| Verified | https://twittodon.com/share.php?t=ill_Matte&[email protected] |
Mat the Wolverine 
- 16 Followers
- 142 Following
- 81 Posts
No One in my Family Knows Exactly What I Do for a Living
Microsoft warns of high-severity flaw in hybrid Exchange deployments https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-high-severity-flaw-in-hybrid-exchange-deployments/
Microsoft warns of high-severity flaw in hybrid Exchange deployments
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces.
Register Yubikeys on behalf of your users with YubiEnroll
In an earlier post, I showed several ways to (bulk) provision Yubikeys (or keys from other vendors) in Microsoft Entra using the provisioning APIs. In this post, we look at another gem from Yubico, YubiEnroll. This (CLI) tool is designed to delegate enrollment of Yubikeys to administrators or helpdesk staff. The good part is that… Read More »Register Yubikeys on behalf of your users with YubiEnroll
Securing Microsoft Fabric: User Authentication & Authorization Guidelines
https://techcommunity.microsoft.com/t5/fasttrack-for-azure/securing-microsoft-fabric-user-authentication-amp-authorization/ba-p/4210273
https://techcommunity.microsoft.com/t5/fasttrack-for-azure/securing-microsoft-fabric-user-authentication-amp-authorization/ba-p/4210273
Global Secure Access for the SMB, Part 2: Private Access https://www.itpromentor.com/gsa-private-access/
Cisco Provides List of Their Products Containing RegreSSHion Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024?is=6cb856f6e62498f0bc37df0ee11cbe43d236a16958e9de0147391d731fec43be
Cisco Security Advisory: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). For a description of this vulnerability, see the Qualys Security Advisory. This advisory will be updated as additional information becomes available. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
JeffreyTeamviewer updated their statement, confirming the breach by APT29 on their corporate (not their production) environment. https://cyberplace.social/@GossiTheDog/112694088483175266
Kevin Beaumont (@[email protected])
Attached: 1 image Update confirming Russia: https://www.teamviewer.com/en/resources/trust-center/statement/
Günter BornVMware product portfolio - Lenovo has stopped selling licenses
VMware product portfolio: Licensing internals; and Lenovo has been out since Feb. 27, 2024
[German]Broadcom has bought VMware and cleaned up the product portfolio and changed the licensing of various products. I have documents with internal licensing guidelines that show the effects of these changes. It has also become known that, after Dell, Lenovo is also withdrawing from the sale of VMware licenses for the time being (until the...
Cat 🐈🥗 (D.Burch) 
Google announced that starting in June 2024, ad blockers such as uBlock Origin #uBO will be disabled in Chrome 127 and later with the rollout of Manifest V3 (#Mv3).
The new #Chrome manifest will prevent using custom filters and stops on demand updates of blocklist. Only #Google authorized updates to browser extension will be allowed in the future, which mean an automatic win for Google in their battle to stop YouTube #AdBlockers .
#ManifestV3 is deceitful and threatening to your privacy, and now is a good time to switch to #Firefox (@mozilla) and/or #TorBrowser (@torproject) if you haven't done so already!
EFF (@eff) on Google’s Manifest V3:
⚠️https://www.eff.org/deeplinks/2021/12/chrome-users-beware-manifest-v3-deceitful-and-threatening
⚠️https://www.eff.org/deeplinks/2021/12/googles-manifest-v3-still-hurts-privacy-security-innovation
Chrome Manifest V3 Transition Timeline (2023-11-16)
🚩https://developer.chrome.com/blog/resuming-the-transition-to-mv3/
EDIT for clarification: MV3 in Chrome will still allow some ad blocking extensions, but will severely limit their blocking ability and even restricts pre-set filters to 50 MAX.
Chrome Users Beware: Manifest V3 is Deceitful and Threatening
Like FLoC and Privacy Sandbox before it, Google Chrome’s Manifest V3 is another example of the inherent conflict of interest that comes from Google controlling both the dominant web browser and one of the largest internet advertising networks.