Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
det.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon Server des Unterhaltungsfernsehen Ehrenfeld zum dezentralen Diskurs.

Administered by:

Server stats:

2.1K
active users

det.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.2

#cybersecurity

329 posts202 participants26 posts today
Public
Ian Campbell

So you like domain intel.

What if we presented 2024 findings and went deep into the analytical methods?

What if we provided some awesome scatterplots showing intel-relevant convergences?

What if I said....Shannon Entropy?

And if we gave you topic-based heatmaps?

Well, get in here, then. Our first annual Domain Intelligence Report is out.

#infosec #cybersecurity #threatintel

domaintools.com/dti-inaugural-

DomainTools | Start Here. Know Now.DomainTools Inaugural Domain Intelligence ReportThe Domain Intelligence Report reveals key insights into the influx of newly created domains in 2024. Learn how cybercriminals exploit domain patterns and DNS infrastructure, and discover actionable strategies to enhance your cybersecurity defenses.
Public
0x40k

Whoa, that Commvault SSRF to RCE vulnerability is *ugly*! 😬 We're talking CVE-2025-34028, slapped with a 9.0 CVSS score. Yeah, that's definitely setting off all the alarm bells!

Here's the lowdown: An SSRF vulnerability in "deployWebpackage.do" isn't being filtered properly. What does that mean? Attackers can just upload a ZIP file containing a JSP payload, and *boom* – they get remote code execution. It's a stark reminder that backup systems, unfortunately, are often prime targets precisely because they get overlooked.

So, listen up: If you're running Commvault Command Center versions anywhere from 11.38.0 up to 11.38.19, you need to patch immediately. Get yourself onto version 11.38.20 or 11.38.25 right away! And while you're at it, take a good look at your configuration settings. Good news is, watchTowr Labs has put out a detection tool – definitely make use of that!

Just a friendly reminder on best practices, too: Your backup systems absolutely belong in their own, separate network segment. Crucially, regular penetration tests are a must; don't just rely on automated scans, they simply won't cut it for stuff like this. That's just how it is. 🤷

How about you? Got Commvault deployed? Have you already checked your setup against this vulnerability? What kind of hardening measures do you have in place for your backup infrastructure? Drop your thoughts below! 👇

#Cybersecurity#Pentesting#Commvault
Public
0x40k

Wow, it's kinda scary how hospitals have become such a prime target for cyberattacks lately! 🏥💀 And get this: it seems hackers aren't just after patient records anymore. They're targeting actual life-saving equipment now. Seriously scary stuff! 🤯

From my perspective as a pentester, I often see there's a *lot* of room for improvement in healthcare security. Things like legacy systems and wide-open ports? That's basically rolling out the welcome mat for attackers. 🤦‍♂️ It really drives home why robust network segmentation and adopting a Zero Trust approach are absolutely crucial these days. 🔐

So, what's your take? How secure do you feel your local healthcare facilities are? 🤔 Let me know in the comments!

#Cybersecurity#Healthcare#Pentest
Public
BeyondMachines :verified:

Massive number of SQL Injection Vulnerabilities reported Siemens TeleControl Server Basic

Siemens has disclosed 67 SQL injection vulnerabilities in their TeleControl Server Basic product affecting critical infrastructure sectors including Energy, Water, and Transportation Systems. Three of the flaws are critical and allowi unauthenticated attackers to bypass authorization controls and 64 high-severity issues that could enable database manipulation, denial-of-service conditions, and code execution with system permissions.

**If you are using TeleControl Server Basic, make sure it's isolated from the internet and accessible only from trusted networks. Restrict access to port 8000 only to trusted IP addresses, and plan a quick patch cycle. The list of vulnerabilities is huge, and any isolation will eventually be compromised through phishing, malware or a disgruntled employee. So patch your TeleControl.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesMassive number of SQL Injection Vulnerabilities reported Siemens TeleControl Server BasicSiemens has disclosed 67 SQL injection vulnerabilities in their TeleControl Server Basic product affecting critical infrastructure sectors including Energy, Water, and Transportation Systems. Three of the flaws are critical and allowi unauthenticated attackers to bypass authorization controls and 64 high-severity issues that could enable database manipulation, denial-of-service conditions, and code execution with system permissions.
Public
Prof. Dr. Dennis-Kenji Kipker

Insolvenz nach #Cyberangriff: Gerade im Mittelstand werden immer wieder Fälle bekannt, in denen erfolgreiche Cyberangriffe zur #Insolvenz des betroffenen Betriebs führen. Zumeist sind derartige Ereignisse nicht der einzige Auslöser für die wirtschaftliche Schieflage, verstärken jedoch durch den #Betriebsausfall bestehende Missstände:

"Ein schwerer Cyberangriff verschärfte die wirtschaftlich prekäre Lage."

t-online.de/finanzen/aktuelles #cybersecurity #cybercrime

t-online · Hacker-Angriff trifft Recycling-Spezialist hart: Eu-Rec muss Insolvenz anmeldenDer Recycling-Spezialist Eu-Rec muss Insolvenz anmelden. Die Firma aus Rheinland-Pfalz hat auch mit den Folgen einer Hackerattacke zu kämpfen.
Public
BeyondMachines :verified:

Multiple vulnerabilities reported in IBM Hardware Management Console

IBM has patched multiple security vulnerabilities in its Power Hardware Management Console (HMC), including a critical flaw (CVE-2025-1950, CVSS 9.3) that allows local users to execute commands with elevated privileges due to improper validation.

