-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Apr 29, 2023
> eBPF has many uses in improving computer security, but just taking eBPF observability tools as-is and using them for security monitoring would be like driving your car into the ocean and expecting it to float. Observability tools are designed have the lowest overhead possible so that they are safe to run in production while analyzing an active performance issue. Keeping overhead low can require tradeoffs in other areas: tcpdump(8), for example, will drop packets if the system is overloaded, resulting in incomplete visibility. This creates an obvious security risk for tcpdump(8)-based security monitoring: An attacker could overwhelm the system with mostly innocent packets, hoping that a few malicious packets get dropped and are left undetected. Long ago I encountered systems which met strict security auditing requirements with the following behavior: If the kernel could not log an event, it would immediately **halt**! While this was vulnerable to DoS attacks, it met the system's security auditing non-repudiation requirements, and logs were 100% complete.
> A newly discovered security issue in Devuan's default installation allows for obtaining root privileges without a password.
> Google says it prevented 1.4 million bad applications from being published on Google Play in 2022 and banned 173k developer accounts.
> Cisco is working on a patch for an XSS vulnerability found in Prime Collaboration Deployment by a pentester from NATO’s Cyber Security Centre (NCSC).
> Cybersecurity is a critical issue in today’s digital landscape. From personal information theft to cyberattacks on critical infrastructure, the risks associated with online activities are numerous and ever-present. To address these risks, cybersecurity professionals often use fear, uncertainty, and doubt (FUD) to promote their services and products.
> A critical-severity vulnerability in Zyxel’s ATP, USG FLEX, VPN, and ZyWALL/USG firewalls can be exploited remotely for OS command execution.
> A newly identified variant of the RTM Locker ransomware is targeting Linux, NAS, and ESXi hosts.
> FDA and CISA notify healthcare providers about a component used by several Illumina medical devices being affected by serious vulnerabilities that can allow remote hacking.
> To mark the first anniversary of the notification of the 2022 CERT-In Directions, we filed two Right to Information (“RTI”) applications with the Department of Electronics and Information Technology, seeking details on the issuance of compliance notices under this new regulatory mandate.
> South Africa ranked number five globally in a list of countries worst affected by cybercrime in 2022, according to a new report, with 56 000 out of every million internet users being a victim.
-- Response ended
-- Page fetched on Thu Jun 13 20:42:26 2024