Zum Inhalt der Seite gehen

Suche

Beiträge, die mit tech getaggt sind


5 Vulnerabilities found in Ubuntu's Needrestart.

That could allow a local attacker to gain root privileges without requiring user interaction. Needrestart is a utility that scans a system to determine the services that need to be restarted after applying shared library updates.

https://blog.qualys.com/vulnerabilities-threat-research/2024/11/19/qualys-tru-uncovers-five-local-privilege-escalation-vulnerabilities-in-needrestart

#linux #ubuntu #it #security #privacy #engineer #tech #media #news
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package.

The vulnerabilities are believed to have existed since the introduction of interpreter support in needrestart 0.8, which was released on April 27, 2014.

"These needrestart exploits allow Local Privilege Escalation (LPE) which means that a local attacker is able to gain root privileges," Ubuntu said in an advisory, noting they have been addressed in version 3.8.

<https://ubuntu.com/blog/needrestart-local-privilege-escalation>

The 5 flaws are listed below:

• CVE-2024-48990 [CVSS score: 7.8] - A vulnerability that allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
• CVE-2024-48991 [CVSS score: 7.8] - A vulnerability that allows local attackers to execute arbitrary code as root by winning a race condition & tricking needrestart into running their own, fake Python interpreter.
• CVE-2024-48992 [CVSS score: 7.8] - A vulnerability that allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
• CVE-2024-11003 [CVSS score: 7.8] and CVE-2024-10224 [CVSS score: 5.3] - Two vulnerabilities that allows a local attacker to execute arbitrary shell commands as root by taking advantage of an issue in the libmodule-scandeps-perl package. (before version 1.36)


that was quick!
--
Bluesky is working on a subscription, but it won’t give you a blue check
https://www.theverge.com/2024/10/24/24278666/bluesky-working-on-premium-subscription
#bsky #media #tech


💡 A Minecraft Movie: tra entusiasmo e scetticismo

https://gomoot.com/a-minecraft-movie-tra-entusiasmo-e-scetticismo

#blog #film #jackblack #minecraft #movie #news #picks #teaser #tech #tecnologia #trailer #warnerbros


Our mission is to bring you the best journalism out there, and of course that includes newsletters. This week, we’re pleased to add five great newsletters about media and tech to Flipboard, from esteemed reporters like @om, @harrymccracken, @oliverdarcy, @thekenyeung and @mathewi. Read more about them in our blogpost, and tell us in the comments if there's another newsletter you'd love to see on Flipboard.

https://about.flipboard.com/inside-flipboard/tech-and-media-newsletters-on-flipboard/

#Flipboard #Newsletter #Tech #Media #Journalism #IndependentJournalist #NewsInfluencers


T-Mobile US monitoring China's 'Industry-wide Attack' amid fresh Security Breach Fears.

T-Mobile has joined a list of major organizations like AT&T, Verizon & Lumen Technologies that have been singled out as part of what appears to be a full-blown Chinese threat actors cyber espionage campaign.

https://www.wsj.com/politics/national-security/t-mobile-hacked-in-massive-chinese-breach-of-telecom-networks-4b2d7f92

#us #telecom #companies #breach #it #security #privacy #engineer #media #tech #news
U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information.

The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It's not clear what information was taken, if any, during the malicious activity.

"T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," a spokesperson for the company was quoted as saying to The Wall Street Journal. "We will continue to monitor this closely, working with industry peers and the relevant authorities."
The FBI and CISA noted that the cyber-attacks the telecoms providers resulted in the "theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders."

Previous reports suggested that the Chinese snoops, after breaking into the telco’s networks, accessed the wiretapping backdoor-like systems used for court-ordered surveillance and targeted phones belonging to people affiliated with US Democratic presidential candidate Kamala Harris, as well as Republican president-elect Donald Trump and VP-elect JD Vance.

<https://www.fbi.gov/news/press-releases/joint-statement-from-fbi-and-cisa-on-the-peoples-republic-of-china-targeting-of-commercial-telecommunications-infrastructure>


"Open social media offers a chance to escape the cycle of good product turns bad product and wiping the slate clean to start again. Instead, open social media offers the chance to build in a space where you can easily hop-skip-jump to the next best platform without losing your community."

Check out what @saskia had to say about Bluesky continuing to grow.

https://forbetter.ghost.io/even-more-bluesky-growth/

#Fediverse #Mastodon #SocialMedia #Bluesky #X #OpenSocial #SocialWeb #Tech


Is there a way to stop the companies, mostly gardening/farming supply stores, from sending me emails to "remind me" of what I've looked at, in my periodic window shopping & list making????

