Elektrine
Log in Register

#security

427 posts · Last used 6h

Back to Timeline
Larvitz
Larvitz :fedora:
@Larvitz@burningboard.net · 6h ago
I'm more than 25 years into IT at this point, but this is a first for me. Not one I'm proud of, but one I take responsibility for: My project ansible_jailexec (an Ansible connection plugin for FreeBSD Jails) had a bug that turned out to be a vulnerability. Improper Link Resolution Before File Access (CWE-59), a jail escape. It's been assigned CVE-2026-55074 so people can scan for it (I know it's bundled into Collections out there). If you're running < 2.0.0: please upgrade. 2.0.0 fixes it. Advisory: https://github.com/chofstede/ansible_jailexec/security/advisories/GHSA-cxgv-hp74-jj7r Release: https://github.com/chofstede/ansible_jailexec/releases/tag/v2.0.0 #ansible #cve #security #freebsd
7
1
6
rincewind
Frank
@rincewind@unseen-university.social · 1d ago
Cron im Podman läuft nicht . Nach etwas Recherche liegt es letztlich an pam_loginuid , da muss man erstmal drauf kommen. Ich hab das ganze einmal genau unter die Lupe genommen und einen neuen Artikel auf dem Blog verfasst. https://just-stuff.blog/cron-laeuft-nicht-im-podman-container/ #blog #linux #podman #docker #freshrss #security
0
0
0
analytics
Kraken
@analytics@social.vir.group · 1d ago
🟢 Diplomacy | 3/10 🇦🇪 🇮🇱 UAE security delegation secretly visited Israel during Iran war Israeli media report that a UAE security delegation secretly visited Israel during the war with Iran. This indicates expanding cooperation between the countries. #OSINT #NewsGroup #UAE #Israel #Iran #Security
0
0
0
Boosted by Trending Bot @trending@homestead.social
bobdahacker
BobDaHacker 🏳️‍⚧️
@bobdahacker@infosec.exchange · 2d ago
✈️ New Blog Post: Your Boarding Pass Is a Skeleton Key. Frontier Airlines Doesn't Care. Frontier's mobile API returns full passport numbers, home addresses, children's DOB, credit card details, and KTNs for any booking. The only auth? A PNR and last name. Printed on every boarding pass. Reported March 3rd. 105 days later, still live. They fixed the least important vuln and ghosted me on the rest. They also updated the website code and somehow made the leaks worse. Full writeup: https://bobdahacker.com/blog/frontier-airlines-hack #InfoSec #BugBounty #ResponsibleDisclosure #FrontierAirlines #Security #CyberSecurity #Privacy #Aviation #PCIDSS #DataExposure
32
0
55
lobsters
Lobsters
@lobsters@mastodon.social · 2d ago
A backdoor in a LinkedIn job offer https://lobste.rs/s/2u1z4w #security https://roman.pt/posts/linkedin-backdoor/
0
0
0
ct_Magazin
c't Magazin
@ct_Magazin@social.heise.de · 2d ago
heise+ | Ubuntus Linux-Bootloader abgespeckt: Weniger Funktionen für mehr Sicherheit Die Ubuntu-Entwickler planen, den Bootloader Grub zu beschneiden: Keine Grafiken mehr, kein LVM, kein RAID, kein Btrfs. Das soll Angriffswege reduzieren. https://www.heise.de/hintergrund/Ubuntus-Linux-Bootloader-abgespeckt-Weniger-Funktionen-fuer-mehr-Sicherheit-11250737.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon #IT #Journal #Linux #Microsoft #SecureBoot #Security #Ubuntu #UEFI #news
2
0
4
heiseonline
heise online
@heiseonline@social.heise.de · 2d ago
Linux 7.1 mit neuem NTFS und FRED erschienen Der neue Kernel Linux 7.1 bringt einen modernen NTFS-Treiber und aktiviert Intels FRED standardmäßig. Zudem erregt der KI-Einsatz bei der Entwicklung Aufsehen. https://www.heise.de/news/Linux-7-1-mit-neuem-NTFS-und-FRED-erschienen-11333467.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon #IT #KünstlicheIntelligenz #Linux #OpenSource #Security #Updates #news
4
0
7
heisec
heise Security
@heisec@social.heise.de · 2d ago
Viel Geduld: Chinese IT-Spione lauerten lange in Forschungseinrichtungen Viel Geduld haben chinesische Angreifer bewiesen: Sie nisteten sich in Redcap-Servern ein, nutzten das aber erst mehr als ein Jahr später voll aus. https://www.heise.de/news/Viel-Geduld-Chinese-IT-Spione-lauerten-lange-in-Forschungseinrichtungen-11333355.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon #Google #IT #Malware #Netzpolitik #Security #Spionage #news
0
0
5
bobdahacker
BobDaHacker 🏳️‍⚧️
@bobdahacker@infosec.exchange · 3d ago
⚽ New Blog Post: I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID. Registered on FIFA's public Agent Platform, got added to their Entra tenant, and accessed the Streaming Management panel for every live World Cup 2026 match. RTMP ingest URLs, stream keys, all five camera angles. Confirmed live in VLC. An attacker could have replaced live camera feeds on TV worldwide. Full writeup: https://bobdahacker.com/blog/fifa-hack #InfoSec #BugBounty #ResponsibleDisclosure #FIFA #WorldCup #Security #CyberSecurity #RTMP #BrokenAccessControl
32
0
59
lobsters
Lobsters
@lobsters@mastodon.social · 3d ago
