Vulnerabilities

 

2 Likes

Follow-up:

Guntrader breach perp: I don’t think it’s a crime to dump 111k people’s details online in Google Earth format

3 Likes

[W]e must embrace the “data minimisation principle” – the idea that only necessary personal data should be collected and retained. We also need an approach that minimises centralised data collection, and gives more control to individuals.

:+1:

4 Likes

https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444

6 Likes

I suppose it’s human nature to try and exploit a resource until it collapses. Seems CVE-1999-0517 is still out there.

“For quite a while, this focus on the core business processes worked pretty well,” Rudis continues, suggesting that executives have their confirmation bias dopamine fix reinforced year after year by not having down time or breaches.
“Organisations also try to keep capital investments (computer systems) going for as long as possible with as little interaction (updates) as possible,” he says.

We used to call that Technical Debt.; I know frightening examples that have cost businesses hundreds of millions of dollars. Part of me knows I should be running OpenBSD on everything but…

containers… VM’s… 3D… shiny things…

2 Likes

Far right registrar and web hosting company Epik just got pwned by Anonymous.

More details:

Twitter thread:

The press release:
https://4chan.partyvan.epikfail.win:55899/

8 Likes

Actually, if it’s coming in via email, we most likely will stop it…

1 Like
4 Likes
9 Likes
4 Likes