So what are you saying? Had Iraq refused help from US fighting Iran, they wouldn’t have attacked Saddam later? I mean probably because Iran would’ve finished him off but I fail to see the point you are trying to make.

it may not be a big deal for an average person but for a journalist or a political figure, it can cause big problems

pegasus

Yes thanks for correction

https://en.wikipedia.org/wiki/Pegasus_(spyware)

These things you are experiancing are not normal. A spyware may have got to your phone somehow and if you dont know how did that happen it will likely happen again with your new android phone. What I would do if I was in your place is taking the phone to apple and ask if they coukd scan it for me.

are you someone politically important? Someone in comments mentioned israeli spyware called pigasaus and it can target both iphone and android

Good article but not really cybersecurity related

Redlib

Thanks will be very handy when I get reddit llink in search result and can not open it

I get it on reddit :/

There is milk in supermarkets enriched with Vitamin D. Good news for all vampires out their nd for their potential future victims

TLDR; main attack vector is misconfigured rabbitmq. Malware target mainly servers. Easiest way for detection is noticing unsually high cpu usage that stops when u ssh to the server

here is more detailed article https://web.archive.org/web/20241006122240/https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/

How is that legal? Could u buy a dishwasher then 3 months later it starts asking for a small fee per wash?

I know these things happen but usually you are informed in advance and bought the product at a big discount

“To abuse Visual Studio Code for malicious purposes, an attacker can use the portable version of code.exe (the executable file for Visual Studio Code), or an already installed version of the software,” Fakterman noted. “By running the command code.exe tunnel, an attacker receives a link that requires them to log into GitHub with their own account.” Visual Studio Code

Once this step is complete, the attacker is redirected to a Visual Studio Code web environment that’s connected to the infected machine, allowing them to run commands or create new files.

TLDR; the attack is very sophisticated, require hardware access and specialized tools. On the other hand its not possible to patch the vulnerability

Detectportal I think is for knowing if your internet connection requires some sort of login. Like is that case in some hotels and airports

First mentioned by linus techtip.

i had fun arguing with chatgpt about this

Now we know what dark matter is

First thanks for the official link from postgresql

race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser

This is serious.

Suppose I - the attacker - create a table somewhere in your DB then I will create a function that drops all tables in the whole database. Now if I try to execute that function, it would fail because I don’t have permission to do so. So what do I do? I know a script runs as postgres superuser to do full DB backup daily. I use this vulnerability to trick the script into executing my function. Now my function is running in superuser mode.

Microsoft found OpenVPN bugs that mostly affect windows

there is SELinux which give more fine tuned permissions for each app but it was too complicated for me

They could at least allow for setting paaword. Then your keys are encrypted with that password

See, this kind of attitude is what will cause AI uprising