Mappa dei cavi sottomarini 2023
Questa nuova edizione illustra 529 sistemi di cavi e 1.444 approdi attualmente attivi o in costruzione.
La vera grandezza di un'azienda di successo si vede nella sua capacità di fare pace con i concorrenti, quindi a Natale ricordatevi di fare gli auguri non solo a Gesù, ma anche a Isaac Newton (1643-1727), lo scienziato nato il 25 dicembre, che anche senza droghe era geniale e iperproduttivo come se fosse sotto anfetamine, e scontroso e paranoico come se fosse in crisi d'astinenza.
Elon Musk bashed the German government for providing some help to migrants lost at sea (and promoted a far-right political party with Nazi roots) the same day that the UN revealed that more than 2,500 people have already drowned this year in the Mediterranean. https://www.businessinsider.com/elon-musk-immigration-migrants-germany-far-right-extremism-twitter-x-2023-9
Guardia Costiera libica sperona un gommone con 50 persone a bordo https://www.osservatoriorepressione.info/guardia-costiera-libica-sperona-un-gommone-50-persone-bordo/ #GuardiaCostieralibica #fortezzaeuropa #Dalmondo #migranti
@admin @Csoacartella @hacklabbo
Manca il mese
A PoC for the Ivanti (MobileIron) RCE (CVE-2023-35078) has been uploaded on GitHub: https://github.com/vchan-in/CVE-2023-35078-Exploit-POC
Can anyone confirm this is legit?
Nice introduction article on TETRA CVEs affecting all the encrypted security radio communications.
A clear violation of the Kerckhoff's principle:
https://mastodon.uno/@ildisinformatico/110790524693536276
The Midnight Blue team published a preliminary report on
https://tetraburst.com/
Important reminder ⚠️
If you have used our platform in the past, please ensure that you add at at least one additional authentication provider NOW ☝️👀
Go to https://auth.abuse.ch, log in with your Twitter account and connect at least one addition authentication provider 🔐
Twitter integration on our platform is DEPRECATED and will be removed soon 👇👇👇
Since it seems #Google has decided to uni-laterally force through their new anti-#adblock #DRM euphemistically named "Web environment integrity", I decided to add a little bit of code to my website that blanks out the page and displays a protest message with a link to the firefox download page when you visit it from a browser with this DRM feature. Here's the source inside one toot, feel free to copy and put it at the end of your website's <body> before the closing tag:
A probably #ifsb campaign today:
pdf -> zip -> js
https://app.any.run/tasks/d745ae57-9145-4db5-99a5-fb9c3b109353/
secondary link:
https:// dybseta .com/MySelective
Some big malvertising-to-Cobalt-to-ransomware campaign has been spotted
Sophos: https://news.sophos.com/en-us/2023/07/26/into-the-tank-with-nitrogen/
Bitdefender: https://www.bitdefender.com/blog/labs/abusing-the-ad-network-threat-actors-now-hacking-into-companies-via-search/
Trend Micro: https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html
eSentire: https://www.esentire.com/blog/persistent-connection-established-nitrogen-campaign-leverages-dll-side-loading-technique-for-c2-communication
Security Update Required for Multiple Ubuntu Versions and Derivatives Due to Open VM Tools Vulnerability
Summary
A security vulnerability, identified as CVE-2023-20867, impacts multiple versions of Ubuntu and its derivatives. This issue specifically affects the open-vm-tools software used for virtual machines hosted on VMware. The following Ubuntu versions are affected:
Ubuntu 23.04
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Details
The vulnerability is due to the incorrect handling of certain authentication requests by Open VM Tools. A fully compromised ESXi host could exploit this flaw to bypass host-to-guest authentication, compromising the confidentiality and integrity of the guest virtual machine.
Mitigation
To resolve this issue, users need to update their systems to the following package versions of open-vm-tools:
Ubuntu 23.04: open-vm-tools 2:12.1.5-3ubuntu0.23.04.1
Ubuntu 22.04 LTS: open-vm-tools 2:12.1.5-3~ubuntu0.22.04.2
Ubuntu 20.04 LTS: open-vm-tools 2:11.3.0-2ubuntu0~ubuntu20.04.5
Ubuntu 18.04 LTS (Available with Ubuntu Pro): open-vm-tools 2:11.0.5-4ubuntu0.18.04.3+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro): open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm2
In general, a standard system update should implement all the necessary changes.
For more details on the vulnerability and updates, visit the Ubuntu security notice.
In case you haven’t seen it, this spreadsheet of infosec Mastodon addresses is pretty great. Not sure how up to date it is, but it’s definitely adding to my follow list. https://docs.google.com/spreadsheets/d/1t13k5_cNhP9_TgoUmqDZk2ROkWkF6Bg3O5269vKIqWw/edit
USB pendrives of DOOM.
Inserting them may hack your systems, leading to data theft. NEVER connect untrusted USB devices. Meaning, any devices you are not sure of. https://www.mandiant.com/resources/blog/infected-usb-steal-secrets
L'Illegal Migration Bill e la guerra della Gran Bretagna alle persone migranti https://www.ondarossa.info/redazionali/2023/07/lillegal-migration-bill-e-guerra-della
Due to popular demand, here is a list of the fedi-services that are part of the infosec.* family:
1 - https://infosec.exchange - Glitch-soc fork of Mastodon (this instance does not block threads.net)
2 - https://relay.infosec.exchange - Activitypub relay
3 - https://video.infosec.exchange - Peertube instance (like youtube)
4 - https://infosec.press - WriteFreely blog*
5 - https://pixel.infosec.exchange - Pixelfed instance (like instagram)
6 - https://matrix.infosec.exchange - Synapse (with sliding sync) homeserver*
7 - https://infosec.place - Akkoma instance (like mastodon)
8 - https://infosec.town - iceshrimp instance (like mastodon)
9 - https://infosec.pub - Lemmy instance (like reddit)
10 - https://fedia.io - General interest mbin instance (also like reddit)
11 - https://fedia.social - General interst Iceshrimp instance
12 - https://elk.infosec.exchange - Elk web interface for Mastodon
13 - https://books.infosec.exchange - Bookworym instance (like goodreads)
14 - https://meetups.infosec.exchange (mobilizon)
15 - https://infosec.space - Glitch-soc fork of Mastodon (this instance does
block threads.net)
*indicates the instance authenticates against Infosec.exchange