Nextcloud

4 Articles

This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse

April 24, 2026 by 13 Comments

The author of the BlueHammer exploit, which was released earlier this month and addressed in the last Patch Tuesday, continues to be annoyed with the responses from the Microsoft security research and vulnerability response team, and has released another Windows zero-day attack against Windows Defender.

The RedSun exploit targets a logic and timing error in Windows Defender, convincing it to install the target file in the system, instead of quarantining the file and protecting the system. Not, generally, what you would hope would happen.

Since the RedSun attack requires local access in the first place, it seems unlikely Microsoft will release an out-of-sequence patch for it, however with public code available, we can probably expect to see malware leveraging it to establish higher permissions on an infected system.

Releasing exploits out of spite feels like a return to the late 1990s, and I almost don’t hate it.

University Domains Hijacked

Reported in Bleeping Computer, a group tracked as “Hazy Hawk” has been hijacking unmaintained DNS records of universities and government institutions to serve ad click spam.

The attack seems simple and doesn’t even require compromising the actual institution, using dangling DNS “CNAME” records. A “CNAME” entry in DNS acts essentially as an alias, pointing one domain name at another, which can be used to provide content from an official domain that is hosted on a cloud service where the IP address of the service might change.

A DNS “A” (or “AAAA” if you speak IPv6) record points a hostname – like “foo.example.com” – to an IP address – like “1.1.1.1”. A “CNAME” record points a hostname to another hostname, like “foo.some_cloud_host.com”. Scanning “high value” domains (like Ivy League universities) for “CNAME” records which point to expired domains (or domains on cloud hosted providers which no longer exist) lets anyone able to register that domain (or create an account with the proper naming scheme on the cloud host) to post any content they wish, and still appear to be the original name.

At least 30 educational institutions have been impacted, along with several government agencies including the CDC.

Continue reading “This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse”

Escaping US Tech Giants Leads European YouTuber To Open Source

May 17, 2025 by 113 Comments

The video (embedded below) by [TechAltar] is titled “1 Month without US tech giants“, but it could have been titled “1 Month with Open Source Tools” — because, as it turns out, once you get out of the ecosystem set up by the US tech giants, you’re into the world of open source software (OSS) whether you want to be or not.

From a (German-made) Tuxedo laptop running their own Linux distro to a Fairphone with e/OS (which is French), an open version of Android, [TechAlter] is very keen to point out whenever Europeans are involved, which is how we learned that KDE has a physical headquarters, and that it’s in Berlin. Who knew?

He also gives his experiences with NextCloud (also German), can be used as an OSS alternative Google Workspaces that we’ve written about before, but then admits that he was the sole user on his instance. To which one must question: if you’re the sole user, why do you need a cloud-based collaborative environment? To try it out before getting collaborators involved, presumably.

Regardless what you think of the politics motivating this video, it’s great to see open source getting greater traction. While [TechAltar] was looking for European alternatives, part of the glory of open source is that it doesn’t matter where you’re from, you can still contribute. (Unless you’re Russian.) Have you found yourself using more open source software (or hardware) of late? Do you think the current political climate could lead to a broadening of its reach? Is this the year of the linux desktop? Let us know what you think in the comments. Continue reading “Escaping US Tech Giants Leads European YouTuber To Open Source”

Easier Self Hosting With Umbrel

July 9, 2022 by 12 Comments

While it is undeniable that cloud-based services are handy, there are people who would rather do it themselves. For many of us, it is because we want what we want the way we want it. For others, it is a distrust of leaving your personal data on someone’s server you don’t control. Umbrel is a Linux distribution just for people who want to self-host popular applications like NextCloud or Home Assistant. [ItsFoss] has a good review that points out some of the plusses and minuses of the early version of Umbrel.

What’s really interesting, though, is the approach the distro takes to installing software. Like most modern distributions, Umbrel has a package manager. Unlike most, though, the packages are actually docker containers. So when you install an app, it is preconfigured and lives in its own bubble, unlikely to conflict with other things you might install.

We also like that it has a specific build for a Raspberry Pi, although it will work on other 64-bit hardware and you can even install it within docker on top of your normal operating system. Of course, the docker container concept is also a drawback — at least for now — because it can be difficult to adjust settings inside the container compared to a more conventional install.

It amazes us that hardware has become so capable that it is easier to just duplicate entire operating systems than it is to work out the required dependency interactions. Still, it works, and in most cases, it works well.

If you want to know more about Docker, we’ve covered it a few times in the past. You can even use it for very simple development cases if you like.

Continue reading “Easier Self Hosting With Umbrel”

This Week In Security: More WhatsApp, Nextcry, Hover To Crash, And Android Permissions Bypass

November 22, 2019 by 7 Comments

There is another WhatsApp flaw, but instead of malicious GIFs, this time it’s malicious mp4 files. Facebook announced the vulnerability late last week. An update has been released, so first go make sure WhatsApp is updated. Facebook’s advisory is a bit light on the details, simply saying that a “stack-based buffer overflow” was possible as a result of “parsing the elementary stream metadata of an mp4 file”.

Shortly after the bug was announced, a GitHub repository popped up, with a claimed proof-of-concept mp4 file for CVE-2019-11931. (Thanks to [justtransit] on Reddit for the link.) I can’t easily test the PoC file, but we can take a look at it to see what the vulnerability is. What tools do we need to take a look? A hex editor is a good start. I’m using GHex, simply because it was available and easily installed on Fedora. Continue reading “This Week In Security: More WhatsApp, Nextcry, Hover To Crash, And Android Permissions Bypass”