After the #XZ attack, I have a suggestion for all #software forges (#Forgejo, #GitHub, #Gitea, #Sourceforge, etc.):
Have some way to visualize binary files better, including diffs to such files. Cuz now, we have basically nothing except byte counters.
Since they're binary files, it must be as generic as possible. But even some rendering or analysis is better than nothing.
The idea is to expose weird patterns in binary files that could be a sign of an attack.
#CyberSecurity#GitHub#Microsoft#Malware: "A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.
While most of the malware activity has been based around the Microsoft GitHub URLs, this "flaw" could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures.
Yesterday, McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg.
@mikeymikey oh look, MSFT being a problem for FOSS communities? never! lol 💁🏼♀️🤭🤣
Maybe one day people will realize that MSFT has always been a problem and will always be a problem. Closed Source has its place, but the way MS behaves is a direct causal link to CVEs and threat actors causing instability and security crises.
oh... did FOSS also warn everyone that MS buying Github was a terrible mistake, yes.
A critical vulnerability, identified as CVE-2024-20356, has been found in Cisco's Integrated Management Controller (IMC). This flaw allows for command injection, potentially giving attackers the ability to gain root access to systems. The vulnerability is located in the web-based management interface of the IMC, which is used for remotely managing Cisco hardware. The issue arises from insufficient user input validation in the IMC interface, allowing an authenticated, remote attacker with administrative privileges to inject malicious commands.
Security researchers from Nettitude have developed a Proof of Concept (PoC) exploit, named "CISCown," to demonstrate this vulnerability. The exploit involves sending crafted commands through the web interface, enabling attackers to execute arbitrary code with root privileges on the underlying operating system of Cisco hardware. This PoC exploit is part of a toolkit developed by Nettitude and is available on GitHub. It uses parameters such as target IP, username, and password to automate the exploitation process and deploy a telnetd root shell service on compromised devices.
The release of this PoC exploit signifies a critical threat level for organizations using affected Cisco products. Gaining root access can lead to data theft, system downtime, and further network compromise. Cisco has responded by releasing software updates to address this vulnerability. It is strongly recommended that all affected organizations apply these updates immediately, as no known workaround mitigates this vulnerability.
The affected products include a range of Cisco servers and computing systems, such as the 5000 Series Enterprise Network Compute Systems (ENCS), Catalyst 8300 Series Edge uCPE, UCS C-Series M5, M6, and M7 Rack Servers in standalone mode, UCS E-Series Servers, and UCS S-Series Storage Servers. Users and administrators are advised to visit Cisco’s official security advisory page and the Nettitude GitHub repository hosting the exploitation toolkit for more detailed information and access to the updates.
This release adds support for finding barcodes in PDF files[1] and dealing with multiple barcodes. It also properly colours the status bar during usage now.
As always, it's available on #GitHub, will soon be available on #IzzyOnDroid and will slowly roll out to other app stores.
A friend got frustrated with gitlab today because the @efoundation gitlab denies registrations from their personal mailserver, probably
caused by this thing:
Is there a standard public forum that people to for help in setting up their #mastodon instances? I found the #github one, but I am not really finding any other forums.
GameCube HDMI Mod Is Now Available on github (www.timeextension.com)
"DOL-101 Digital Port kit files uploaded to GitHub"
Descent 3 source code released on github, after 25 years (github.com)
The github repo is owned by one of the original developers, Kevin Bentley. Includes the unreleased 1.5 patch....