Collaborate Disseminate
My company is developing an open-source platform that would be hosted on may different servers, deployed in the cloud by many people, that run the "LAMP" stack or something similar. My goal is to ensure that in 99.9% of cases, th… Continue reading Given this secure setup, what are some effective attacks that still are possible?
My company is developing an open-source platform that would be hosted on may different servers, deployed in the cloud by many people, that run the "LAMP" stack or something similar. My goal is to ensure that in 99.9% of cases, th… Continue reading Given this secure setup, what are some effective attacks that still are possible?
I noticed DNS requests to the domain: ctldl.windowsupdate.com.
Some report it as malicious but I think it a false-positive, and it is legitimately Microsoft. It is also mentioned in https://security.stackexchange.com/a/233376/72031 in rela… Continue reading Why does ctldl.windowsupdate.com not use (valid) TLS?
Ubuntu and its flavors (Lubuntu, etc.) now have a Pro feature (free for personal use) that provide security patches for basically all common software (over 20,000 packages), for several years in long-term support releases.
I’m not sure how… Continue reading Ubuntu Pro: How does the updating process work? [migrated]
I have problems when I try to update Ubuntu 20.04 , when I run sudo apt update to update, I get this output:
sudo apt-get update Err:1 http://security.ubuntu.com/ubuntu focal-security InRelease Could not resolve ‘security.ubuntu.com’ Hit:2… Continue reading How should I solve Ubuntu 20.04 update errors? [migrated]
Many software vendors maintain old versions by providing security-only fixes. Some examples include:
Android on Google Pixel Phones.
Python.
Firefox ESR.
My understanding is that people are most actively working on the latest version of … Continue reading How much should we generally trust security-only support of a legacy version of a software and what should we look out for? [closed]
The Secure Enclave is isolated from the main processor to provide an extra layer of security and is designed to keep sensitive user data secure even when the Application Processor kernel becomes compromised.
This information is sourced A… Continue reading How do regular software updates to Apple’s secure enclave remain secure?
My company has a lot of projects and uses various vulnerability scanners (e.g. Trivy, npm audit, SAST,…) in different stages in each of them.
The Problem is now that although they run well, it’s not easy to keep the overview over each of… Continue reading How to manage a lot of vulnerability scanners from CICD Pipelines?
Windows has offered the ability to download updates from machines in the local network for some time. My gut feeling tells me this would be a great attack vector for Windows security vulnerabilites.
Have there been security vulnerabilites … Continue reading Security vulnerabilites in Windows updates from local network
I’m trying to update the Ubuntu OpenSSH version to 9.3p2, because of the CVE-2023-38408 vulnerability, but I can’t.
The recomendation is update to last version: https://ubuntu.com/security/CVE-2023-38408
I am running the following command:… Continue reading How to update Ubuntu SSH version to latest version [closed]