KasTas

joined 11 months ago
sorted by: new top controversial old
Clone2Leak: Your Git Credentials Belong To Us in c/[email protected]
[–] [email protected] 1 points 1 week ago

So, cloning a malicious repository on GitHub Codespaces using GitHub CLI will always leak the access token to the attacker’s hosts.

baha

2
Clone2Leak: Your Git Credentials Belong To Us (flatt.tech)
7
Remote code execution on public RSync <3.4.0 servers (www.bleepingcomputer.com)
16
OpenWRT ditches opkg, goes apk (Alpine) (forum.openwrt.org)
6
PyPI now supports digital attestations - The Python Package Index Blog (blog.pypi.org)
Gedimas be interneto paliko 120 įstaigų: rizikas prognozavo, bet plano B nebuvo in c/[email protected]
[–] [email protected] 3 points 2 months ago

Kas turbūt su lietuviškaisiais incidentais labiausiai ir erzina... normalus postmortemas būtų naudingas visiems. O "viskas gerai, sutvarkėm" - tik subinės dangstymas lapais :(

Blemba, kuičiau BGP istoriją, tai lyg ir nieko įdomesnio, kaip kažkoks dingęs subnetas, nesugebėjau rasti.

4
Windows infected with backdoored Linux VMs in new phishing attacks (www.bleepingcomputer.com)
 

Laughed my ass off:

"Since QEMU is a legitimate tool that is also digitally signed, Windows does not raise any alarms about it running, and security tools cannot scrutinize what malicious programs are running inside the virtual machine."

2
Gedimas be interneto paliko 120 įstaigų: rizikas prognozavo, bet plano B nebuvo (www.lrt.lt)
 

Tai užpylė serverinę priešgaisriniai čiaupai ar ne? :}

2024 Conference in c/[email protected]
[–] [email protected] 1 points 3 months ago (1 children)

What about 38C3 this year? :}

7
Attacking UNIX Systems via CUPS, Part I (www.evilsocket.net)
9
US following EU lead: financial institutions have 30 days to disclose breaches under new rules (arstechnica.com)
14
BreachForums, a key English-language cybercrime forum, seized by the FBI (cyberscoop.com)
Novel attack against virtually all VPN apps neuters their entire purpose in c/[email protected]
[–] [email protected] 1 points 9 months ago

Excerpt on impact:

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It’s also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server.

2
Novel attack against virtually all VPN apps neuters their entire purpose (arstechnica.com)
11
eScan AV updates were delivered over HTTP for five years. (arstechnica.com)
Subject: backdoor in upstream xz/liblzma leading to ssh server compromise in c/[email protected]
[–] [email protected] 3 points 10 months ago

yay, signed patches

4
A new filesystem for pidfds [LWN.net] (lwn.net)
view more: next ›