home.social
Sign in Create account

#elevationofprivilege — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #elevationofprivilege, aggregated by home.social.

  1. Analyst207 @[email protected] ·

    Linux Flaw Exposes Users to Root Access Attacks

    A major Linux flaw, dubbed "Pack2TheRoot," has been hiding in plain sight for 12 years, allowing attackers with local access to gain root permissions and wreak havoc on your system - but a patch has finally been released to squash it. This medium-severity vulnerability, scoring 8.8 out of 10, highlights the importance of staying on top of software…

    osintsights.com/linux-flaw-exp

    #LinuxFlaw #RootAccess #Cve202641651 #Packagekit #ElevationOfPrivilege

    #linuxflaw #rootaccess #cve202641651 #packagekit #elevationofprivilege
  2. Brandon H :csharp: :verified: @[email protected] ·

    via @dotnet : .NET and .NET Framework January 2025 servicing releases updates

    ift.tt/eR6NaGf
    #DotNet #DotNetFramework #January2025 #SecurityUpdates #CVE #RemoteCodeExecution #DenialOfService #ElevationOfPrivilege #ASPNetCore #EFCore #ReleaseNotes #Softwa

    #dotnet #dotnetframework #january2025 #securityupdates #cve #remotecodeexecution
  3. Claudius Link @[email protected] ·

    The Canadian Centre for Cyber Security has an interesting article on #CybeSecurity #ThreatActors (adversaries) and their motivation.

    cyber.gc.ca/en/guidance/introd

    The article IMHO leaves out at some threat actors (which might not be that relevant for a commercial or critical infrastructure setting)

    • Abusive Partners
    • Stalkers
    • Kids

    while these could be seen as part of insider threats, I believe that their capabilities and opportunities are different from other insiders.
    And they are often overlooked when developing consumer products.
    Think of the problems with #AirTags or the bike theft "problem" with Strava.

    I really like this and are thinking of creating a game around it to raise security awareness (especially within development and designe of systems). #SeriousGames

    Idea is to have a collaborative game where you play through threats against your system. Starting with the Threat Actors, their intend, capabilities and opportunities.
    Going through techniques used (maybe using a subset of #MitreAttack but also common #SocialEngineering techniques).
    And then choosing mitigation and defense options.

    A bit of a mixture between #ElevationOfPrivilege/#EoP, #BackdoorsAndBreaches and #FearlessJourney

    #cybesecurity #threatactors #airtags #mitreattack #socialengineering #elevationofprivilege