Sensitive content Reveal/hide

ASN: AS209641
Location: Moscow, RU
Added: 2025-12-05T19:52

#shodansafari #infosec

Sensitive content Reveal/hide

ASN: AS1257
Location: Kaunas, LT
Added: 2025-12-03T22:06

#shodansafari #infosec

Translated from German:

Bitdefender: Security vulnerability allows privilege escalation in antivirus software

A security vulnerability in Bitefender Free, Internet Security, Total Security, and Endpoint Security allows local attackers to escalate their privileges.

#InfoSec #PriveledgeEscalation

It's important to fully patch a new Operating System before you start playing with the OS while being online.

Due to the nature of the distribution your initial patch will be significantly larger than one of standard MX Linux don't be alarmed Kali has a beautiful suite of forensic software, which naturally takes space and also needs to be patched

#Programming #networking #Linux #InfoSec #passwords #ASCII #Kali #Mata #X86 #technology

I love 💕 how Mata Kali is configured by default;

zsh
XCFE
custom Dark Theme
light footprint

Since the powerful zsh is the default shell evironment you will fly over the keyboard, esp as a touch typist with all ten fingers

#Programming #networking #Linux #InfoSec #passwords #ASCII #Kali #Mata #X86 #technology

Playing with the power of Mata Kali

#Programming #networking #Linux #InfoSec #passwords #ASCII #Kali #Mata #X86 #technology

PSA: If you use #Nextcloud, make sure to update to the latest server and app versions. They published a bunch of CVEs.

github.com/nextcloud/security-…

#infosec #selfhosting

GitHub

GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.

^GitHub

This one is interesting; the person who founded Blackwater {see Wikipedia} is behind the company which makes the Up phone and uses a former CIA officer to plug the phone

This individual tells you that this phone is fantastic great it's just the most secure phone on the market.

We are on the internet; this is the period of Open large language models making drawings, videos, photos, music based upon petabytes of stolen information

If something sounds and looks too good to be true it usually is

It turns out that this phone is exactly one you should stay away from, if you value your privacy

I'll give you a few links in toots below. Watch the vid, then go and read for yourself

#InfoSec #Android #programming #technology #hardware #security

youtube.com/watch?v=dZU4Pu5oFU…

#MicrosoftOutlook liest nicht nur mit, sondern schickt ALLE #Logins im #Klartext an #Microsoft!

• Wenn dass nicht #MicrosoftOffice #Outlook, #Windows11 & Microsoft selbst als #Malware disqalifiziert dann weiß ich auch nicht...

#Datenschutz #Privatsphäre #Sicherheit #ITsec #InfoSec #OpSec #ComSec #Windows #Govware #Spyware

MICROSOFT liest mit?! 😳💥 – Outlook leitet fremde E-Mails und Logindaten an sich weiter. Deine Auch?

Ich hab’s nicht glauben wollen – bis ich es live gesehen habe: Beim Einrichten eines Nicht-Microsoft-Mailkontos in Outlook baut nicht mein Rechner die direkt...

^YouTube

In case you had not yet seen this elsewhere.

#gmail #ai #privacy #infosec

Increasingly, @signalapp is being criticized by governments and users alike though the only successful compromises have been through bad actors being added to group chats accidentally.

Do NOT follow the narrative that you should move to another chat app if having life-or-death chats. Signal is the ONLY chat app with proper #security for those conversations: #PostQuantumEncryption, #PerfectForwardSecrecy, and a proven track record of privacy in court.

#activism #cybersecurity #InfoSec

Posted Part 2 of my CybersecKyle How-To Series, Everyday Defense: 2FA Rescue & Recovery.

If your phone vanished today, could you still sign in? Build a small kit so a lost phone doesn’t lock you out. Backup codes, spare key, passkeys, and a 60-second drill.

🔗 kylereddoch.me/blog/cybersecky…

#CybersecKyleHowTo #2FA #MFA #Passkeys #Security #InfoSec

CybersecKyle Security How-To Series: Everyday Defense, Part 2: 2FA Rescue and Recovery

Build a recovery kit for your accounts, add a spare authenticator or hardware key, and practice the lost-phone drill so lockouts do not stick.

