This clearly demonstrates the meaning of real ownership of our accounts and the difference bewteen #Nostr and #Mastodon. Do you have a private key for your account? Are you the only one who owns the key? Then the account is yours. Otherwise it can belongs to someone else - this is the case of Mastodon and other social media accounts. If you have only the username/password, then the service provider is the person who can publish content on behalf of you, or do whatever they want with your account. They are also responsible for protecting your identity. But do they their best for protecting you? Can you trust them? Similarities with custodial and non-custodial #wallets are not accidental. #privacy #socialmedia #ownership #crypto #keys View quoted note →

Critical #vulnerability in #Mastodon. Attackers can impersonate and take over any remote account. Users cannot do anything, this issue mast be solved by admins of Mastodon instances. And they should update their instances as soon as possible, on 2024-02-15 more details about vulnerability will be published. However, this announcement means that attackers will focus their research to origin validation in Mastodon. So, we can expect exploitation attempts soon. And in two weeks, provided with details from updated announcement, it will be very easy to come up with an exploit, as announcement said.

GitHub

Remote user impersonation and takeover

### Summary Due to a gap in validation of federated content in the affected Mastodon versions, attackers can craft payloads that impersonate rem...

Any.Run now supports #Ubuntu operating system for behavioral analysis of #Linux samples. #AnyRun is very useful #malware analysis #sandbox, you can interact with the virtual machine through your browser. It provides good visibility of processes, file and network events. Sandbox utilizes various signatures and rules for detection of suspicious activity. It can extract configs of several malware families. Thanks to built-in #ChatGPT support it produces human-readable malware analysis report of windows samples suitable for less experienced analysts.

Linux is now Available in ANY.RUN

ANY.RUN added Linux support! Now, malware analysts, SOC and DFIR team members can analyze Linux-based samples in the sandbox.

Hello #nostr. Time to short #introduction of myself. I am a #cybersecurity analyst with a passion for #malwareanalysis, #dfir, #threathunting, #threatintel and other #blueteam stuff. From time to time I would like to share some ideas, thoughts, tips&tricks and participate in discussions.