A reminder that upgrading your server might shut down parts of the security related components and leave services unintentionally exposed. Upgrading should not be done without proper filtering of unwanted incoming traffic (via for example a firewall in front of the server). Here we can see some database passwords and cryptographic secrets exposed during #debian13 upgrade due to PHP being down while the httpd was not. #infosec #cybersecurity

#MorphOS is 25 years old today. The first public beta version 0.1 was released August 1st 2000. We're currently working on MorphOS 3.20.

Stop Killing Games European Citizens' Initiative has reached the required 1 million signatures.

Initiative detail | European Citizens' Initiative

Stop Killing Games

#consumerrights #stopkillinggames #gaming

Insecure defaults can lead to surprises. When creating FIFO sockets with systemd, be sure to note that SocketMode defaults to 0666 - that is world readable and writable. That is: any local user can communicate with the FIFO. If your FIFO is used to perform privileged operations you must ensure that either the FIFO file itself is located in secured location or set SocketMode to stricter value. I spotted one such insecure use in cloud-init: the hotplug FIFO was world writable. This is CVE-2024-11584 and fixed in cloud-init 25.1.3. The commit fixing this is in

GitHub

Sync security by blackboxsw · Pull Request #6265 · canonical/cloud-init

Sync security patches for release.

#CVE_2024_11584 #ubuntu #systemd #infosec #cybersecurity

Russian citizens and dual nationals are not permitted to operate unmanned aircraft (such as #drones) in Finland. While the updated EU #sanctions regulation (EU) No. 833/2014 gives member states the option to grant exceptions, Finnish authorities have not deemed it necessary to do so. source:

Traficom

Russian citizens and dual nationals not allowed to fly unmanned | Traficom

Russian citizens and dual nationals do not currently have the right to operate unmanned aircraft in Finland. The updated EU sanctions regulation gi...

(in english)

I always recommend everyone to turn off any kind of motherboard manufacturers' driver auto-installers. They have a history of containing significant vulnerabilities leading to arbitrary code execution. The vulnerabilities discovered by MrBruh in ASUS Driver Hub again confirm this recommendation. There were several vulnerabilities that, when combined, lead to a devastating end result.

One-Click RCE in ASUS's Preinstalled Driver Software

One-Click RCE in ASUS’s Preinstalled Driver Software Part Two of the ASUS series is out, read it here. Introduction This story begins with a ...

#CVE_2025_3462 #CVE_2025_3463 #RCE

S-ryhmä on tuomassa kaikenlaista uutta tekoälytoimintoa S-etukortteihin ja muihin palveluihinsa. Huomioitavaa on, että S-ryhmä hyödyntää oletuksena tietojasi tekoälymallien kouluttamisessa, ellet sitä erikseen kiellä: "Tietosuoja on sisäänrakennettu, ja edes mallin kouluttamiseen ei käytetä sellaisten asiakkaiden dataa, jotka ovat asettaneet analytiikkakiellon." Kiellon voi tehdä täällä:

S-käyttäjätili

S-käyttäjätili: Avain S-ryhmän palveluihin

Suosittelen tutustumaan kohtiin: "Kohdentaminen S-ryhmän ulkopuolisissa kanavissa", "Tuotetasoinen ostotieto" ja "Analytiikka ja asiakasryhmittely". Lähde:

Teknologia ja tekoäly kiihdyttävät S-ryhmän muutosta: luvassa koko ajan uudistuvia palveluja asiakkaille

Yli 100-vuotiaasta osuustoiminnallisesta kaupparyhmästä on viime vuosina kuoriutunut johtava teknologiatalo, joka kilpailee kansainvälisten jät...

#tietosuoja #yksityisyys

Why does the #AISlop problem exist at #hackerone (and likely other bug bounty platforms)? Because apparently it works: https://hackerone.com/evilginx/hacktivity?type=user It seems that some projects pay bounties for such AI Slop reports.