^{Kyle Reddoch}

You can't use "Beef Stew" as a password as it's not Stroganoff 😟🤷‍♂️

#CyberSecurity #InfoSec #PasswordSecurity

Vuoi dare una spinta alle tue conoscenze sulla cybersecurity? 💥

Dai un’occhiata a questi corsi online gratuiti offerti da università e professionisti del settore, perfetti sia se sei alle prime armi sia se vuoi potenziare le tue competenze! 😎👇

🔐 Tutte le info e le infografiche sulla sicurezza le trovi seguendo il nostro gruppo dedicato:
@sicurezza@diggita.com

#sicurezza #corsi #infosec #techjobs #upskilling #cybersecurity

Under the hood quiet progress to keep your machine secure:

"Fedora Linux 43 will be the first release with RPM 6.0. Like I said, this should go unnoticed to end-users, but it is a significant change. RPM 6.0 provides some interesting security enhancements, like multiple key signing of packages. This should help future-proof package signing as we transition to post-quantum-crypto OpenPGP keys in future releases."

➡️ fedoramagazine.org/announcing-…

#Fedora #Security #InfoSec #Cybersecurity #Linux

Fedora Linux 43 is here! - Fedora Magazine

I’m excited to announce my very first Fedora Linux release as the new Fedora Project Leader. Fedora Linux 43 is here! 43 releases! Wow that’s a lot.

^{Jef Spaleta (Fedora Project)}

I'm doing a mutual aid grocery run for a couple of local DV families if you'd like to chip in. We're at $50/$200. I'll be baking some treats for them too. Please RT for reach. Thanks so much!🙂
C: $Lockdownyourlife
V: lockdownyourlife
ko-fi.com/lockdownyourlife

#MutualAid #tech #infosec #safety #privacy #security

#TLDR: Quad9 will be discontinuing support within DNS-over-HTTPS (DOH) using HTTP/1.1 on December 15, 2025.

Mark your calendar 🗓️ and please share, especially if you know someone who will be affected!

Full story here 👉 quad9.net/news/blog/doh-http-1…

#DOH #DNS #infosec

🔐 Post-Quantum & mein PGP-Keygen:

Die OpenPGP-Community standardisiert gerade hybride Schlüssel, die klassische Algorithmen (z. B. Curve25519) mit post-quantum-sicheren Verfahren (Kyber, Dilithium) kombinieren – im IETF-Draft "OpenPGP mit PQC".

Sobald die Standards in OpenPGP.js verfügbar sind (voraussichtlich 2026), werde ich meinen PGP-Keygen aktualisieren, damit ihr hybride Schlüsselpaare erstellen könnt.

➡️ Mehr Infos: secunis.de/clientseitiger-pgp-…

➡️ IETF-Draft: datatracker.ietf.org/doc/draft…

#PostQuantum #PGP #Privacy #OpenPGP #Infosec #Datenschutz #Privatsphäre

Clientseitiger PGP-Keygen

Warum dieser PGP-Keygen? Jeden Tag verschicken wir E-Mails – doch selten sind…

^Gregor

More Sunday Trivia:

What is the importance of this invention on the development of computation and computing? 🙂

Have you ever used the more modern incarnation? 🤔🤷‍♂️

#InfoSec #Computing #RetroComputing #History

Sunday Trivia Question:

What is this object? 🤔

Describe it's cultural importance in the history of computing 😌🤷‍♂️

#InfoSec #Computing #History #RetroComputing

Hey, @AuswaertigesAmt, ihr wisst schon dass eure #ComSec #pwned wurde?

• Vielleicht solltet ihr eure #SMS über #Iridium verschlüsseln...

Vielleicht mal in OpenSource investieren?

CC: @bsi @Bundesregierung

#ITsec #InfoSec #OpSec #ComSec #Krisenkommunikation #40diplo #Privatsphäre #Datenschutz #Informationssicherheit #Kommunikationssicherheit #DEpol

38C3 - Investigating the Iridium Satellite Network

https://media.ccc.de/v/38c3-investigating-the-iridium-satellite-networkThe Iridium satellite (phone) network is evolving and so is our understanding of it. H...

