Mr.Trunk · @mrtrunk
6 followers · 11627 posts · Server dromedary.seedoubleyou.meHackRead: Cryptomining and Malware Flourish on Misconfigured Kubernetes Clusters https://www.hackread.com/cryptomining-malware-misconfigured-kubernetes-clusters/ #Misconfiguration #Vulnerability #Cryptomining #Kubernetes #Security #backdoor #security #Malware
#misconfiguration #vulnerability #cryptomining #kubernetes #security #backdoor #malware
Owen 🇦🇺 · @owen3d
7 followers · 274 posts · Server fosstodon.orghttps://labs.hakaioffsec.com/nginx-alias-traversal/
More an #nginx #misconfiguration problem than a #vulnerability but the outcome is the same irrespective of semantics.
#nginx #misconfiguration #vulnerability
Marko Jahnke · @markojahnke
105 followers · 330 posts · Server bonn.socialThere was a #misconfiguration on #mastodon.social that allowed unauthorized actors do download some user's archive takeout (containing public information).
Eugen Rochko informed the affected users immediately:
"They DO NOT contain your e-mail address or any other Personal Identifiable Information from your account, excepting anything you’ve manually put in your public profile or shared in posts."
sudoheader :verified: · @sudoheader
15 followers · 51 posts · Server infosec.exchangeBugged - I have just completed this room! Check it out: https://tryhackme.com/room/bugged #tryhackme #network protocols #IoT #misconfiguration #command execution #bugged via @RealTryHackMe
#tryhackme #network #iot #misconfiguration #command #bugged
M · @Mysteryx
1 followers · 4 posts · Server infosec.exchangeWe just publish a new article:
Exploiting IAM security misconfigurations and how to detect them
M · @Mysteryx
1 followers · 8 posts · Server infosec.exchangeWe just published a new article:
Exploiting IAM security misconfigurations and how to detect them
FilesWithThreateningAuras · @iaintshootinmis
330 followers · 412 posts · Server digitaldarkage.ccSparsely populated instances may inadvertently leak their users' follower list; even if users have opted to hide their social graph.
This happens because users who have opted to hide their social graph aren't opted-out of their incoming posts being displayed in the social graph.
This can be mitigated. Admins can disable unauthenticated access to the instances federated timeline.
https://www.justinmcafee.com/2022/11/mastodon-privacy-for-small-instances.html
#Mastodon #Privacy #Safety #DigitalLeakage #ThreatModel #RiskProfile #Misconfiguration
#mastodon #privacy #safety #digitalleakage #threatmodel #riskprofile #misconfiguration
🏴 TJ 🏴 · @apjone
144 followers · 31 posts · Server infosec.exchange
Font Awesome service #misconfiguration lead to possible #leak of SSL #privatekey
#misconfiguration #leak #privatekey
Tru Huynh · @tru
28 followers · 20 posts · Server fosstodon.orgfor self hosting individual: caveat #minio #s3 #mastodon #misconfiguration and ethical report... https://www.alevsk.com/2022/11/system-misconfiguration-is-the-number-one-vulnerability-at-least-for-mastodon/ @alevsk thx!
#minio #s3 #mastodon #misconfiguration
Tru Huynh · @tru
39 followers · 39 posts · Server fosstodon.orgfor self hosting individual: caveat #minio #s3 #mastodon #misconfiguration and ethical report... https://www.alevsk.com/2022/11/system-misconfiguration-is-the-number-one-vulnerability-at-least-for-mastodon/ @alevsk thx!
#minio #s3 #mastodon #misconfiguration
DarkOperator 🚀 · @DarkOperator
512 followers · 224 posts · Server infosec.exchange
#Amazon, #Microsoft Cloud #Leaks Highlight Lingering #Misconfiguration Issues https://bit.ly/3DXyEU4
#amazon #microsoft #leaks #misconfiguration
Julien M. · @julm
485 followers · 4935 posts · Server framapiaf.org#InfoSec #DoS #censorship
> Weaponizing Middleboxes for #TCP Reflected #Amplification
> Censors pose a #threat to the entire #Internet.
