Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure.
GitHub - cve-search/vulnerability-lookup: Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).
https://github.com/cve-search/vulnerability-lookup/
Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure ...
Cloudflare's recent blog regarding polyfill shows that Cloudflare never authorized Polyfill to use their name in their product
Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet
https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet
polyfill.io, a popular JavaScript library service, can no longer be trusted and should be removed from websites
PayPal Is Planning an Ad Business Using Data on Its Millions of Shoppers
wsj.com
https://www.wsj.com/articles/paypal-is-planning-an-ad-business-using-data-on-its-millions-of-shoppers-cc5e0625?mod=business_lead_pos4
Looking for a "dumb" IP camera
Not sure if there’s a better community to ask this, but I’m trying to find a good quality non-cloud-based IP camera that I can feed into a standardized video recording software over a network. Ideally, it would be Wi-Fi capable as well.
Everywhere I’ve looked, they all reach out to a third-party and go through an app or are through junction box and are analog-based.
Does anyone know if an option like this exists?
Angeblicher Tesla-Hack mit Flipper Zero entpuppt sich als Sturm im Wasserglas
Angeblicher Tesla-Hack mit Flipper Zero entpuppt sich als Sturm im Wasserglas
https://heise.de/-9650018
Mittels eines gefälschten Gast-WLANs im Tesla-Design könnten Angreifer an Superchargern oder in Service-Centern Zugänge abgreifen, warnen die Experten.
JetBrains TeamCity under attack by ransomware thugs after disclosure mess
JetBrains TeamCity under attack by ransomware thugs
https://www.theregister.com/2024/03/07/teamcity_exploits_lead_to_ransomware/
More than 1,000 servers remain unpatched and vulnerable
Was there a recent hack/leak affecting Spotify?
So, yeah. Other than stated, Spotify does not provide 2FA (shame on them!), so I use a strong password and since years nothing happened.
This early morning I got multiple mails that my account was logged in from Brazil, from the USA, from India, and some other countries. There were songs liked and playlists created so it wasn’t a malicious e-mail but some people actually were able to log on to my Spotify account.
I of course changed the password and logged out all accounts and checked allowed apps, etc. and everything looks fine.
But I wonder … was there something that happened recently? The common sites to check such things do not list my old Spotify password, and a quick web research does not bring anything up.
Any clue what could have happened here?
email TLS question
Infomaniak claims to use TLS, but
The first link in the TLS chain is executed via a purely internal network by the webmail and Smtp servers and is not available in TLS for performance reasons.
is this normal, acceptable, irrelevant, standard, a red flag?
they are the biggest hosting provider of Switzerland, so I somehow have a hard time believing, they lack resources to implement TLS right.
An alternative approach to incident reporting
archive.ph
http://archive.today/1W8V9
The Most Significant AI-related Risks in 2024
The Most Significant AI-related Risks in 2024
https://blog.held.codes/the-most-significant-ai-related-risks-in-2024-f3f672c46980
AI changes the threat landscape, by a lot. Let’s see what that means for us and our society in 2024.