^YouTube

Was sollte eine Awareness-Phishing Kampagne tun?

Boost erwünscht

#infosec #ITsecurity #phishing #awareness

• Den Nutzer Schocken (100%, 3 votes)
• Möglichst nicht stören (0%, 0 votes)
• Die Nutzerdaten verschlüsseln (0%, 0 votes)
• Automatisch eine Mail versenden (0%, 0 votes)

Several months ago, I found a #vulnerability from #MantisBT - Authentication bypass for some passwords due to PHP type juggling (CVE-2025-47776).

Any account that has a password that results in a hash that matches ^0+[Ee][0-9]+$ can be logged in with a password that matches that regex as well. For example, password comito5 can be used to log in to the affected accounts and thus gain unauthorised access.

The root cause of this bug is the incorrect use of == to match the password hash:

if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password )

The fix is to use === for the comparison.

This vulnerability has existed in MantisBT ever since hashed password support was added (read: decades). MantisBT 2.27.2 and later include a fix to this vulnerability. mantisbt.org/download.php

#CVE_2025_47776 #infosec #cybersecurity

TIL why I can't access release files from open-source projects on GitHub anymore.

It seems that the IP for release-assets.githubusercontent.com got added to ipthreat.net list:

ipthreat.net/ip/185.199.111.13…

Malware is actually being distributed via GitHub, but the majority of repos are probably safe and useful.

By adding the GitHub IPs, the IP threat list becomes unusable. By not-adding them becomes less useful. An interesting dilema.

I guess it's one more reason to migrate your open-source project off GitHub. On the other hand @Codeberg and similar alternatives should take notice and prepare in advance.

#github #ipthreat #infosec

New phishing technique - CoPhish - weaponizes Microsoft Copilot Studio to steal Entra ID OAuth tokens.
Attackers build malicious AI agents hosted on legitimate Microsoft domains, exfiltrating tokens via “Login” flows that appear genuine.
Uses OAuth T1528 techniques + token forwarding through Microsoft IPs for stealth.
🛡️ Detection ideas:
- Monitor consent grants in Entra ID logs.
- Restrict unverified app registrations.
- Disable user app creation.
- Flag Copilot bots using trial tenants or untrusted domains.

How are you tuning detections for AI-driven OAuth phishing?
💬 Share your strategies & follow @technadu for more technical threat intel.

#OAuth #Phishing #Microsoft #Copilot #CloudSecurity #ThreatHunting #AIsecurity #EntraID #MITREATtack #InfoSec #TechNadu

So I went to F-Droid and attempted to download the public transport plugin for Kvaesitso.

And I got a Google Play Protect popup message warning "harmful app detected".

It gave no further details about why this app is harmful.

Does anyone know if this app is harmful? If so how?

Or is this Google being a monopolist and blocking competing open source apps?

#Google #Android #AskFedi #FDroid #GooglePlay #degooglization #degoogleyourlife #Kvaesitso #infosec

Eigentlich wollte das Team Z3 auf der Pwn2Own einen WhatsApp‑Zero‑Click‑Remote‑Code‑Execution‑Zero‑Day demonstrieren. Eine Million Dollar waren als Preisgeld vorgesehen. Aber: Z3 zog sich vom Wettbewerb zurück. Sie wollten die Ergebnisse zunächst den Analysten der ZDI zur Verfügung stellen, bevor das Meta-Team einbezogen wird.

Quelle siehe BiBe enthalten.

#Pwn2Own #infosec #whatsappbug

Wer hat Details dazu, wie sich der #GlassWorm via #Unicode versteckt?

Der Wurm ist sehr ausgefeilt, mich interessiert jedoch dieser Aspekt besonders, weil dadurch angeblich auch "normale" Code-Analyser es nicht erkennen, aber der JavaScript-Interpreter es akzeptiert. Das wurde ich mir gerne mit anderen Interpreten und anderen Editoren ansehen.