**First, make sure your IBM Hardware Management Console (HMC) is isolated and accessible only from trusted networks and trusted personnel. Also check whether you are running vulnerable versions (V10.2.1030.0 and V10.3.1050.0). If you are, plan a patch cycle, because any isolation will eventually be breached.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesMultiple vulnerabilities reported in IBM Hardware Management ConsoleIBM has patched multiple security vulnerabilities in its Power Hardware Management Console (HMC), including a critical flaw (CVE-2025-1950, CVSS 9.3) that allows local users to execute commands with elevated privileges due to improper validation.
Public
BeyondMachines :verified:

ConfusedComposer vulnerability in reported in Google Cloud Composer tool

The "ConfusedComposer" vulnerability in Google Cloud Platform allows attackers to exploit a privilege escalation flaw by injecting malicious PyPI packages into Cloud Composer's custom-package configuration. This enables them to run arbitrary code that extracts and exfiltrates the highly privileged Cloud Build service account token. Google has fixed this vulnerability by modifying Cloud Composer to use a more restricted service account for PyPI module installations.

**You can't do much about this flaw, it was part of the GCP Cloud environment and it's fixed. Just be aware of these flaws to be better aware of the quality and patching discipline of your cloud providers.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesConfusedComposer vulnerability in reported in Google Cloud Composer toolThe "ConfusedComposer" vulnerability in Google Cloud Platform allows attackers to exploit a privilege escalation flaw by injecting malicious PyPI packages into Cloud Composer's custom-package configuration. This enables them to run arbitrary code that extracts and exfiltrates the highly privileged Cloud Build service account token. Google has fixed this vulnerability by modifying Cloud Composer to use a more restricted service account for PyPI module installations.
Public
BeyondMachines :verified:

Onsite Mammography data breach exposes data of 357K individuals

A phishing attack on October 2, 2024 compromised an employee's email account at Onsite Mammography (operating as Onsite Women's Health), exposing sensitive data of 357,265 individuals. The healthcare provider has secured the affected account, engaged forensic investigators, notified law enforcement, and is offering affected individuals 12 months of complimentary credit monitoring and identity protection services.

****
#cybersecurity #infosec #incident #databreach
beyondmachines.net/event_detai

BeyondMachinesOnsite Mammography data breach exposes data of 357K individualsA phishing attack on October 2, 2024 compromised an employee's email account at Onsite Mammography (operating as Onsite Women's Health), exposing sensitive data of 357,265 individuals. The healthcare provider has secured the affected account, engaged forensic investigators, notified law enforcement, and is offering affected individuals 12 months of complimentary credit monitoring and identity protection services.
Public
BeyondMachines :verified:

Malicious code injected Ripple's xrpl.js npm package, compromises cryptocurrency private keys

A supply chain attack has compromised multiple versions of the popular cryptocurrency JavaScript library xrpl.js (used for XRP Ledger blockchain interactions). Attackers have inserted malicious code that harvests and exfiltrates users' private keys to the domain "0x9c[.]xyz", allowing unauthorized access to cryptocurrency wallets and assets.

**If you are using xrpl.js, update it to versions 4.2.5 or 2.14.3 IMMEDIATELY. If you've used compromised versions (4.2.1-4.2.4 or 2.14.2) since April 21st, assume your keys may be compromised and transfer funds to new, secure wallets. And implement package verification signatures for external packages to reduce malicious code injection - it's not simple but it does help.**
#cybersecurity #infosec #advisory #databreach
beyondmachines.net/event_detai

BeyondMachinesMalicious code injected Ripple's xrpl.js npm package, compromises cryptocurrency private keysA supply chain attack has compromised multiple versions of the popular cryptocurrency JavaScript library xrpl.js (used for XRP Ledger blockchain interactions). Attackers have inserted malicious code that harvests and exfiltrates users' private keys to the domain "0x9c[.]xyz", allowing unauthorized access to cryptocurrency wallets and assets.
Public
ABC Feeds

Data of more than 2,000 SA patients hacked in ransomware attack

The personal data of more than 2,000 inpatients involved sleep studies at the Women's and Children's Hospital in Adelaide since 2018 has been accessed in a ransomware attack, with those affected being warned of identity theft risks.

abc.net.au/news/2025-04-24/sle

ABC News · Sleep study patients' personal data accessed in ransomware attack, SA Health saysBy ABC News
#HealthcareFacilities#Sleep#CyberSecurity
Public
FOSSASIA

🛡️ Discover how to enhance your software’s security posture using threat intelligence. In this session, Gaurav Kamathe shares practical insights on leveraging real-world threat data to anticipate, detect, and defend against attacks — all at #FOSSASIASummit2025.

🔗 Click here to watch on the FOSSASIA YouTube channel youtu.be/W-_5IEZxREQ

youtu.be- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
#CyberSecurity#ThreatIntelligence#OpenSource
Public *
Die Sicherheits_lücke

Neue Folge! Wir haben mit Angela Sasse über #HumanCenteredSecurity gesprochen. Es geht um die Effektivität von Awareness Trainings, um den Trade-off zwischen Produktivität und #ITSicherheit und um Prozesse, die Mitarbeitenden sicheres Verhalten in Organisationen ermöglichen.

Hier und überall, wo es Podcasts gibt: sicherheitsluecke.fm

#Phishing #cybersecurity #ITSecurity #HOOU @HOOUhamburg

ExploreLive feeds
About