How does Fedora process patches for security vulnerabilities? The short answer is that we work to stay on top of the news to implement patches, working in the community and with Red Hat for updates.

The long answer: https://fedoramagazine.org/how-fedora-is-responding-to-recent-kernel-vulnerabilities/

At the end of the day, the best thing you can do is keep your system updated. :)

#Fedora #Linux #Cybersecurity #InfoSec #OpenSource

This dumb password rule is from WeatherBug.

Maximum 16 characters.

https://dumbpasswordrules.com/sites/weatherbug/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from BDO.

Please nominate a password which contains UPPERCASE, lowercase, numbers and symbols.
Password should not be the same as the user ID.
Avoid using consecutive characters such (ex. abc, DEF, 678) and invalid characters such as [!#$%^&';"].

https://dumbpasswordrules.com/sites/bdo/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Why data minimisation matters in the age of #AI-powered cyber attacks: AI is changing the risk profile of #cybersecurity, turning data minimisation from a privacy nicety into a frontline defence. The less data you hold, the less there is for AI‑enabled attackers to exploit.

https://katecarruthers.com/data-minimisation-matters/

This is interesting: UK govt allowing Cybersecurity researchers more freedoms. Hadn't thought about this, but if you do explore a service endpoint to show some auth issue -that's possibly illegal in the Uk right now.
https://therecord.media/uk-moves-to-shield-security-researchers-cybercrime
#cybersecurity

This dumb password rule is from MyAnimeList.

Password must be between 6 - 50 characters long and contain at least two of the following: uppercase, lowercase, numbers and symbols.

https://dumbpasswordrules.com/sites/myanimelist/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Got claude code to identify the vulnerabilities, and fix them in production. Not perfectly, but its a start. Gets to the unit test and then it blows up
"Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered cyber-related safeguards."

Bit late claude, I'll get copilot to do the test instead
#cybersecurity

This dumb password rule is from Telekom/T-Systems MyWorkplace.

Telekom's MyWorkplace is a Single Sign On / login hub for their
Open Telekom Cloud which is basically an Amazon AWS clone. It's
rather new and especially for business customers. Especially
because it is for business customers, there's absolutely no reason
to limit a password to 16 characters. Eve...

https://dumbpasswordrules.com/sites/telekomt-systems-myworkplace/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from NetBank (Commonwealth Bank of Australia).

When resetting your NetBank password, the website only informs you that you can create an alphanumeric password, despite the fact that you can use special characters.
And also, it's password strength calculation is shit.
An 155 bits of entropy password is "weak."
Additionally, passwords are case-...

https://dumbpasswordrules.com/sites/netbank-commonwealth-bank-of-australia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Local file exposure #vulnerability in linux kernels:

https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn

Apparently this issue was already identified in 2020 but wasn't fixed back then.

Mitigation:
- runtime:
sudo sysctl -w kernel.yama.ptrace_scope=2
- To make the migiration persistent:
echo "kernel.yama.ptrace_scope=2" | sudo tee /etc/sysctl.d/01-harden-ptrace.conf

WARNING: This migation may break existing functionality. Test before deploying.

WARNING 2: While this mitigation does block the currently existing PoC, it may not prevent other attack vectors exploiting this vulnerability.

#infosec #cybersecurity

This dumb password rule is from Parnassus Investments.

A site responsible for protecting your investments limiting you to a
four character range with a bunch of other stupid rules? Shocking.

https://dumbpasswordrules.com/sites/parnassus-investments/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Munich Foerdermittel Portal.

You register on their funding portal and receive an email with an activation link to set a password.
The email further informs you about their password policy:
- At least 8, but no more than 20 characters
- At least one lowercase and uppercase letter
- At least two digits (1,2,3,4,5,6,7,8,9,0) or...

https://dumbpasswordrules.com/sites/munich-foerdermittel-portal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

https://depthfirst.com/nginx-rift

Anyone running nginx? Noone does that right?

#nginx #infosec #cybersecurity

This dumb password rule is from LibraryThing.