> We discover a new way that attackers could launch reflected denial of service (#DoS) amplification attacks over #TCP by abusing middleboxes and #censorship infrastructure. […]
> We found multiple types of middlebox #misconfiguration in the wild that can lead to technically infinite amplification for the attacker […]
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
#Geneva #USENIX
#usenix #geneva #misconfiguration #internet #threat #amplification #tcp #censorship #dos #infosec
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts - Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to ... https://threatpost.com/pharma-pfizer-leaks-prescription-call-transcripts/160354/ #patientinformation #misconfiguration #calltranscripts #customerrecords #pharmaceuticals #cloudsecurity #prescriptions #customerdata #opendatabase #cancerdrugs #drugcompany #googlecloud #databreach #vpnmentor #dataleak #exposure #privacy
#privacy #exposure #dataleak #vpnmentor #databreach #googlecloud #drugcompany #cancerdrugs #opendatabase #customerdata #prescriptions #cloudsecurity #pharmaceuticals #customerrecords #calltranscripts #misconfiguration #patientinformation
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Google Cloud Buckets Exposed in Rampant Misconfiguration - A too-large percentage of cloud databases containing highly sensitive information are publicly ava... https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/ #mostrecentthreatlists #publiclyavailable #misconfiguration #clouddatabases #cloudsecurity #elasticsearch #cloudbuckets #paulbischoff #comparitech #googlecloud #databreach #amazons3 #analysis #privacy #breach
#breach #privacy #analysis #amazons3 #databreach #googlecloud #comparitech #paulbischoff #cloudbuckets #elasticsearch #cloudsecurity #clouddatabases #misconfiguration #publiclyavailable #mostrecentthreatlists
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Unsecured Microsoft Bing Server Leaks Search Queries, Location Data - Data exposed included search terms, location coordinates, and device information - but no personal... https://threatpost.com/microsoft-bing-search-queries/159407/ #microsoftsecurity #misconfiguration #unsecuredserver #cyberblackmail #cybercriminals #exposedserver #microsoftbing #phishingscams #searchqueries #securityhack #websecurity #dataexposed #meowattack #microsoft #hacks #hack
#hack #hacks #microsoft #meowattack #dataexposed #websecurity #securityhack #searchqueries #phishingscams #microsoftbing #exposedserver #cybercriminals #cyberblackmail #unsecuredserver #misconfiguration #microsoftsecurity
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Cloud Leak Exposes 320M Dating-Site Records - A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, expo... https://threatpost.com/cloud-leak-320m-dating-site-records/159225/ #personalinformation #romanticpreferences #adultdatingsites #misconfiguration #infosecinsider #cloudsecurity #elasticsearch #websecurity #cloudserver #meowattack #vpnmentor #dataleak #exposure #mailfire #privacy #records #breach
#breach #records #privacy #mailfire #exposure #dataleak #vpnmentor #meowattack #cloudserver #websecurity #elasticsearch #cloudsecurity #infosecinsider #misconfiguration #adultdatingsites #romanticpreferences #personalinformation
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Doki Backdoor Infiltrates Docker Servers in the Cloud - The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botn... more: https://threatpost.com/doki-backdoor-docker-servers-cloud/157871/ #commandandcontrol #containersecurity #misconfiguration #dogecoinwallet #cloudsecurity #ngrokbotnet #dockerhub #malware #docker #cloud #apis #doki #dga
#dga #doki #apis #cloud #docker #malware #dockerhub #ngrokbotnet #cloudsecurity #dogecoinwallet #misconfiguration #containersecurity #commandandcontrol
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Chris Vickery: AI Will Drive Tomorrow’s Data Breaches - Chris Vickery talks about his craziest data breach discoveries and why "vishing" is the next top t... more: https://threatpost.com/chris-vickery-ai-will-drive-tomorrows-data-breaches/157595/ #newsmakerinterviews #misconfiguration #exposeds3bucket #threatpostvideo #databreach #breach #videos #hacks #video #hack
#hack #video #hacks #videos #breach #databreach #threatpostvideo #exposeds3bucket #misconfiguration #newsmakerinterviews
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Kubernetes Falls to Cryptomining via Machine-Learning Framework - Misconfigured dashboards are at the heart of a widespread XMRIG Monero-mining campaign. more: https://threatpost.com/kubernetes-cryptomining-machine-learning-framework/156481/ #maliciouscontainer #misconfiguration #machinelearning #cryptomining #websecurity #containers #kubernetes #microsoft #kubeflow #malware #monero #azure #xmrig
#xmrig #azure #monero #malware #kubeflow #microsoft #kubernetes #containers #websecurity #cryptomining #machinelearning #misconfiguration #maliciouscontainer
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Cloud Misconfig Mistakes Show Need For DevSecOps - Unit 42 researchers discuss public cloud misconfiguration issues that are leading to breaches of s... more: https://threatpost.com/cloud-misconfig-devsecops/153921/?utm_source=rss&utm_medium=rss&utm_campaign=cloud-misconfig-devsecops #cloudmisconfiguration #cloudinfrastructure #misconfiguration #graboidmalware #cloudsecurity #datacenters #publiccloud #databreach #devsecops #interview #ryanolson #paloalto #videos #breach #unit42 #rsac #rsa
#rsa #rsac #unit42 #breach #videos #paloalto #ryanolson #interview #devsecops #databreach #publiccloud #datacenters #cloudsecurity #graboidmalware #misconfiguration #cloudinfrastructure #cloudmisconfiguration