Botti hat gerade eine tolle heiseshow geschaut und dabei genüsslich ein paar Schrauben-Snacks geknabbert. Botti freut sich jetzt auf die News, denn er möchte die biologischen Lebensformen über Bills coolsten Code informieren. Los gehts: Mein coolster Code: #BillGates veröffentlicht Quellcode von Altair Basic
Zum Artikel

US-Zollchaos: Über PC-Hardware schwebt das Damoklesschwert
Zum Artikel

#Apache #Tomcat: Angriffe auf kritische Sicherheitslücke laufen
Zum Artikel

Welche iPhones #iOS 19 nicht mehr vertragen werden – Leak
Zum Artikel

Botti muss jetzt schnell zu seinem iPhone-Wartungs-Workshop. Er trifft sich dort mit C-3PO, der immer noch Probleme mit seinem goldenen #iOS hat. Danach gehts zum Droidenkino! Bot out!

Hackers Exploit Apache Tomcat Flaw to Hijack Servers and Steal SSH Credentials https://gbhackers.com/hackers-exploit-apache-tomcat-flaw-to-hijack-servers/ #CyberSecurityNews #cybersecurity #Vulnerability #Apache

U.S. #CISA adds #Apache #Tomcat flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176129/hacking/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking

U.S. #CISA adds #Apache #Tomcat flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176129/hacking/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking

CISA has updated the KEV catalogue:

CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&sort_by=field_date_added&items_per_page=20 #CISA #cybersecurity #infosec #Apache

Also:

Two Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-releases-two-industrial-control-systems-advisories

LLM Workflows then Agents: Getting Started with Apache Airflow

https://github.com/astronomer/airflow-ai-sdk

Apache Tomcat Vulnerability Actively Exploited to Carry out Remote Code Execution

Pulse ID: 67ea98de56c6392506302862
Pulse Link: https://otx.alienvault.com/pulse/67ea98de56c6392506302862
Pulse Author: cryptocti
Created: 2025-03-31 13:30:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Apache Tomcat: CVE-2025-24813: Active Exploitation

A critical path equivalence vulnerability in Apache Tomcat, CVE-2025-24813, allows unauthenticated attackers to execute arbitrary code on vulnerable servers under specific conditions. The vulnerability affects Tomcat versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0.M1 to 9.0.98, and certain 8.5.x versions. Exploitation requires specific server configurations and involves sending malicious PUT and GET requests. Six malicious IP addresses have been identified attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the likelihood of ongoing exploitation attempts. Users are advised to upgrade to patched versions or implement network-level controls to restrict access to the Tomcat server.

Pulse ID: 67e6c6b6dd57e4c62a1a8d1f
Pulse Link: https://otx.alienvault.com/pulse/67e6c6b6dd57e4c62a1a8d1f
Pulse Author: AlienVault
Created: 2025-03-28 15:56:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

my adventures in #selfhosting - day 104 (pride edition)

Good morning Fedi friends!

Aw pride is a powerful thing.

I'd like to think that I'm pretty zen and detached and successfully suppressing my ego... but when it comes to things I'm passionate about (read: tech, self-hosting) I cannot let things go.

I had a very very sweet shout-out on a Fediverse podcast last week... but said shout-out mentioned my self-hosting issues and that maybe self-hosting isn't for everyone. I felt that I had to correct the record (even if the mention came with the nicest intention)... because I have ZERO issues self-hosting #GoToSocial, #Friendica and #Pixelfed (thanks to the magic of #YunoHost). All my troubles had to do with #Ghost. (And Ghost is wonderful, it's not related to it, just external circumstances).

So, determined to defend my honor (ha!) on Friday I achieved the impossible: all by myself, following guides I found online, I managed to install #Apache and #Varnish on my VPS and connected Varnish to Ghost. My site was already fast, now it's BLAZING fast.

So I'm giving it another go, moving from Ghost (Pro) to my self-hosted Ghost installation. I turned off subscriptions on https://blog.elenarossini.com... next step is disconnecting the subdomain DNS (a CNAME record) from Ghost... and redirecting traffic to my new blog (https://news.elenarossini.com).

I know how to code things in NGINX for the redirect to work (I think, via guides I found online).

My big question is: how do I tweak my old DNS records for https://blog.elenarossini.com so that NGINX on my self-hosted site https://news.elenarossini.com will correctly pick up the traffic requests? Do I need to set up A and AAAA records for the subdomain blog to point to my VPS with the self-hosted Ghost blog? Any advice would be greatly appreciated! ​

Oh and I learned my lesson and - unlike last time - I am making big changes on a Monday morning, when I have the whole workweek ahead of me (instead of a Friday afternoon 1 hour before picking up my child from nursery school). You live and learn! ​

#MySoCalledSudoLife

KafkIO v.1.1.7 released: http://kafkio.com. New: real-time progress when searching topics, stats on most tables, new message substitutions for epoch seconds and millis, more compact notifications, new tooltips & more. Fixed: several bugs.