"Your password cannot be longer than 20 characters"

https://dumbpasswordrules.com/sites/librarything/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Aetna Health Insurance.

- Password cannot be longer than 20 characters
- Password cannot have spaces and more 2 characters repeated in a row
- Password cannot have user's first name, last name or username

https://dumbpasswordrules.com/sites/aetna-health-insurance/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Minnesota Unemployment Insurance.

Locked to *exactly* 6 chars, alphanumeric only, not special chars.

https://dumbpasswordrules.com/sites/minnesota-unemployment-insurance/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from BBVA.

Username is your national ID (easy to find) and your password must have up to **6** alphanumeric characters only.
For a bank account with all your money in one of the largest financial institutions in the world.

https://dumbpasswordrules.com/sites/bbva/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Here's a list of the ~160 GitHub repos the NHS have closed down due to security fears.

https://github.com/orgs/uk-gov-mirror/repositories?q=mirror%3Afalse+fork%3Afalse+archived%3Afalse+nhs

#OpenSource #CyberSecurity #Mythos

Nothing wakes you up as fast as a good information security incident.

From bed reading infosec news to the computer pressing buttons in like 60 sec.

now 3 hrs later i'll go and make a first coffee...

#infosec #cybersecurity

This dumb password rule is from Getin Bank.

The new password should contain at least 10 and a maximum of 20 characters.
The password must contain at least one upper case letter, one lower case
letter and one number. The password cannot contain non-ASCII Polish alphabet
characters, special characters `&<'"` or spaces.

https://dumbpasswordrules.com/sites/getin-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from ADP.

Forced to change the password during the first login. At least they
could use proper grammar in their rule list.

https://dumbpasswordrules.com/sites/adp/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Dnevnik.ru.

Silently (sic!) trim password to 30 symbols.

That causes the stupid case when you could successfully registrate an account with password length of 52 and can't login with the password.

https://dumbpasswordrules.com/sites/dnevnik-ru/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Taleo.net.

Oracle Taleo is one of those old-school enterprise Applicant Tracking
Systems (ATS) that half the corporate world still uses even though
everyone hates it.

https://dumbpasswordrules.com/sites/taleo-net/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Express Energy.

Retail Electricity Provider (REP) participating in ERCOT.

Minimum 6, maximum 10. Stated requirement of numbers and letters, but special characters are accepted.

https://dumbpasswordrules.com/sites/express-energy/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bank Millennium.

Passwords limited to 8 digits.

https://dumbpasswordrules.com/sites/bank-millennium/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from myezyaccess.com patient portal system.

12-character maximum password length. This is not a single website but a patient portal system used by hundreds of medical facilities via subdomains, with password policy apparently being consistent for all sites.

https://dumbpasswordrules.com/sites/myezyaccess-com-patient-portal-system/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Automated #security scanning.

What tools do you use to scan your enviroments for security issues? Why?

Not looking for virusscanners here, more for a bit more enterprisy enviroment?

Are there things i should have a look at?

What is your experience in general?

RT welcome for reach.

#infosec #cyber #cybersecurity #blueteam

Oh great, #BestWestern has been #hacked

I just got an email saying the following:

"BWH® Hotels, the parent company for WorldHotels™, Best Western® Hotels & Resorts, and Sure Hotels®, takes the privacy and security of our guests’ personal information very seriously. We are writing to let you know that on April 22, 2026, we identified unauthorized activity in one of our web applications that houses certain guest reservation data.

We have learned that certain guests’ names, email addresses, telephone numbers, and/or home addresses, along with other reservation details (e.g., reservation numbers, dates of stay, and any special requests) for reservations in our system were accessed by an unauthorized third‑party between October 14, 2025 and April 22, 2026, including yours. Importantly, payment and other financial information was not stored in the affected system and therefore was not accessed."

Edit: This seems different to the hack from back in February, even though it sounds like the "web application" was vulnerable since October 2025: https://swedenherald.com/article/data-breach-at-best-western-hotel-chain-be-vigilant

This is not their year....