As I'd prefer not to fully cut off & never buy anything from all these places, but this pushy sales tactic definitely makes that a temptation, because if I had similar in person, I'd definitely never buy anything at said retailer?

#Tech #Gardening #Sales


I feel like it'd be fun to have/collect some version of an old 80s computer maybe a PET from the 'banana monkey allergy' song by Oh My Girl...
That could be cool. I might not be able to afford an authentic one from the 80s but I could see about putting together one like it from a kit of someone has gone about making something like this already or if I really have to I could design one as a project...

#tech #vibes #80s #blog


The Newest Tech and Media Newsletters on Flipboard


Inhaltswarnung: Newsletters from independent creators and journalists have been on the rise for some time now, and recently there have been some fantastic new ones that cover technology and media. Since these two topics are very popular on Flipboard, we wanted to be sure


When it comes to #tech press, one thing bothers me above all else; high-end reportage that ignores the bulk of users. The vast majority of people getting a #Mac probably don’t even know what a virtual machine is, much less need one. Despite this, nerd journos almost exclusively focus on the much smaller professional slice of the market. #Apple #Journalism https://www.macworld.com/article/2524164/the-m4-macs-have-one-flaw-that-may-make-you-reconsider-buying-one.html

In short, if you want to buy a new computer and use it like an average person, go ahead and get an M4 Mac Mini base model. Grab yourself a Samsung T7 external SSD in 1 or 2TB capacity, and rest easy that your $700+ will last you for years to come. The M4 is a little terror that sips power. Your email, messaging, social media, and streaming sessions will be just fine.


BASIC Co-Inventor Thomas E. Kurtz has Passed Away.

It’s with sadness that we note the passing of Thomas Eugene Kurtz, on November 12th. He was co-inventor of the BASIC programming language back in the 1960s. The legacy of his work lives on in the generation of technologists.

>10 PRINT "Rest in Peace"
>20 GOTO 10

https://computerhistory.org/blog/in-memoriam-thomas-e-kurtz-1928-2024/

#memoriam #ThomasKurtz #rip #basic #programming #language #tech #science #history #it #engineer #media #news
The origins of BASIC lie in the Dartmouth Timesharing System, like similar timesharing operating systems of the day, designed to allow the resources of a single computer to be shared across many terminals. In this case the computer was at Dartmouth College, and BASIC was designed to be a language with which software could be written by average students who perhaps didn’t have a computing background. In the decade that followed it proved ideal for the new microcomputers, and few were the home computers of the era which didn’t boot into some form of BASIC interpreter. Kurtz continued his work as a distinguished academic and educator until his retirement in 1993, but throughout he remained as the guiding hand of the language.
[ImageSource: Computerhistory.org]

“Thomas Eugene Kurtz (Feb. 22 1928–Nov. 12, 2024) was an American mathematician, computer scientist and co-inventor, with John Kemeny, of the BASIC programming language and Dartmouth Timesharing System.”


“#AnthonyAlbanese and his communications minister, #MichelleRowland, did not rule out the potential for #socialmedia users to have their faces subject to #biometric #scanning, for #online platforms to verify users’ ages using a government #database, or for all social media users – ‘regardless of age’ – being subject to age checks, only saying it would be up to #tech companies to set their own processes.”

I remind myself, Australian governments can’t computer.

#labor / #AusTech / #surveillance <https://theguardian.com/australia-news/2024/nov/07/australian-government-to-legislate-social-media-age-limit-of-16-but-cant-say-how-platforms-will-enforce-it>


The newest Device to run Doom: Nintendo's Alarm Clock [Alarmo].

A hardware hacker [GaryOberNichts] has successfully modified Nintendo's $100 Alarmo device to run the classic video game Doom. This marking another milestone in the gaming community's tradition of porting the 1993 shooter to unconventional devices.

https://github.com/GaryOderNichts/alarmo_doom

#doom #nintendo #alarmo #port #hack #it #engineer #programming #retro #gaming #art #media #tech #artist #news
Doom, the iconic first person shooter, is often used to showcase how the open source game can run on almost any device you can think of.

The hack came after researchers discovered vulnerabilities in the Alarmo's STM32H7 microcontroller, enabling custom firmware installation through its USB-C port.
YouTuber GaryOderNichts demonstrated the 2.8-inch circular alarm clock running Chocolate Doom natively, using the device's wheel for movement and side buttons for weapons. The hack requires no hardware modifications and works on the current 2.0 software version.

