Suche
Beiträge, die mit InfoSec getaggt sind
For me reading this post took about 10 minutes since I not only read but I also processed and checked references and I tooted about it immediately
It is quite sobering to read something this horrific happening in an Open Source project of this magnitude of volume
This is something you would expect in closed source not open source; it's like a shower with 0° degrees Celsius of water flowing over you 0° in the depth of the coldest Siberian winter
security.opensuse.org/2025/05/…
#openSUSE #Linux #POSIX #OpenSource #programming
#Deepin #frightmare #Infosec #nightmare #elmStreet
Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation
At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions.Matthias Gerstner (SUSE Security Team Blog)
References:
openSUSE security Guide Lines for Packaging
#openSUSE #Linux #POSIX #OpenSource #programming
#Deepin #frightmare #Infosec #nightmare #elmStreet
en.opensuse.org/openSUSE:Packa…
This is where the depth of the deception became clear
>>
The review of this component was also what led us to the discovery of the deepin-feature-enable whitelisting bypass, since we installed the full Deepin desktop environment for the first time in a long time, which triggered the “license agreement” dialog described above. After finding out about this, we decided that it was time to reassess the overall topic of Deepin in openSUSE based on our long-standing experiences.
<<
#openSUSE #Linux #POSIX #OpenSource #programming
#Deepin #frightmare #Infosec #nightmare #elmStreet
More excerpts
>>
Sadly the review of deepin-app-services was another chaotic case, one that is actually still unfinished. Even understanding the purpose of this D-Bus service was difficult, because there wasn’t really any design documentation or purpose description of the component. From looking at the D-Bus service implementation, we judged that it is a kind of system wide configuration store for Deepin. Contrary to most other Deepin D-Bus services, this one is not running as root but as a dedicated unprivileged service user.
<<
This reads like a horror novel but it's actually happening! Unbelievable how this has harmed a distro with many dedicated users!
security.opensuse.org/2025/05/…
#openSUSE #Linux #POSIX #OpenSource #programming
#Deepin #wtf #frightmare #Infosec #nightmare #elmStreet
Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation
At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions.Matthias Gerstner (SUSE Security Team Blog)
Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation
At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions.Matthias Gerstner (SUSE Security Team Blog)
Microsoft Copilot for SharePoint just made recon a whole lot easier. 🚨
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
It opened the door to credentials, internal docs, and more.
All without triggering access logs or alerts.
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
That’s a problem.
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
📌Read it here: pentestpartners.com/security-b…
#RedTeam #OffSec #AIsecurity #Microsoft365 #SharePoint #MicrosoftCopilot #InfoSec #CloudSecurity
Exploiting Copilot AI for SharePoint | Pen Test Partners
TL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insuf…Jack Barradell-Johns (Pen Test Partners)
This article shows that DSA has finally been removed
#SSH #openSSH #DSA #programming #coding #OpenSource #openBSD #BSD #secureShell #Infosec
undeadly.org/cgi?action=articl…
An unimportant remnant of the past has been removed from open SSH;
DSA.
Read about it in this article the next article linked will show you that it has been removed finally
#SSH #openSSH #DSA #programming #coding #OpenSource #openBSD #BSD #secureShell #Infosec
undeadly.org/cgi?action=articl…
I love it when employers install creepware #surveillance nonsense because they have zero respect for their employees, and end up publishing 21 million internal screenshots to the web instead, leaking their most sensitive information.
Very nice, no issues.
#cybersecurity #infosec #assholeBoss
“Employee monitoring app leaks 21 million screenshots in real time”
#infosec people, THIS is big and you need it in front of management RIGHT NOW.
MITRE has informed the CVE board members that effective TONIGHT, funding to run CVE and CWE is effectively gone. The US federal government contracts MITRE to run these programs including both management, operations, and infrastructure.
This not only could but almost certainly will result in disruptions to CVE and CWE including a halt of all operations if new contracts/funding are not secured.
I want you to meet Anubis
This is a wonderful tool, a powerful program designed against artificial intelligence large language models theft of resources.
It's not perfect, it's not finished this is an ongoing onslaught by the LLM Bots
#DDoS #LLM #bots #infosec #OpenAI #Linux #KDE #GitHub #GitLab #sh #AI
🖋️ #bash #MX #mxLinux #sh #zsh #ksh #csh #tksh #fish #distro #Linux #POSIX #fresh #programming
Anubis: self hostable scraper defense software | Anubis
Weigh the soul of incoming HTTP requests using proof-of-work to stop AI crawlersanubis.techaro.lol
Don't just move phishing emails to your spam folder. Make sure to also report scammers to someone who can get them into trouble.
In the UK, you can forward emails to the Suspicious Email Reporting Service: report@phishing.gov.uk. They will analyse the suspect email and take appropriate action.
actionfraud.police.uk/report-p…
#spam #email #phishing #internet #scam #cybersecurity #infosec
Is someone in #infosec connected to Instant Offices (company operating co-working spaces) in UK and other countries?
They're leaking data through one of their subsidiaries and @bucketchallenge would like to talk to them....
P.S. Strongly recommend to have a security.txt (en.wikipedia.org/wiki/Security…).
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #13/2025 is out!
It includes the following and much more:
➝ DNA of 15 Million People for Sale in #23andMe Bankruptcy,
➝ #Trump administration accidentally texted a journalist its war plans,
➝ Critical Ingress #NGINX controller vulnerability allows RCE without authentication,
➝ #Cyberattack hits Ukraine's state railway,
➝ Troy Hunt's Mailchimp account was successfully phished,
➝ #OpenAI Offering $100K Bounties for Critical #Vulnerabilities,
➝ #Meta AI is now available in #WhatsApp for users in 41 European countries... and cannot be turned off
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
infosec-mashup.santolaria.net/…
🕵🏻♂️ [InfoSec MASHUP] 13/2025
DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway,…X’s InfoSec Newsletter
A wild ZWSP appears!
In case you’re not fluent in Unicode and percent-encoding: %E2%80%8B is a zero-width-space, an invisible character which helps set line-breaks correctly.
It seems that broken links with ZWSPs or unicode control characters like the left-to-right mark are a widespread problem, opening a door to cybersquatting.
Or may I suggest the name ‘typography squatting’?
#Signal #SignalApp #Android #Google #PlayStore #GrapheneOS #GitHub #TypoSquatting #CyberSquatting #TypographySquatting #InfoSec #Security #CyberSecurity
Do you remember the place .mobi?
Have you read this article? it's so incredible that this was actually possible and simple to become admin of .mobi
I'm re-reading it
labs.watchtowr.com/we-spent-20…
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries.Benjamin Harris (watchTowr Labs)
Passkeys. 👀
- I don't know (enough) about them (25%, 108 Stimmen)
- I know about them, but don't use them (42%, 178 Stimmen)
- I use them, but find them confusing (12%, 54 Stimmen)
- I use them and find not them confusing (19%, 82 Stimmen)
Mastodon friends, I've heard a few suggestions of companies moving from US cloud providers to those based in the EU, due to risks with the Trump administration/Cloud Act, etc.
Has anyone come across any businesses that have made the leap recently? Feel free to DM or message on Signal, mattburgess.20