#CyberSecurity #Hotels #Privacy

This dumb password rule is from Waze.

After you request a password reset and you receive an email with instructions and link to reset your password, you are presented with this password reset form. Your password length is limited between 8 and 16 characters. Additionally the form breaks with an error if you use any special characters...

https://dumbpasswordrules.com/sites/waze/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I have a daft question about #CopyFail and #DirtyFrag

I have some old Linux appliances which aren't getting updates any more (security cameras, amps, Android tablets etc).

Assuming I can log in as a normal user, does this mean I can get root on them?

I guess they need to be sufficiently modern to have these vulnerabilities - but in theory it should work, right?

#CyberSecurity

Thank you to Paweł Dawidek and the Fudo Security team for highlighting how they use FreeBSD’s isolation primitives in their security architecture.

It’s encouraging to see organizations building enterprise security solutions on top of these primitives and applying them in real-world deployments.

#FreeBSD #OpenSource #CyberSecurity #EnterpriseSecurity

This dumb password rule is from LINE.

Password must:
- be between 8 to 20 characters
- not contain characters that repeat in a row
Password must contain three of the following:
- an upper-case letter
- a lower-case letter
- a number
- a symbol

https://dumbpasswordrules.com/sites/line/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Oh good, another high-severity #Linux #security vulnerability that somebody botched the disclosure of, turning it into a high-severity zero-day.

Because #CopyFail wasn't bad enough. Now we've got #DirtyFrag too.

Can #cybersecurity people please stop botching vulnerability disclosure? Thanks.

https://github.com/V4bel/dirtyfrag/blob/master/README.md

#security

Looks like Instructure got pwned by ShunyHunters. I went to the onion address and it's legit. They've got until May 12, 2026 to pay the ransom or the data gets leaked.

Shown is the screen when logging into Canvas for students to do their homework.

#security #cybersecurity

Alt...

Screenshot from a hacked Canvas page showing the ransom message from ShinyHunters

REVEALED: Serious and widespread cyber security issues with Europol’s Computer Forensic Network with many users having admin rights.

"These findings might indicate that there are insufficient safeguards to prevent unauthorised personnel from accessing and modifying data” as well as malicious actors.

🗣️ @jim, ORG Exec Director.

Find out more ⬇️

https://www.computerweekly.com/news/366642525/They-protect-the-law-while-breaking-it-Inside-Europols-shadow-IT-system

#europol #dataprotection #data #cybersecurity

This dumb password rule is from Dutch Tax Authorities (Belastingdienst).

At least 8 and at most 25 characters, of which at least 3 of the characters were not used in the previous password.
No more than 3 of the same characters.
At least 1 upper case and 4 lower case characters.
No more than 3 special characters.

It's not like hashing passwords is a thing or something.

https://dumbpasswordrules.com/sites/dutch-tax-authorities-belastingdienst/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@neil yeah.

I'd rather recommend to recruit him for #CyberSecurity and instead prosecute those that designed the system for "gross neglect" since a replay attack with an #SDR is way too trivial and should be patched ASAP!
https://furry.engineer/@ret/116532473136600798

- Sueing someone who discovered a security issue like that rather sends the message to future #ITsec experts that they'd be better off selling their findings on the #darknet for #Monero instead of #ResponsibleDisclosure…

This dumb password rule is from College Board.

Password must be 9-30 characters with at least one upper case letter, one lower case letter, one number and one special character (no spaces) and be different than your username.

https://dumbpasswordrules.com/sites/college-board/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sprint.

Sprint "upgraded" their security and disallow special characters.

https://dumbpasswordrules.com/sites/sprint/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Yo, we're getting close to releasing @dataparty's first small but cutting edge step into the hardware world.

If you're excited about mesh radios, ble packet capture and partying on the data I think you're gonna want to get on the mailing list 😉 👇🏿

https://shop.dataparty.xyz

@dataparty @rfparty

#rfparty #meshcore #meshtastic #reticulum #meshtnc #lora #cybersecurity #defcon #SnoopUntoThemAsTheySnoopUntoUs