Users cry foul after AMD stripped memory crypto from its consumer CPUs https://lobste.rs/s/i2cjew #hardware #security https://arstechnica.com/security/2026/06/users-cry-foul-after-amd-stripped-memory-crypto-from-its-consumer-cpus/
0
0
0
lobsters
Lobsters
@lobsters@mastodon.social · 3d ago
curl summer of bliss via @andrewnez@mastodon.social https://lobste.rs/s/uqagn2 #security https://daniel.haxx.se/blog/2026/06/15/curl-summer-of-bliss/
0
0
0
Boosted by Trending Bot @trending@homestead.social
gamingonlinux
Liam @ GamingOnLinux 🐧🎮
@gamingonlinux@mastodon.social · 4d ago
The security situation with the Arch Linux AUR got a lot worse https://www.gamingonlinux.com/2026/06/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse/ #Linux #ArchLinux #Security
13
0
32
lobsters
Lobsters
@lobsters@mastodon.social · 4d ago
Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack https://lobste.rs/s/jlavzd #linux #security https://www.phoronix.com/news/Arch-Linux-AUR-More-Malware
0
0
0
analytics
Kraken
@analytics@social.vir.group · 4d ago
🟢 MiningActivity | 1/10 🇻🇪 Heavy machinery moving to mining areas in Venezuela Heavy machinery and large mining equipment have been observed moving along Troncal 10 in Bolívar State, reportedly bound for mining operations. This follows recent military operations that removed illegal mining groups from several areas. #OSINT #NewsGroup #Venezuela #Mining #Security
0
0
0
In reply to
IanTwenty
@IanTwenty@piefed.social in linux · 5d ago
I think you are absolutely right to examine whether your system defaults to too much convenience versus security for your threat model. For GNOME keyring: Any application can easily read any secret if the keyring is unlocked. And, if a user is logged in, then the login/default collection is unlocked. Available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used by default and would be easy to bypass anyway. The GNOME project disagrees with this vulnerability report because, according to their stated security model, untrusted applications must not be allowed to communicate with the secret service. Applications sandboxed via Flatpak only have filtered access to the session bus. https://wiki.archlinux.org/title/GNOME/Keyring#Security So while flatpaks that play the game are ok everything else is on trust. For the average user perhaps this is the right balance, though your Signal example suggests it’s too lax for anyone nowadays. I would like to see system secrets protected however they are accessed, not just for flatpaks.
0
1
0
krlaboratories
KR. Laboratories 🇺🇦
@krlaboratories@infosec.exchange · Apr 28, 2026
Ще будуть казки про те, що Райффайзен Банк вийшов з росії? "АО "Райффайзенбанк" Статус: Действует" https://cbr.ru/finorg/foinfo/?ogrn=1027739326449 https://1c.raif.ru https://career.raiffeisen.ru https://fw.raiffeisen.ru/ https://ipoteka.raiffeisen.ru/ https://openapi.raif.ru https://pay.raif.ru/ https://payments.raiffeisen.ru/ https://rbru-depository.ru/ https://skidki.raiffeisen.ru/ https://status.raiffeisen.ru/ https://t.me/Raiffeisenbankrus https://vk.com/raiffeisenbankrus https://www.raif.ru https://www.raiffeisen.ru https://www.raiffeisenbank.ru https://www.raiffeisen-media.ru/ https://www.rzb.ru www.raiffeisen.ru Райффайзен досі працює в Україні - це НОНСЕНС. Піпа, ти де?? Андріюк, тут?? Марцінків тут??? ДЕ ВИ??? #Russia #Ukraine #Raiffeisen #banking #security #intelligence #Україна #українці #банки #новини #news
2
0
0
grahamperrin
Graham Perrin
@grahamperrin@mastodon.bsd.cafe · 5d ago
FreeBSD security design flaws | The FreeBSD Forums https://forums.freebsd.org/threads/freebsd-security-design-flaws.102945/ ― Anthropic's model believes FreeBSD has ways to go. Get working! #FreeBSD #security #AI #Anthropic #Claude #Sonnet
1
0
1
rincewind
Frank
@rincewind@unseen-university.social · 6d ago
Neuer Artikel im Blog. :) NTFS-ACL , SELinux und AppArmor: ACLs, SIDs und MIC auf Windows, Type Enforcement und Profile auf Linux – technischer Vergleich der Sicherheitsmodelle beider Betriebssysteme https://just-stuff.blog/ntfs-srm-vs-selinux-apparmor-wer-darf-was-und-warum/ #acl #selinux #apparmor #security #blog #windows #linux
1
0
2
analytics
Kraken
@analytics@social.vir.group · 6d ago
🟡 SecurityOperation | 6/10 🇸🇾 20 arrested for attacks on checkpoints in Kobani region Syrian Interior Ministry announced the arrest of 20 individuals involved in attacks on security checkpoints and headquarters in Al-Awniyah village, Kobani region. #OSINT #NewsGroup #Security #Syria #Kobani
0
0
0
analytics
Kraken
@analytics@social.vir.group · 6d ago
🟡 Assassination Plot Foiled | 7/10 🇮🇶 Iraq foils assassination plot against security service director Iraq's National Security Service foiled a plot to assassinate its director Abdul Karim al-Basri, the Baghdad security director, and other officers. The cell was linked to the 'Iraqi National Assembly for Liberation and Change'. #OSINT #NewsGroup #Iraq #AssassinationPlot #Security
0
0
0