Security

629 readers
6 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
LinearArray@programming.dev
listing: all - local
1
8
Microsoft starts developing tools to prevent another global IT outage (www.axios.com)
submitted 1 day ago by kryllic@programming.dev to c/security@programming.dev
1 comments fedilink
 
 

Microsoft is creating new capabilities that will let security vendors operate outside of the root of Windows operating systems.

2
39
1.3 million Android-based TV boxes backdoored; researchers still don’t know how (arstechnica.com)
submitted 2 days ago by kryllic@programming.dev to c/security@programming.dev
12 comments fedilink
 
 

Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.

3
0
CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems (seclists.org)
submitted 2 months ago by 0x0@programming.dev to c/security@programming.dev
3 comments fedilink
 
 

Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.

4
0
Cloudflare's recent blog regarding polyfill shows that Cloudflare never authorized Polyfill to use their name in their product (blog.cloudflare.com)
submitted 2 months ago by kryllic@programming.dev to c/security@programming.dev
0 comments fedilink
 
 

Contrary to what is stated on the polyfill.io website, Cloudflare has never recommended the polyfill.io service or authorized their use of Cloudflare’s name on their website. We have asked them to remove the false statement, and they have, so far, ignored our requests. This is yet another warning sign that they cannot be trusted.