sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Server stats:

605
active users

#cve

4 posts4 participants0 posts today

Na toll, wie soll ich mein gutes altes #Brother-#Multifunktionsgerät nun aktualisieren? Eine neue Firmware gibt es schon viele Jahre nicht mehr.

Das Ding läuft seit >10 Jahren problemlos, nachdem ich davor mit HP etc. eine lange Oddyssey mit Probleme hinter mir hatte.

Na dann eben wieder #Elektronikschrott produzieren... Danke für nichts, Bro.

#InfoSec #CVE #Printer

heise.de/news/Sicherheitslueck

heise online · Sicherheitslücken in fast 750 Multifunktionsdruckern verschiedener HerstellerBy Frank Schräer

I'm removing the Availability part of the security triad.
Uptime is simply not as important as integrity or confidentiality.
DOS does not deserve to be considered a Major Cyber Risk, it should never receive a CVE above 2.
By the existing logic, GET requests remain the single-most critical widely used DDOS exploit that has prevailed for 50 years with regular news headline coverage.

If availability is important to you, then setup a HA cluster and monitor it closely. Or better yet, setup some open-source contribution department, or a development fund and fix these issues yourself.

Too many critical security alerts are clogged up by theoretical DOS methods that already require someone to be in the network.

It simply doesn't deserve to be the same.
#security #oss #cve

An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the "TheMoon" worm.

#vulnerability #cybersecurity #cve #linksys

🔗 vulnerability.circl.lu/vuln/cv

vulnerability.circl.lucvelistv5 - cve-2025-34037Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

Dear @Gargron — Can we take another, fresh look at github.com/mastodon/mastodon/i ? Hashtags should ultimately support full UTF8, IMHO, but adding at the very least the dash would be very helpful. It's not just band or artist names. CVEs are a better example. It would be really helpful when I can use #CVE-2025-6019 instead of #CVE20256019 or #CVE_2025_6019 as I am forced to do now. I guess hashtags are not in scope of the ActivityPub protocol, @evan ?