Niclas

@[email protected]
9 Followers
16 Following
46 Posts
#sysadmin #devops #devsecops #cybersecurity #honeypot #privacy #homelab #firewall #monitoring #selfhosting #logs #metrics
GitLabhttps://gitlab.com/niclasheinz
GitHubhttps://github.com/niclasheinz
Websitehttps://nheinz.dev
Niclas6h ago
Dan Goodin8h ago

Wow, TeamPCP is hacking open-source developers faster than we can report on them. The latest (that I'm aware of, anyway) is LiteLLM. They worked with Trivy but didn't bother to change their credentials after Trivy was hacked, despite an ample amount of advice to do so.

Folks, if any of you used LiteLLM, now is the time to change your credentials, in an atomic way. Now, as in immediately.

https://news.ycombinator.com/item?id=47501729

LiteLLM Python package compromised by supply-chain attack | Hacker News

Niclas1d ago

The most interesting supply chain attack I've ever seen: #trivy

The attack is really bizarre. I learned a lot about GitHub Actions and how the attack was performed.

- https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/
- https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation
- https://ramimac.me/trivy-teampcp/#timeline
- https://snyk.io/articles/trivy-github-actions-supply-chain-compromise/

#cybersecurity #supplychain #github #glassworm #githubactions #attack #TeamPCP #c2

Update: Ongoing Investigation and Additional Activity

Open Source Security Advisory Update: Monday, March 23, 2026 Boston, MA 2:00 AM ET  We are providing this update to share new developments identified during our ongoing investigation into the Trivy open source incident described below.  Over the weekend, the Trivy team continued analysis of the previously reported incident and started implementing additional security measures across repositories and automation …

Aqua
NiclasFeb 3

Please give me a reason, why #ec2 on #aws has less than 5GB tmp and 0 SWAP space? Sooner or later, you'll run into problems😞 .

#sysadmin #linux #cloud

Show threadNiclasJan 28
@appsinet Interesting. Are your playbooks also located in a subfolder and not in the `inventory`folder? Because for me, those vars are not loaded when executing the playbook with `ansible-playbook -i inventory/inventory.yml playbooks/infra.yml`
NiclasJan 28

With this structure, the variables in “host_vars” and “group_vars” are not loaded. This is because the inventory file is not in the root directory. Is there a way to have the inventory file in an inventory folder?

#ansible #sysadmin #devops #gitops #automation

NiclasJan 27
noyb.euJan 27

🎉 First WIN of 2026: the Austrian DPA has ordered Microsoft to stop tracking school children

https://noyb.eu/en/noyb-win-microsoft-ordered-stop-tracking-school-children

noyb win: Microsoft ordered to stop tracking school children

The DSB decided that Microsoft unlawfully placed tracking cookies on the devices of a pupil

noyb.eu
NiclasJan 23
evacideJan 23

Do not store your Bitlocker encryption keys on Microsoft's servers if your threat model includes governments or law enforcement. As this article points out, this is the result of a design choice Microsoft made. It didn't have to be this way.

https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.

Forbes
NiclasJan 16
Brian ClarkJan 16

RE: https://infosec.exchange/@netresec/115905237000922504

Here’s a good example on why you should have network egress filtering on your network. Nobody uses the finger protocol any more. But the binary still exists in Windows! And if you don’t block outbound port 79/tcp your users are at risk #cybersecurity #LOLBIN

Show threadNiclasJan 6
@willglynn 😭
Then I need to find a better solution, Thx again.
Show threadNiclasJan 6
@willglynn Ah, good, okay, I need to take a closer look at VictoriaMetrics. Thank you.
As far as I know, VictoriaMetrics is compatible with Prometheus. What I'm going to try is to import the metrics using VictoriaMetrics and then copy them to Prometheus's data directory so that the metrics are in the Prometheus database.
I don't want to switch to another tool at the moment, as I still have a few other things to work on first.