Perfekt wäre, wenn jemand den Wurm (oder Teile davon) hätte. Ich nehme aber auch detaillierte Beschreibungen, mit denen ich FAS nachstellen könnte.

#infosec #itsecurity #itsicherheit #Malware #itsec

🦀 I'm excited to announce that I am starting a training firm, @decoderloop, focused on providing Rust Reverse Engineering training! decoderloop.com/

The tools, techniques, and resources that reverse engineers have were built for the era of C. Meanwhile, malware authors and software developers alike are rapidly switching to modern programming languages such as Rust. Decoder Loop is here to fill the knowledge gap and level the playing field, for reverse engineers facing modern binaries.

We hope to come to a conference near you, next year. If you'd like to stay notified on upcoming trainings: follow us at @decoderloop, or sign up on our mailing list at decoderloop.com/contact/#train…

I'll also be at @ringzer0 COUNTERMEASURE on November 7 in Ottawa, Canada, giving a Rust RE focused workshop! Come say hi if you're there, and let's chat Rust RE!

#ReverseEngineering #MalwareAnalysis #rust #rustlang #infosec #training #cybersecurity

WORKSHOP: Reversing a (not-so-) Simple Rust Loader // Cindy Xiao

Rust can be challenging for even experienced reverse engineers. We will reverse a simple Rust malware loader found in the wild with obfuscated strings and a decoy payload, making it a good example for learning Rust reversing concepts like threads, dy…

^Ringzer0

Hey folks, just a reminder I'll be at BSides NoVA this weekend, giving a talk on DNS and domain intel in investigative journalism! It's an intersection of passions for me, so I'm wicked excited.

#infosec #cybersecurity #bsides

bsidesnova-2025.sessionize.com…

Start the Presses! Domain and DNS Intelligence in Investigative Journalism

Across two businesses, dozens of training sessions, and hundreds of grants for access, we’ve spent more than a decade enabling the use of DNS and domain intelligence for investigative journalists.

^{bsidesnova-2025.sessionize.com}

Ich glaube, nachdem nun selbst einige Medien aus dem InfoSec-Bereich die stark nach Humbug riechende SIM-Farm-Geschichte des USSS völlig unkritisch übernommen haben, bin ich wohl gezwungen, den Medienkonsum einiger Medien zu überdenken.

Positiv erwähnt sei Seytonic.

#USpol #USSS #UNGA #NYC #NewYork #SIMFarm #Infosec #Security

Feds are LYING About The SIM Card Plot

Get 20% off DeleteMe US consumer plans when you go to https://joindeleteme.com/seytonic and use promo code SEYTONIC at checkout. DeleteMe International Plans...

^YouTube

Special thanks to @Fuchskind for her Communication Cards under Creative Commons (CC BY-NC-ND) license.

They are beautiful and help people to express their needs.
Therefore we provide printed ones at the osco 2025 to support our participants, if needed.

You can also download them to print them yourself at
fuchskind.de/?nav=download&lan…

#osco #osco25 #CyberSecurity #Security #InfoSec

[seism0saurus]

Es steht eine wichtige Entscheidung auf EU-Ebene zur Chatkontrolle an und die Haltung des @BMDS bleibt im Dunkeln? Transparenz wäre wünschenswert.
Bitterschade.

@netzpolitik_feed netzpolitik.org/2025/chatkontr…

#chatkontrolle #NoEuChatControl #ChatKontrol #eu #infosec

Edit: @BMDS-Handle korrigiert.

Chatkontrolle: Der Digitalminister duckt sich weg

Wenn in Kürze die Entscheidung fällt, ob Europa eine verpflichtende Chatkontrolle bekommt, ist auch die Haltung der Bundesregierung maßgeblich. Doch der Digitalminister mag sich lieber nicht positionieren.

^{netzpolitik.org}

In retrospect, I'm frankly surprised it took so long for someone to name a worm "Shai-Hulud". I should have been waiting for it for years; it seems so obvious in hindsight.

#security #ComputerSecurity #malware #worm #ShaiHulud #infosec

Update mit wichtiger Korrektur zu den betroffenen Versionen!

