#authz — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #authz, aggregated by home.social.
-
🎉 Last week of Hacktoberfest! 🎉 The OpenFGA community has several issues labeled for Hacktoberfest—perfect for newcomers and veterans alike. From quick doc fixes to tackling bugs, all contributions are welcome.
Jump in, contribute, and grab some Hacktoberfest swag while there's still time! Let's wrap up October with a strong open source push. 🛠️➡️ Learn about Hacktoberfest: https://hacktoberfest.com
-
網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome
Link
📌 Summary:
微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。
🎯 Key Points:
1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。
🔖 Keywords:
#CVE-2024-21412
#Fortinet
#Water Hydra
#Lumma Stealer
#Meduza Stealer
#ACR Stealer
#PowerShell
#HTA指令碼
#Edge主程式圖示
#LNK檔案
#forfiles
#mshta
#Imghippo
#GdipBitmapGetPixel
#HijackLoader
#Steam社群網站
#Dead Drop Resolver
#Docker
#AuthZ
#OpenAI
#GPT-4o mini
#Meta Llama 3 -
Excuse the hashtag spam, but I'm trying to find my tribe.
I'm interested in production deployments of ReBAC (relationship based access control) in "enterprise" environments.
Specifically, anyone who has worked on something similar to Google Zanzibar to authorize access into, not just "resources", but dynamic workflow/process driven APIs. Bonus if it is was in a SaaS setting, where each tenant has unique workflows.