Untitled attachment

Notices where this attachment appears

1. Embed this notice
   Christoffer S. (nopatience@swecyb.com)'s status on Tuesday, 18-Mar-2025 07:14:38 JST Christoffer S.

   It would appear as if Wiz may have discovered another supply-chain compromise:

   https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup

   The attack involved compromising the v1 tag of reviewdog/action-setup between March 11th 18:42 and 20:31 UTC. Unlike the tj-actions attack that used curl to retrieve a payload, this attack directly inserted a base64-encoded malicious payload into the install.sh file. When executed, the code dumped CI runner memory containing workflow secrets, which were then visible in logs as double-encoded base64 strings. The attack chain appears to have started with the compromise of reviewdog/action-setup, which was then used to compromise the tj-actions-bot Personal Access Token (PAT), ultimately leading to the compromise of tj-actions/changed-files. Organizations are advised to check for affected repositories using GitHub queries, examine workflow logs for evidence of compromise, rotate any leaked secrets, and implement preventive measures like pinning actions to specific commit hashes rather than version tags.

   #CyberSecurity #SupplyChain

2. Embed this notice
   Xenotar (xenotar@mastodon.social)'s status on Monday, 10-Mar-2025 12:41:35 JST Xenotar

   Ontem eu postei aqui sobre os compiladores da AMD que podem ser baixados gratuitamente: C, C++ e Fortran.
   Hoje eu instalei e testei.
   A instalação não podia ser mais simples, lembra os velhos tempos:
   1) Se extrai o conteúdo do tar.xz onde se deseja colocar os compiladores.
   2) Roda-se o install.sh que configura um arquivo com o paths para LD_LIBRARY_PATH e PATH
   e pronto. Não tem nada de apt que joga as coisas dentro dos diretórios do sistema. Lembra o tempo que se usava o /usr/local no Linux
   +

3. Embed this notice
   FARENGI GRINDSET COACH (dmx@normal.style)'s status on Saturday, 11-Jan-2025 10:42:46 JST FARENGI GRINDSET COACH

   in reply to

   that lasted until she couldn't get on the wifi. pretty sure her wifi card shit the bed so I gave her my usb wifi dongle. it didn't automatically configure the driver so I pulled out the little disc that came with it. the disc also didn't install the driver automatically. there was a linux folder on it containing presumably everything I needed, but when running the install.sh she couldn't type her password into the terminal. my brother brought her a windows surface and she gave up immediately

4. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 30-Mar-2024 10:17:33 JST Haelwenn /элвэн/ :triskell:

   in reply to
   @dalias @feld @cloud_manul @thesamesam @mirabilos Wasn't it the NVidya optimus installer or something like this?
   
   At least I saved an image from back then:
   install.sh wipe usr.jpeg