Sudo vor 1.9.17p1 ermöglicht lokalen Benutzern Root-Zugriff, da /etc/nsswitch.conf aus einem benutzergesteuerten Verzeichnis mit der Option --chroot verwendet wird.

BSI, CISA & andere warnen vor einer kritischen Sicherheitslücke im Linux- und Unix-Dienstprogramm sudo (CVE-2025-32463) .

Diese Schwachstelle ermöglicht es lokalen Angreifern, Zugriffskontrollen zu umgehen und beliebige Befehle als Root-Benutzer auszuführen, auch ohne über explizite sudoers-Rechte zu verfügen.

Prüfen, welche sudo-Variante installiert ist:
sudo -V
ODER
dpkg -l sudo

sudo-Version upgraden:
sudo apt install --only-upgrade sudo

Bis dahin: PC nicht in fremde Hände geben!

security-tracker.debian.org/tr…

sudo.ws/security/advisories/ch…

cybersecuritynews.com/cisa-lin…

#infosec #linux #SudoPrivileges #BeDiS

@AndyW DANKE!

CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks

CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently being exploited in the wild.

^{Florence Nightingale (CybersecurityNews)}

#infosec #cloudsecurity #zerosss #aigovernance #careerplanning

islandinthenet.com/thinking-ab…

Thinking About The Next Five Years - Island in the Net

I’ve mapped out a 5-year plan that tries to reduce the certificaiton treadmill and focuses on the skills that actually matter for what’s coming next.

^{Island in the Net}

Fedi Folk: It's not a scam—it's a run of bad luck. And that has again made it a seriously dire situation.

I've known @catbailey & family for years. She is the real deal. There is nothing shady or skivey going on.

Hire Cat! Whether it's an interest in hiring, a referral, or if you know of a job opening or gig that's available, please contact her!

Finding employment in the present environment, especially for women in tech, is more difficult than ever.

Please do help @catbailey out. She is doing her best and then some. She has a family to take care of.

Status updates: infosec.exchange/@ajn142/11525…

Best to use Venmo/PayPal/CashApp, but GoFundMe is appreciated too and good for higher latency needs.

GoFundMe: gofundme.com/f/aid-for-cat-and…
PayPal: paypal.me/catalystediting
Venmo: @BlackCatHackers
CashApp: $BlackCatOps

#MutualAid
#MutualAidRequest
#InfoSec
#HelpCatAndCo

Caroline Bailey Geld mit PayPal.Me senden

Folgen Sie dem Link PayPal.Me/catalystediting und geben Sie den Betrag ein. Es ist bequem und sicher. Sie haben noch kein PayPal-Konto? Kein Problem.

^PayPal.Me

Falls ihr eine heftige Sicherheitslücke bemerkt:

-> Klappe halten, Fenster schließen.

Ihr könnt in den Knast wandern, eure Existenz verlieren, weil die Flaschenfirma und ignorante Richter und Staatsanwälte euch als Verbrecher sehen wollen.

Es reicht, wenn ein Vorhängeschloss angebracht ist.
Ob der Schlüssel steckt und das Schloss offen ist, interessiert keinen.

Selbst ein Klartext-Passwort oder ein Passwort wie 1234 gilt als "wirksamer Schutz" und ihr werdet zum Hacker.

Wer sich für dieses Gesetz bedanken möchte, sollte die Postkarte an Frau Merkel und Frau Zypries adressieren. Herr Schäuble war damals auch treibende Kraft hinter dem Schwachsinn.

#itsicherheit #Hackerparagraf #datenschutz #hacker #infosec

heise.de/news/Bundesverfassung…

Bundesverfassungsgericht lehnt Beschwerde im Fall Modern Solution ab

Das Bundesverfassungsgericht lehnt es ab, mehr Klarheit in den Umgang mit dem Hackerparagrafen 202 StGB zu bringen.

^{Fabian A. Scherschel (heise online)}

Why use a URL shortener when you can use a phishy URL extender?

phishyurl.com/

Keep your security people alert and awake, generate phishing-looking redirecting links

#infosec