Notices by boB Rudis 🇺🇦 🇬🇱 🇨🇦 (hrbrmstr@mastodon.social)

Citizen Released After Mysterious Detention by Security Forces

https://www.sfgate.com/bayarea/article/santa-cruz-woman-freed-ice-detention-20318272.php

@mttaggart Fedi is still very (very) confusing + off-putting for the vast majority of folks who want to connect in a social network-style.

It could really do with a "one app" + "one big honkin server" flavor, which is what Bluesky sadly could have been.

Bluesky being down *again* is pretty amusing.

🚨 We have a detection up for SAP NetWeaver CVE-2025-31324 Unauthenticated File Upload Attempt

I can confirm we have had hits on it before the tag being published (we're working on a retro-hunt).

These IPs were seen making the attempts over the weekend:

98.84.54.227
67.205.148.188
85.90.245.101
89.117.19.46
172.105.246.67
212.56.35.88

This is the tag:
https://viz.greynoise.io/tags/sap-netweaver-cve-2025-31324-unauthenticated-file-upload-attempt?days=30

I'm starting to get the impression y'all might be trying to tell us (i.e., U.S.) something…

Gotta hand it to @GossiTheDog … def knows how to steal content super well.

@hacks4pancakes wld have been great if he attributed it to me. not surprised tho.

#CVE

You'll be shocked…*shocked*, I say…to hear that I have thoughts about "The Signal Heard Round the World" — https://47-watch.com/blog/posts/2025/2025-03-24-signal-heard-round-the-world/

Never once before 2017 did I even remotely consider we'd (the U.S.) be the Centauri.

The IRL equivalent of "And All My Dreams, Torn Asunder" is happening live, right in front of us all.

#Babylon5

I am SO SORRY folks. But Amerika is now one of the most dangerous places to travel to.

PLEASE STAY AWAY.

A decent % of us are gonna try to reclaim what we once were.

It won't be pretty or speedy.

Just…PLEASE…stay where you are. We cannot protect you. Our leaders hate you.

‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge

“You've got a lot of people who are looking over their shoulder as opposed to looking at the enemy right now,”

“Most people are … doing the work of 2+ full-time [staffers].”

America is going *great*.

https://www.wired.com/story/inside-cisa-under-trump/

DOGE Staffer Exposed for Posting Government Work on Public GitHub, Including Employee Union Tracking Tools

https://xcancel.com/SollenbergerRC/status/1895609294810464390?cursor=EwAAAPAEHBkW0oLa-aOnx840JQISFQQAAA#r

Since I (a) needed to play with the Asahi Linux install I did yesterday on the old M1 Mini and (b) haven't used the ESC POS printer in a while, and (c) am still not up to much physical activity, I wired up the RSS feed of the POTUS blatherings I had Inoreader make for me so there's a physical record of the inanity.

Pretty sure this is a sign I'm nearing the breaking point.

This "unitary executive" BS is getting tiresome.

47 Watch has added 1 new executive order — https://47-watch.com/executive-orders/2025-02-12-one-voice-for-americas-foreign-relations/ — and it is yet-another doozy. Sufficiently so, that it warranted a short blog with a potential scenario https://47-watch.com/blog/posts/2025/2025-02-12-one-loud-obnoxious-voice/

Great info from Censys on the state of exposure of the systems in the BeyondTrust debacle. https://censys.com/cve-2024-12356/

Bluesky is turning out to be a more useful CVE chatter monitoring tool than I expected it would be. https://cvesky.labs.greynoise.io/

Built some internal views (via Observable Framework) of the social CVE trending mentions (CVE Watch for 🐘 & CVESky for 🦋) that we (GreyNoise) have activity for.

If this ends up not being a candidate for the product, I'll figure out some way to get these published for folks.

Hrm… https://arstechnica.com/security/2024/10/fortinet-stays-mum-on-critical-0-day-reportedly-under-active-exploitation/
https://infosec.exchange/@ntkramer/113330483104135617

I know nobody cares about this, but the real "scandal" is that Patreon DISBANDED THEIR INFOSEC DEPARTMENT.

There is nobody — NOBODY — running cybersecurity there.

Yet, all y'all care about is “Apple wants rent”.

Yep. 100%. Ask any of us who want to buy comics or audiobooks from someone besides Apple and we’ll gladly commiserate.

But, why on $DEITY’S own earth are you willing to put your $$$$ into an org who doesn’t care at all about the safety of your FINANCIAL SERVICES' data?