Gary said it’s “possible to load the shareware version of Doom entirely from USB, without modifying the Alarmo.” And they’ve put the software and instructions for running it on Github, so almost any sufficiently knowledgeable and determined Alarmo owner can do it, too. Best of all, it can be done without opening the clock up at all.

<https://youtu.be/5IOVYvSMAoU>
While everyone was waiting on news for the successor of the Nintendo Switch, Nintendo released the Alarmo. A small plastic alarm clock that can wake one up with sounds from ones favorite Nintendo games.

The Alarmo has a small 2.8-inch LCD at the front, a back and notification button on top and a dial on top which can be turned and pressed to act as a confirm button. The dial also includes an RGB LED. What makes it different from other alarm clocks? It has 2.4 GHz Wi-Fi to download software updates and additional themes, and it comes with a 24GHz mmWave presence sensor to react to your movements.

<Inside there is an STM32H730ZBI6 MCU and a KIOXIA 4GB eMMC.>


“We kept dismissing Musk, the ne plus ultra of this trend, as a kook or a one-off. He wasn’t. He was emblematic of a bigger realignment in tech. And unless you were looking at the trend as closely as I was, it was easy to be fooled by the hard-to-grasp and obscure labels these people attached to themselves and their interests.”

https://www.theinformation.com/articles/how-the-media-missed-the-rise-of-the-new-tech-right

#tech #media #elonmusk


Microsoft fixes 91 Vulnerabilities & 4 Zero-Days.

Microsoft’s November Patch Update fixes 91 Windows security vulnerabilities, including 4 zero-days. The critical fixes address actively exploited flaws in Windows. It is strongly recommended that users apply these updates as soon as possible to mitigate possible security risks. Updates can be installed via Windows Update.

https://msrc.microsoft.com/update-guide/

#microsoft #windows #update #it #security #privacy #engineer #media #tech #news
It is worth noting that, four vulnerabilities are rated as critical, including two remote code executions and two elevations of privilege flaws.

The two actively exploited zero-day vulnerabilities are:

• CVE-2024-43451: An NTLM Hash Disclosure Spoofing Vulnerability that exposes NTLMv2 hashes to remote attackers with minimal user interaction, such as selecting or right-clicking a malicious file.
• CVE-2024-49039: A Windows Task Scheduler Elevation of Privilege Vulnerability allowing attackers to execute RPC functions typically restricted to privileged accounts, potentially leading to unauthorized code execution or resource access.

Additionally, two publicly disclosed but not actively exploited vulnerabilities were addressed:

• CVE-2024-49040: A Microsoft Exchange Server Spoofing Vulnerability enabling threat actors to spoof sender email addresses to local recipients.
• CVE-2024-49041: A Windows MSHTML Platform Spoofing Vulnerability that could be leveraged to deceive users into interacting with malicious content.

The 91 vulnerabilities fixed in this update are categorized as follows:

• 3 Spoofing vulnerabilities
• 4 Denial of Service vulnerabilities
• 1 Information Disclosure vulnerability
• 26 Elevation of Privilege vulnerabilities
• 2 Security Feature Bypass vulnerabilities
• 52 Remote Code Execution vulnerabilities.


Earlier this year, we reported on how a former employee said #Microsoft dismissed his warnings about a critical flaw because it feared losing #government business. #Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

#Tech #News #Cybersecurity #Hacking #Data #Technology


Legal and contracting experts say the administration’s deals with #Microsoft never should have come to pass, as they sidestep or even possibly violate federal procurement and #antitrust laws.

#News #Technology #Government #Biden #Tech

https://propub.li/4evDWGW


"Biden Asked Microsoft to 'Raise the Bar on Cybersecurity.' He May Have Helped Create an Illegal Monopoly."

https://www.propublica.org/article/microsoft-white-house-offer-cybersecurity-biden-nadella

"When the White House welcomed Microsoft’s offer of $150 million in tech services, it helped the world’s largest software provider tighten its grip on federal business and freeze out competitors."

#Microsoft #tech #Biden #press


Mozilla's Firefox Browser turns 20. :firefox:

Exactly 20 years ago, Mozilla started shipping version 1.0 of its Firefox browser. Mozilla celebrated its 20th anniversary of Firefox with new and upcoming features like tab previews, marking up PDFs, tab grouping and Mozilla's exploration of AI, via mozilla.ai, gets more cautious support.

https://www.mozilla.org/en-US/firefox/132.0/whatsnew/

#mozilla #firefox #20th #anniversary #web #it #engineer #media #tech #news
Mozilla is also thinking about how AI will change how people browse the web. There, the organization is mostly looking at giving people choice. It’s starting to build some smaller models into the browser already, mostly around translation, but with Firefox 130, it also introduced a model that automatically adds alt text for PDF images, for example. For all of this work with AI models, Mozilla plans to follow the Open Source Initiative’s guidance for what constitutes an open source model.