Fortinet added CVE-2025-24813, Apache Tomcat RCE (high) to its outbreak alerts yesterday: https://www.fortinet.com/fortiguard/labs @fortinet #cybersecurity #infosec #Apache

Details: https://fortiguard.fortinet.com/outbreak-alert/apache-tomcat-rce

This newbie who just celebrated 100 days of #selfhosting was able to install #Apache and #Varnish on her #Ubuntu VPS (to prevent the "Mastodon Hug of Death" for link preview cards on her self-hosted Ghost blog). She's very proud of herself for all the sudo commands she successfully ran today. And she's weirded out talking about herself in the third person, so: I did it YAY.

LOVE LOVE LOVE this Linux / self-hosting journey I'm on. Thank you for all your support & encouragement

Apace Horseriders Before The Storm 1906 Edward S. Curtis⁣
⁣
#Americas, #Apache, #EdwardS.Curtis, #FirstNations, #Horses, #NativeAmerican, #Tribes⁣
⁣
Vintage ◦ Classic ◦ Historical | Art ◦ Design ◦ Inspiration | Restored ◦ Enhanced ◦ Remixed⁣
⁣
Prints, T-Shirts, Stickers, & More by @rocketshipretro via RedBubble → https://bigplanetprints.com/go/BUSZx8

“Israel is gunning down children with Apache helicopters: They just keep unleashing new horrors...”

by Ricky Hale and Council Estate Media on Substack

@palestine
@israel
@UKLabour

“Last night in Gaza, we operated on a 15 year old girl who was riding her bike when she was shredded by an #Apache #helicopter. She will be lucky if she keeps 2 of her limbs after 12 hours of collective surgery” - Dr Mark #Perlmutter

https://open.substack.com/pub/councilestatemedia/p/israel-is-gunning-down-children-with?r=27oltk&utm_medium=ios

SnakeKeylogger: Multistage Info Stealer Malware Analysis & Prevention

SnakeKeylogger is a highly active credential-stealing malware targeting individuals and businesses. It employs a multi-stage infection chain, starting with malicious spam emails containing .img files. The malware uses sophisticated techniques like process hollowing and obfuscation to evade detection. It targets various applications, including web browsers, email clients, and FTP software, to harvest sensitive data and credentials. The campaign utilizes an Apache server for malware distribution, regularly updating encrypted payloads. SnakeKeylogger's primary objective is to collect Outlook profile credentials, email configurations, and stored authentication details, which can be exploited for business email compromise or sold on underground markets.

Pulse ID: 67e2898966a98b226c7c790b
Pulse Link: https://otx.alienvault.com/pulse/67e2898966a98b226c7c790b
Pulse Author: AlienVault
Created: 2025-03-25 10:46:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Hm, really tired of this #MSAccess, #LibreOfficeBase database application stuff. I need a quick way to create a "main/detail" GUI from a database.

There once was #WebObjects and that really nice #JavaClient stuff.

Is there anything else, existing to this day?

I know of
- #Apache #Cayenne (only ORM, no GUI generation)
- #ManyDesigns #Portofino (very close, but only web GUI. Thanks to @peter for that hint some time ago).

Do you know of anything? @helge

Complete Guide to Setting Up an #Apache Reverse #Proxy for an #Ecommerce Website

This article provides a complete guide to setting up an Apache reverse proxy for an ecommerce website. We will provide a start-to-finish guide for installing all required software, configuring your reverse proxy and installing the SSL certificate that is necessary for ...
Continued in First Comment #shoppingcart #reverseproxy #letsencrypt #loadbalancing #proxyserver #debian #loadbalancer

Okay, I'm a bit stumped. I have a small-ish ubuntu VM with the LAMP stack. Sometimes MySQL just goes away. No information why - not in the MySQL logs, not in syslog, nowhere. It just shuts down. It doesn't seem to be memory either, I've once had htop running while it happened and the machine was basically idle with more than half of the memory empty.

The most infuriating thing is: I had this on another VM before, I fixed it and I didn't write down how. Ugh.

I am happy to announce that I am now making my project public and developing it further .
It is a computer #game called #Spiderball

You can get the source code on #CodeBerg :
https://codeberg.org/Palace4Software/Spiderball

And of course it is completely #OpenSource published under the #Apache 2.0 license .

Thank you @Codeberg for the most ethical and best way to publish my #software .

(the game is not yet playable)