med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

364
active users

#itsec

6 posts5 participants0 posts today

»Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub:
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEY's to be weaponized to gain remote code execution capabilities on hundreds of applications.«

Never store your access keys in Git, especially not in the code – do programmers need to be taught this?!??

🔓 thehackernews.com/2025/07/over

TIL all your #2FA's can hit at once.

"Hello, Browser, I'd like to log in."

🤖 "Great! Check your email. Also, you have 35 seconds to respond to this before I lock you out."

"Hi Email! Can I see my last message?"

🤖 "Um, you've been ignoring me lately so go get your tablet. Also, I have a decade of your email inside me so you better respond within 10 seconds before I nuke it all."

"Hey Tablet, I need to open you up now."

🤖 "Who dat? I'm going to need you to grab your phone..."

#itsec #humor?

»Googles KI darf spionieren – Gemini erhält umfangreichen App-Zugriff:
Googles Gemini kann neuerdings auf Android-Geräten Whatsapp-Chats mitlesen. Wer das nicht möchte, muss viel tun.«

Wenn dies nicht noch eine Risikofaktor mehr in Unternehmen ergibt und die IT-Sicherheit Dienstleister evt. profitieren? Aber auch priv. ist die meines Erachtens bedänklich.

📱 golem.de/news/googles-ki-darf-

Golem.de · Googles KI darf spionieren: Gemini erhält umfangreichen App-Zugriff - Golem.deBy Ingo Pakalski
Replied in thread

@cryptadamist @panigrc @finalstaticfox @dansup

Obviously that's another evidence of why #KYC IS THE ILLICIT ACTIVITY!...

  • That problem doesn't exist with #Monero as one cannot determine #transactions, #balances or link wallets by observing the #blockchain. Unlike with all those Shitcoins like #Bitcoin or #Ethereum!

  • So even if I had a Monero Wallet and even if you knew the wallet address, you cannot see what's on it or what transactions go in and out.

  • It's even more secure than #SEPA because thanks to #SWIFT & #FATCA the #IRS and #TreasuryDept. have bulk access to these systems and can basically see account balances in real time (when it comes to #US citizens! The rest they can approximate with bulk access to payment providers and intelligence).

So yeah, blame lack of #privacy, #secrecy, and #custody as well as #doxxing in the form of KYC under the false pretense of #AML for the rampant rise of #kidnappings and armed robberies of #shitcoin HODL'ers.

  • Obviously I do condemn such acts of violence as a matter of principle.

The fact that there are automated, idiot-proof tools like #chainalysis that enable statistical tracking and linking of transactions for everything except Monero is the problem.

  • Don't believe that such "AML compliance" tools are unique to the clients of said providers, because it's just connecting dots from public records. No warrant nor insiders nor MLAT needed.

IOW: OFC I'd have to expect getting robbed by organized crime if I were to post evidence of me sleeping on genuine gold bars.

Universeodon Social Media⚯ Michel de Cryptadamus ⚯ (@cryptadamist@universeodon.com)@kkarhan@infosec.space @panigrc@mastodon.social @finalstaticfox@pounced-on.me @dansup@mastodon.social the people i know who got home invasioned for their bitcoins got home invasioned way before there were any regulations involved

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines.

🐧 thehackernews.com/2025/07/crit

Guten Morgen vom Schreibtisch. Heute darf ich mal wieder FH-Studis mit #Datenschutz beglücken. Damit das nicht ganz so staubig wird, mach ich mit denen aber immer warum wir den granzen Kram überhaupt haben und was passiert, wenn wir uns nicht dran halten. Die Malware-VM löuft, TOR-Browser mit Marktplatz, wo man u.a. Zugänge zu Social-Media- und Paypal-Konten einkaufen kann läuft auch. Vorlesung kann losgehen. ;D #TeamDatenschutz #ITSec #ITSicherheit #Informationssicherheit

»Was Mailadressen über Parlamentarierinnen alles verraten (viel!)«
– von @nohillside

Viele Firmen gehen lapitar mit ihren E-Mails um weil sie anscheinend nichts zu verbergen haben. Doch "nur" schon anscheinend oberflächliche Metadaten sagen sehr viel über jemenschen was aus. Deren Gleichgültigkeit auch von Firmen ist einfach nur übel aber nicht leider nicht erschreckend, da üblich.

📧 dnip.ch/2025/06/24/was-mailadr

Was Mailadressen über Parlamentarierinnen alles verraten (viel!)
Das Netz ist politisch · Was Mailadressen über Parlamentarierinnen alles verraten (viel!) - Das Netz ist politischAn Meldungen über geleakte Login-Daten und neue Passwort-Funde im Darknet haben wir uns unterdessen gewöhnt. Meist tut man sie mit einem Schulterzucken ab,
Continued thread

@BrodieOnLinux @torproject @guardianproject

At this point I'd like to ask when @EUCommission and other #regulators start #banning #StasiBook and other #GAFAM|s for their blatant actions as #OrganizedCrime to violate #privacy standards in the #EU and elsewhere?

infosec.space/@kkarhan/1147336

Cuz at this point the €32B fines at maximum are a joke.

Simply because this isn't a mere violation of #GDPR, #BDSG and other standards, but literal #malware that has been deployed against users in the wild...

  • Anything but actual prison sentences & arrest warrants against the persons responsible would be undue leniency.
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)The fact that #NSAbook is literally developing #Govware to track users and bypass #Android #sandbox as well as #tracking them regardless of #VPN, #Cookies or #IncognitoMode use or blockage. https://www.youtube.com/watch?v=LUtctMShGJw via @BrodieOnLinux@mstdn.social More to readup upon. https://redact.dev/blog/meta-yandex-localhost-tracking https://www.zeropartydata.es/p/localhost-tracking-explained-it-could #Spyware #InfoSec #ComSec #ITsec #OpSec #Malware #LocalhostTracking #Govware #StasiBook #Facebook #Meta
Replied in thread

@afreytes +9001%

  • It's impossible to get #GDPR compliance with #GAFAMs' products!

  • It's impossible to get #ITsec, #InfoSec, #OpSec & #ComSec on a compliant level when a literal #Govware (#Windows) is being used.

  • I cannot work as #Linux Sysadmin unter WinShit just like a cardiologist can't perform a heart transplant just cutlery from a prison mess hall and NSAIDs and just like a nurse can't CPR a toddler with a pneumatic jackhammer!

#gdpr#gafams#itsec