| Website | Schmiedecker.net |
O_O Synology's middleware service was inadvertently exposing a master credential during every setup process, and this credential belonged to Synology's global app registration, giving attackers broad read-only access to organizational data including Teams messages, group information, and Microsoft 365 content.
https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/
HAPPY INTERNATIONAL CAPSLOCK DAY
AND PLEASE NOTE THAT OUR TICKET PRICE GOES UP IN TWO DAYS
-> HTTPS://TICKETS.WHY2025.ORG YIPPIEKAYJEEE
After the meme coin and the Escobar-style smartphone, all we need now is a #Trump branded VPN to complete the collector’s set of absurdity! 😅
Aus der unbeliebten Serie "Wo der Trog ist, da kommen die Säue", heute der österr. Innenminister Karner (ÖVP) und der Bundestrojaner aka "Messenger-Überwachung":
18. Juni: »Man mache das nicht aus Jux und Völlerei … enges rechtliches Korsett … auf Augenhöhe gegen Terroristen und Attentäter kämpfen«
https://orf.at/stories/3397106/
26. Juni: »Karner befürwortet Ausweitung der Messenger-Überwachung auf Strafverfahren«
https://www.ots.at/presseaussendung/OTS_20250626_OTS0222/karner-befuerwortet-ausweitung-der-messenger-ueberwachung-auf-Strafverfahren
Die Bundesregierung hat sich beim Ministerrat am Mittwoch auf die Überwachung von Messengerdiensten bei konkreter Gefährdung geeinigt. Man setze „einen Meilenstein in der Terrorabwehr“, sagte Innenminister Gerhard Karner (ÖVP) in einer Pressekonferenz. Zumal es sich um einen Grundrechtseingriff handelt, bestehe ein „enges rechtliches Korsett“, so Karner. Vor dem Sommer soll das Paket dem Parlament vorgelegt werden, in Kraft treten soll es 2027. Kritik kommt von der Opposition und von Datenschützern.
If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You really could steer, accelerate and brake using the car, ‘driving’ the on screen kart!
🚨 We're still in need of more #snowflake extensions to help keep Iranians connected during this critical time.
If you're able, please consider running a Tor Snowflake proxy. This simple and safe action can make a significant difference in ensuring Iranians stay online. #KeepItOn
To get started, visit: https://snowflake.torproject.org
Help request. My brother has Stage 4 colorectal cancer.
His life insurance has refused to pay out on a technicality, meaning he and his loved ones cannot afford the mortgage on their home.
I've never asked for anything in return for infosec stuff, but if you have anything spare, please chuck it this direction instead:
Critical Meshtastic Vulnerability:
CVE-2025-52464: Meshtastic 2.5.0–2.6.10 shipped cloned or low-entropy X25519 keys via vendor pre-flash + weak RNG.
Collisions let attackers decrypt LoRa direct-msgs, replay/forge admin RPCs, hijack nodes; no forward secrecy, so old captures stay cleartext.
Firmware 2.6.11 defers key-gen, hardens entropy, flags compromised pairs.
Meshtastic developers released firmware version 2.6.11 with critical fixes: Key generation delay: Keys are now generated when users first set their LoRa region, preventing vendor-side duplication. Entropy improvements: Added multiple randomness sources to strengthen cryptographic initialization. Compromised key detection: Devices now warn users if known vulnerable keys are detected. An upcoming version (2.6.12) will automatically wipe compromised keys. For immediate protection, users should: Update devices to firmware 2.6.11 or later. Perform a factory reset using Meshtastic’s CLI: meshtastic –factory-reset-device. Manually generate high-entropy keys via OpenSSL for critical deployments.
boB Rudis 🇺🇦 🇬🇱 🇨🇦
why2025camp
BSidesVienna.at
Andrea Draghetti 🎣
leyrer
Maarten Aertsen
Renaud Bidou
The Tor Project
Kevin Beaumont
dragosr
BeyondMachines 