This may not classify as a technical post per-se, but apparently you can run amplification attacks using Mastodon - a popular open-source decentralized social network.
The idea is very simple: when you post a link, it will try to fetch a preview. Since this is a decentralized platform, each federated node will try to fetch assets on its own.
And this issue just exists. Frankly, I don’t think the mitigation is any different from a generic DDoS protection. It’s just an interesting fact about federated social networks.
P.S. Now, I wonder if Blue Sky has this problem as well.
#security
The idea is very simple: when you post a link, it will try to fetch a preview. Since this is a decentralized platform, each federated node will try to fetch assets on its own.
And this issue just exists. Frankly, I don’t think the mitigation is any different from a generic DDoS protection. It’s just an interesting fact about federated social networks.
P.S. Now, I wonder if Blue Sky has this problem as well.
#security
It's FOSS
Please Don’t Share Our Links on Mastodon: Here’s Why!
We need to talk about this problem. Should Mastodon step up?
👍2
Bees With Machine Guns is a tool to load test web applications.
The main difference from other popular tools like Vegeta is that in this case instead of using a single CLI, the tool creates a "swarm" of micro instances in AWS to emulate a DDoS attack so the load originates from multiple points, not a single one.
#security
The main difference from other popular tools like Vegeta is that in this case instead of using a single CLI, the tool creates a "swarm" of micro instances in AWS to emulate a DDoS attack so the load originates from multiple points, not a single one.
#security
GitHub
GitHub - newsapps/beeswithmachineguns: A utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets…
A utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications). - newsapps/beeswithmachineguns
👍6
In case you missed it somehow.
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
A newly discovered vulnerability allows a malicious actor to execute code remotely with the highest privileges on a host. CVE assigned to this vulnerability is CVE-2024-6387.
Glibc-based Linux systems are affescted.
Affected OpenSSH versions:
- OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and
CVE-2008-4109.
- Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a
previously unsafe function secure.
- The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component
in a function.
OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.
Here's another interesting fact: "In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006."
This is why you always need to have several lines of defense in your systems. Also, since I got into the industry, it was always advised not to open SSH to the world and hide it behind a VPN or such. This advice still stands. Moreover, today you have solutions in place that allow you avoiding SSH at all.
#security #ssh
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
A newly discovered vulnerability allows a malicious actor to execute code remotely with the highest privileges on a host. CVE assigned to this vulnerability is CVE-2024-6387.
Glibc-based Linux systems are affescted.
Affected OpenSSH versions:
- OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and
CVE-2008-4109.
- Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a
previously unsafe function secure.
- The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component
in a function.
OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.
Here's another interesting fact: "In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006."
This is why you always need to have several lines of defense in your systems. Also, since I got into the industry, it was always advised not to open SSH to the world and hide it behind a VPN or such. This advice still stands. Moreover, today you have solutions in place that allow you avoiding SSH at all.
#security #ssh
Qualys
OpenSSH CVE-2024-6387 RCE Vulnerability: Risk & Mitigation | Qualys
CVE-2024-6387 exploit in OpenSSH poses remote unauthenticated code execution risks. Find out which versions are vulnerable and how to protect your systems.
👍12
Anyone can Access Deleted and Private Repository Data on GitHub
Sounds scary, if you didn't deep dive into how git works and how GitHub hosts it.
TL;DR: If some repo can
Only after the visibility of the repo changes - new commits will be not discoverable.
For more details and examples, check this article, which was brought to us from CatOps Chat.
#security #git #github
Sounds scary, if you didn't deep dive into how git works and how GitHub hosts it.
TL;DR: If some repo can
git fetch upstream - all these fetchable commits will be always accessible from this fork/main repo.Only after the visibility of the repo changes - new commits will be not discoverable.
For more details and examples, check this article, which was brought to us from CatOps Chat.
#security #git #github
Trufflesecurity
Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
❤11🔥3👍2
Today you may encounter mentions of 9.9 CVE for Linux. Most likely, it's all about this one.
This CVE is related to CUPS - a printing service for Linux. So, if you don't print things, you can just uninstall or disable it on your Linux machine and move with your day.
Anyway, this is an interesting read on its own. It's interesting how they found this vulnerability.
P.S. These are news from chat, btw.
#security
This CVE is related to CUPS - a printing service for Linux. So, if you don't print things, you can just uninstall or disable it on your Linux machine and move with your day.
Anyway, this is an interesting read on its own. It's interesting how they found this vulnerability.
P.S. These are news from chat, btw.
#security
evilsocket
Attacking UNIX Systems via CUPS, Part I
❤9
As a follow-up of the yesterday’s post, here’s a bundle of Cybersecurity books by O’Reilly on Humble Bundle.
#books #security
#books #security
Humble Bundle
Humble Tech Book Bundle: Cybersecurity Month MEGA Bundle by O'Reilly
Learn about cybersecurity with this bundle of tech courses. Pay what you want & support charity!
❤5👍2
What is common between Helm and the article about the abuse of the
Year of initial release. But if the article is not more accessible outside the Web Archive, Helm still provides that as a valid installation option.
Anyway, the article is old but gold, worth reading to understand how tricky attakers can be.
#security #bash
curl | bash setup to load bad payload?Year of initial release. But if the article is not more accessible outside the Web Archive, Helm still provides that as a valid installation option.
Anyway, the article is old but gold, worth reading to understand how tricky attakers can be.
#security #bash
web.archive.org
Detecting the use of "curl | bash" server side | Application Security
Another reason not to pipe from curl to bash. Detecting curl | bash serverside.
❤2
There are two types of folks: those who pin their dependencies to (often) mutable tags and other pointers, and those who already pin to hash sums.
This is true for GitHub Actions as well. For example, most tags in the tj-actions/changed-files repository were repointed to compromised versions by an attacker, potentially affecting 23,000 repositories until GitHub shut down the entire repository.
Manually pinning dependencies can be tedious, so it's better to utilize tools like Renovate. The SpotOnInc/renovate-config preset does exactly that. Note that you can pin it to a hash sum too, just in case ;)
P.S. If you used that GitHub Action, here is a list of possible mitigation steps: antonbabenko/pre-commit-terraform#837.
#security #github #gha
This is true for GitHub Actions as well. For example, most tags in the tj-actions/changed-files repository were repointed to compromised versions by an attacker, potentially affecting 23,000 repositories until GitHub shut down the entire repository.
Manually pinning dependencies can be tedious, so it's better to utilize tools like Renovate. The SpotOnInc/renovate-config preset does exactly that. Note that you can pin it to a hash sum too, just in case ;)
P.S. If you used that GitHub Action, here is a list of possible mitigation steps: antonbabenko/pre-commit-terraform#837.
#security #github #gha
www.stepsecurity.io
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
👍2
A new vulnerability is discovered in Next.js - a popular web framework based on React. This vulnerability allows an attacker to bypass the redirect middleware as well as potentially make a cache poisoning attack.
Here’s also a thread by Gergely Orosz about this issue.
#security
Here’s also a thread by Gergely Orosz about this issue.
#security
zhero_web_security
Next.js and the corrupt middleware: the authorizing artifact
CVE-2025-29927
🤔2
We are continuing our security marathon with some news about very popular NGINX Ingress for Kubernetes.
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes.
Exploiting these vulnerabilities can lead to unauthorized access to cluster secrets as well as remote code execution inside the ingress pod.
This vulnerability is fixed in Ingress NGINX Controller version 1.12.1 and 1.11.5, but if you cannot upgrade right now for whatever reason, Wiz has other recommendations on how to mitigate this.
P.S. Many thanks to the chat for sharing this story!
#security #kubernetes #nginx
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes.
Exploiting these vulnerabilities can lead to unauthorized access to cluster secrets as well as remote code execution inside the ingress pod.
This vulnerability is fixed in Ingress NGINX Controller version 1.12.1 and 1.11.5, but if you cannot upgrade right now for whatever reason, Wiz has other recommendations on how to mitigate this.
P.S. Many thanks to the chat for sharing this story!
#security #kubernetes #nginx
wiz.io
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.
❤8🔥3👍2😁1