Konto erstellenAnmelden

Frühere Suchanfragen

Keine früheren Suchanfragen

Suchoptionen

Nur verfügbar, wenn angemeldet.
nrw.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Wir sind eine freundliche Mastodon Instanz aus Nordrhein-Westfalen. Ob NRW'ler oder NRW-Sympathifanten, jeder ist hier willkommen.

Verwaltet von:

Serverstatistik:

2,9 Tsd.
aktive Profile

nrw.social: ÜberStatusProfilverzeichnisImpressum/Datenschutz

Mastodon: ÜberApp herunterladenTastenkombinationenQuellcode anzeigenv4.3.6

#cybersec

8 Beiträge6 Beteiligte0 Beiträge heute
Öffentlich
beardedtechguy@infosec:~$

This news today about SAML is something everyone should be watching closely! I posted about it a little bit ago.

Nearly all apps and platforms use SAML for authentication and to have this breach can cause some serious ramifications.

Please be vigilant and security conscious all!

#InfoSec #Security #CyberSec infosec.exchange/@0x40k/114155

Infosec Exchange0x40k (@0x40k@infosec.exchange)Just stumbled across something kinda scary... SAML authentication issues! Now, I know it sounds super technical, but honestly, this affects ANYONE using Single Sign-On. Seriously! Think about logging into Netflix, Google, all that stuff – a lot of it uses SAML. What if someone could just waltz right in pretending to be you? SAML's basically the language websites use to confirm you are who you say you are. And Single Sign-On (SSO) makes it so you only log in once to access everything. Now, about CVEs, they're like wanted posters for security flaws. CVE-2025-25291, CVE-2025-25292, CVE-2025-25293 are the numbers to remember. The problem lies in how XML is being interpreted. Two programs, same code, totally different results – NOT GOOD. Imagine two bouncers checking the same ID, but one lets everyone in, and the other doesn't. Total chaos! As a pentester, I see these "parser differentials" way more often than I'd like. The devil's always in the details, right? Big deal? HUGE. Account Takeover is totally possible! Hackers could swipe your identity. This affects the ruby-saml library – which is frequently used in web applications. Affected versions: < 1.12.4 and >= 1.13.0, < 1.18.0. Huge shoutout to GitHub Security Lab for finding this! They're lifesavers. Good news, though! Updates are here: ruby-saml 1.12.4 and 1.18.0. So, check if your web apps are using ruby-saml. And if they are, UPDATE THEM. Like, NOW. This isn't a joke. Also, regular pentests are worth their weight in GOLD. Automated tools often miss stuff like this. Do you use SAML? What are your experiences with it? How do you secure your web applications? Ever run into similar parsing issues? Let's share info and help keep everyone safe! #infosec #pentesting #security
Öffentlich
thereisnoanderson

NEW - ⛸️🧱🖥️

DCG Domain Blocklist available - last updated 2025/03/06

1692581- Domains blocked with that build !

🦜
🐻
Supercharging your content blocker to increase privacy and security.

All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards

🌳
Ready to use lists combined from many permissively licensed sources.

divested.dev/pages/dnsbl

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #foss
#opensource #android #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss

divested.devDnsbl - Divested Computing
Öffentlich
thereisnoanderson

NEW - 🛡️ 🖥️ 🛡️

Brace Build 2025/03/06 - 1

🦜
🐻
Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.

🌳
Compatibility:
Arch Linux
CentOS 9/Stream
Debian 12
Fedora 39/40/41 (preferred)
openSUSE Tumbleweed
🌳
codeberg.org/divested/brace

#divested
#DivestedComputingGroup
🌳
#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #foss
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #skynet #foss

Zusammenfassungskarte des Repositorys divested/brace
Codeberg.orgbraceToolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.
Öffentlich
Heretical_i

'Back in 2019, the #DHS,which runs USCIS, decided anyone looking to enter the US on a work visa or similar had to hand over their #socialmedia handles to the authorities so that they could be looked over for wrongdoing and subversion.

In fact, this goes back to 2014, at least, to one degree or another, and has been SOP for years for foreigners, particularly those on a visa.' #Immigration #Cybersec

USCIS mulls policing social media of all would-be citizens
theregister.com/2025/03/06/usc

The Register · Uncle Sam mulls policing social media of would-be citizensVon Iain Thomson
Öffentlich
Windows Portable Apps

Digital Check - Create or Check (Verify) Digital Data Offline and in Real Time. (Face and Phone Verification.)
apps.microsoft.com/detail/9pj6
.
#Data #Face #Phone #Check #Verification
#Message #Text #Encryption #Decryption #Cryption #crypter #cypher
#Encrypt #Decrypt #Crypt
#Infosec #netsec #cybersec #CyberSecurity
#windows #windows11 #windows10

Microsoft Store – Apps, Spiele und mehr für Ihren Windows-PC herunterladenDigital Check (Face and Phone Verification) – Herunterladen und Installieren unter Windows | Microsoft StoreDigital Check is an useful app that can be used to create or check (verify) digital data offline and in real time! The app uses custom "Cryption Keys" (Password, Passphrase, Passcode, etc) to encrypt\decrypt users data such as face picture, name, phone, email and so on. The main advantage of using this app as a verification system is for it being really cheap, it does not require physical pass cards, internet connection, website, database or servers. Verification through face picture and phone number is another advantage of this app. YouTube Video: https://youtu.be/98ZayvCvuNA
Öffentlich *
thereisnoanderson

NEW - ⛸️🧱🖥️

DCG Domain Blocklist available - last updated 2025/03/01

1702715 - Domains blocked with that build !

🦜
🐻
Supercharging your content blocker to increase privacy and security.

All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards

🌳
Ready to use lists combined from many permissively licensed sources.

divested.dev/pages/dnsbl

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #foss
#opensource #android #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss

divested.devDnsbl - Divested Computing
Öffentlich
beardedtechguy@infosec:~$

According to @BleepingComputer, there have been two different reports since Friday. One about Cyber Command and one about CISA.

Here is a statement from Cyber Command to Bleeping. Computer:

"Due to operational security concerns, we do not comment nor discuss cyber intelligence, plans, or operations. There is no greater priority to Secretary Hegseth than the safety of the Warfighter in all operations, to include the cyber domain."

bleepingcomputer.com/news/secu

BleepingComputer · DHS says CISA will not stop monitoring Russian cyber threatsVon Lawrence Abrams
#CyberSec#InfoSec#CyberCommand
Öffentlich
OWASP Foundation

🔒Master AI Security at OWASP Global AppSec 2025 Barcelona!

Join Rob van der Veer and gain insights from cutting-edge research, OWASP AI Exchange, and the upcoming EU AI Act security standard.

1-Day Training | May 28, 2025

This intensive training will equip you with the latest AI security knowledge, hands-on experience, and strategies to defend against emerging threats.

Secure your spot, owasp.glueup.com/event/123983/

#Barcelona#owaspglobalappseceu2025#cybersec
EntdeckenLive-Feeds
Über