) :blobcatrainbow:<p>If you use <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a>, do not forget to update <a href="https://play.google.com/store/apps/details?id=com.google.android.webview" rel="nofollow noopener noreferrer" target="_blank">Webview</a> along with your browser apps to fix the libwebp vulnerability currently being exploited in the wild.</p><p>💥<a href="https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">stackdiary.com/critical-vulner</span><span class="invisible">ability-in-webp-codec-cve-2023-4863/</span></a></p><p>One alternate method for downloading the update is to use <a href="https://apkpure.com/android-system-webview/com.google.android.webview" rel="nofollow noopener noreferrer" target="_blank">ApkPure</a>, but intermediate Android knowledge is needed because of possible <a href="https://apkpure.com/trichrome-library/com.google.android.trichromelibrary" rel="nofollow noopener noreferrer" target="_blank">Trichrome library</a> requirement on newer devices.</p><p><a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/libwebp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>libwebp</span></a> <a href="https://infosec.exchange/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://infosec.exchange/tags/Webview" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Webview</span></a> <a href="https://infosec.exchange/tags/CVE_2023_4863" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2023_4863</span></a> <a href="https://infosec.exchange/tags/CVE20234863" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE20234863</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/Trichrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trichrome</span></a> <a href="https://infosec.exchange/tags/CatSalad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CatSalad</span></a></p>
PrivacyDigest<p>Exploited 0-days, an incomplete fix, and a botched disclosure: <a href="https://mas.to/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://mas.to/tags/snafu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>snafu</span></a> reigns <br><a href="https://mas.to/tags/0day" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>0day</span></a> <a href="https://mas.to/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a><br><a href="https://arstechnica.com/?p=1954819" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=1954819</span><span class="invisible"></span></a></p>
heise Security<p>Jetzt patchen! Cybergangster bauen Botnetz aus Zyxel-Firewalls</p><p>Angreifer attackieren derzeit Firewalls des Netzwerkausrüsters Zyxel. Sicherheitsupdates stehen zum Download bereit. </p><p><a href="https://www.heise.de/news/Jetzt-patchen-Cybergangster-bauen-Botnetz-aus-Zyxel-Firewalls-9154531.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Jetzt-patchen-Cy</span><span class="invisible">bergangster-bauen-Botnetz-aus-Zyxel-Firewalls-9154531.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege</span></a></p><p><a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/Firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Firewall</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://social.heise.de/tags/Updates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Updates</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
PhoenixSerenity<p>Also - <a href="https://mastodon.sdf.org/tags/FuckOff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FuckOff</span></a> with male <a href="https://mastodon.sdf.org/tags/foreign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foreign</span></a> <a href="https://mastodon.sdf.org/tags/tourists" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tourists</span></a> in <a href="https://mastodon.sdf.org/tags/Asia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Asia</span></a> trying to <a href="https://mastodon.sdf.org/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> locals so they become more <a href="https://mastodon.sdf.org/tags/popular" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>popular</span></a> online. Almost NONE of these <a href="https://mastodon.sdf.org/tags/tourist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tourist</span></a> <a href="https://mastodon.sdf.org/tags/FuckARonis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FuckARonis</span></a> donated to ANY meaningful causes on their <a href="https://mastodon.sdf.org/tags/elitist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>elitist</span></a> <a href="https://mastodon.sdf.org/tags/vacations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vacations</span></a> but many had <a href="https://mastodon.sdf.org/tags/NoProblems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NoProblems</span></a> <a href="https://mastodon.sdf.org/tags/exploiting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploiting</span></a> <a href="https://mastodon.sdf.org/tags/ChildSexSlaves" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChildSexSlaves</span></a> - <a href="https://mastodon.sdf.org/tags/WTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WTF</span></a> is wrong with you <a href="https://mastodon.sdf.org/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> & <a href="https://mastodon.sdf.org/tags/NorthAmerica" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NorthAmerica</span></a> - stop letting <a href="https://mastodon.sdf.org/tags/pedophiles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pedophiles</span></a> abuse <a href="https://mastodon.sdf.org/tags/children" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>children</span></a> everywhere!</p><p><a href="https://mastodon.sdf.org/tags/AsianMastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AsianMastodon</span></a> <a href="https://mastodon.sdf.org/tags/FAFO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FAFO</span></a></p>
heise Security<p>Kritische Word-Lücke: Proof-of-Concept-Code veröffentlicht</p><p>Der Entdecker einer kritischen Lücke bei der Anzeige von RTF-Dokumenten hat mit seiner Sicherheitsmeldung auch Proof-of-Concept-Code veröffentlicht.</p><p><a href="https://www.heise.de/news/Kritische-Word-Luecke-Proof-of-Concept-Code-veroeffentlicht-7537267.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Kritische-Word-L</span><span class="invisible">uecke-Proof-of-Concept-Code-veroeffentlicht-7537267.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege</span></a></p><p><a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/MicrosoftOffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftOffice</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
SearchLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload