- rwth-security - lists.rwth-aachen.de

How an empty S3 bucket can make your AWS bill explode

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "How an empty S3 bucket can make your AWS bill explode" --> "... S3 charges you for unauthorized incoming requests ..." - "... Anyone who knows the name of any of your S3 buckets can ramp up your AWS bill as they like ..." - "... Adding a random suffix to your bucket names can enhance security ..." - "... When executing a lot of requests to S3, make sure to explicitly specify the AWS region ..." --> enable CloudTrail logs VG Bernd [0] https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aw… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Monate

1
0
0 0

New R Programming Vulnerability Exposes Projects to Supply Chain

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New R Programming Vulnerability Exposes Projects to Supply Chain Attacks" --> Update auf Version 4.4.0 VG Bernd [0] https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.h… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Monate

1
0
0 0

How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC App Control" --> passend hierzu auch [1] VG Bernd [0] https://github.com/HotCakeX/Harden-Windows-Security/wiki/How-to-Use-Microso… [1] https://github.com/HotCakeX/Harden-Windows-Security/wiki/Script-Enforcement… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Monate

1
0
0 0

Chrome Beta (≥115.0.5748.0) supports post-quantum key

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Chrome Beta (≥115.0.5748.0) supports post-quantum key" 1. chrome://flags --> dort folgendes aktivieren "TLS 1.3 hybridized Kyber support" 2. Einstellungen überprüfen durch Aufrufen der folgenden Webseite pq.cloudflareresearch.com bzw. pq.cloudflareresearch.com/cdn-cgi/trace --> bei letzterm sollte im key exchange Feld "Kyber" stehen Laut [0] wird aber nur HTTP≤2 und nicht HTTP3/QUIC unterstützt VG Bernd [0] https://twitter.com/bwesterb/status/1668600698240393218 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Monate

1
4
0 0

(The) Postman Carries Lots of Secrets

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "(The) Postman Carries Lots of Secrets" --> "... Postman launched a public network for developers to “share and showcase” their APIs. ... --> "... scan a Postman workspace with TruffleHog ..." VG Bernd [0] https://trufflesecurity.com/blog/postman-carries-lots-of-secrets -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Monate, 1 Woche

1
0
0 0

Urgent GitLab Update Patches Account Takeover Flaw, Other

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Urgent GitLab Update Patches Account Takeover Flaw, Other High-Severity Bugs" --> "... upgrading to versions 16.11.1, 16.10.4, or 16.9.6 ..." VG Bernd [0] https://securityonline.info/urgent-gitlab-update-patches-account-takeover-f… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Monate, 1 Woche

1
0
0 0

New Brokewell malware takes over Android devices, steals data

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Brokewell malware takes over Android devices, steals data" VG Bernd [0] https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Monate, 1 Woche

1
0
0 0

CVE-2024-2961 – glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-2961 – glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately" VG Bernd [0] https://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Monate, 1 Woche

1
0
0 0

Critical Vulnerabilities in Popular Database Library Expose Millions

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Critical Vulnerabilities in Popular Database Library Expose Millions of Applications to Attack" --> "flaws in node-mysql2" --> "update to version 3.9.7 or later" VG Bernd [0] https://securityonline.info/cve-2024-21508-rce-node-mysql2/?expand_article=1 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Monate, 1 Woche

1
0
0 0

Microsoft releases Exchange hotfixes for security update issues

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Microsoft releases Exchange hotfixes for security update issues" --> "Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. ..." VG Bernd [0] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-exchange… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Monate, 1 Woche

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

rwth-security