<https://blog.mozilla.org/en/mozilla/ai/help-us-improve-our-alt-text-generation-model/>
The movement (advocacy for choice, privacy and transparency) continues. But web browsers and the battle for browser market share no longer lead that movement, according to a former Mozilla executive.

"Firefox turns 20 today!" said CEO Laura Chambers in a social media post. "It’s so inspiring to think of all we’ve achieved together to keep the internet open and people-first. Firefox has always been more than just a browser – it’s a movement powered by those who believe in choice, privacy and transparency. Thank you to our community and everyone who has contributed to this impact, and helped make Firefox what it is today."

<https://www.linkedin.com/posts/chamberslaura_firefox-turns-20-today-its-so-inspiring-activity-7260782133881810945-zkp8/>


In this increasingly repressive climate, I'm surprised more activists haven't caught on to the fact that being able to have your #socialmedia server in any country you want can be a huge asset, and that the #fediverse is the only platform providing that ability.

But apparently that's the kind of galaxy-brain thinking that only I can come up with. 🙄

#mastodon #activism #infosec #opsec #tech #ActivityPub


🛠️ Ready to simplify your Linux commands? Our latest post breaks down alias and other essential commands for beginners. Discover how to customize your terminal today!

Read more: https://www.spsanderson.com/steveondata/posts/2024-11-15/

#Blog #Coding #Programming #Linux #Tech



This week, we’re spotlighting voices in tech and media in the Community tab on Flipboard.

@zackwhittaker
@oliverdarcy
@karaswisher
@joanwestenberg @_elena
@ben

Download the app and give them a follow to see posts from your favorite fediverse folks while catching up on headlines, recipes, tech news, film reviews and more.

https://about.flipboard.com/download-flipboard/

#Flipboard #Fediverse #Federation #ActivityPub #Technology #Media #Journalism #Journalist #Tech


Exceptionally this Thursday, you are reading the 37th edition of Codeminer42's technology news report, because tomorrow is a national holiday in Brazil! But the process remains the same — stay updated on the news from the world of technology and share it with your friends, including your pet.

https://blog.codeminer42.com/codeminer42-dev-weekly-37/

#blog #codeminer42 #tech #news #weekly


Hello #Bluesky 🦋 We’re always on the lookout for amazing voices in #news, #tech, #media, #science and #culture. Share your favorite Starter Packs and let’s discover some new people to follow together!


I'm teaching Media Law & Policy at AU in the Spring (PhD/MA students).

Many of my stalwart #DC class visitors are probably going to be out of a job come January. Who's interested in being a guest speaker for a class? You can talk about anything #policy / #media / #tech related...

DM me.


Software architecture plays a decisive role in the design of modern applications. Event-Driven Architecture (EDA) is a promising approach. This article highlights the advantages and functionality of EDA. You will also get a closer look at how it reacts to events in real time and why it is an attractive option for developing flexible, scalable and responsive systems.

https://atix.de/en/blog/the-future-of-software-architecture-focus-on-event-driven-architecture/

#devops #software #softwaredevelopment #eventdriven #blog #tech #technology


We're helping important organisations move away from Big Tech platforms and towards open New Social platforms - like Mastodon!

But, we can't do it alone. We'd love to hear which organisations you think should make the move and why, so we can show them that there is a community waiting here for them.

Better yet, if you have a connection to an important organisation, we'd love to be introduced!

#Fediverse #Mastodon #Help #SocialMedia #Tech #X #Twitter #Charity #Government #News #Academia
The grey and orange/red graphic shows the Newsmast Foundation logo. Copy reads: Feeling trapped? By remaining on Big Tech social platforms, many organisations force users to remain alongside them in order to stay updated. Which organisations do you wish would make the move?


Inhaltswarnung: State violence on children


#3charpter

In my past review, i had talk about mobile proxies in general. Now i want have discussion about what is main difference between proxies

As we mentioned , Proxies play a vital role in maintaining privacy, accessibility, and security on the internet in today’s digital age. The purpose of this article is to explain what is ISP Proxies and Residential Proxies: how they work, and what their primary uses are.

Bellow blog you can see third chapter of nodemavens review:
https://wordpress.com/post/tech7618.wordpress.com/70
also direct site of Nodemaven
https://nodemaven.com/
#proxy #reviews #tech #blog #techblog #viral #startup #news