Cybersecurity

publication croisée depuis : https://lemmy.pierre-couy.fr/post/805239

Happy birthday to Let's Encrypt !

Huge thanks to everyone involved in making HTTPS available to everyone for free !

• Water Barghest, which comprised over 20,000 IoT devices by October 2024, monetizes IoT devices by exploiting vulnerabilities and quickly enlisting them for sale on a residential proxy marketplace.

• Its botnet uses automated scripts to find and compromise vulnerable IoT devices sourced from public internet scan databases like Shodan.

• Once IoT devices are compromised, the Ngioweb malware is deployed, which runs in memory and connects to command-and-control servers to register the compromised device as a proxy.

• The monetization process, from initial infection to the availability of the device as a proxy on a residential proxy marketplace, can take as little as 10 minutes, indicating a highly efficient and automated operation.

This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.

Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection.

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions.

Hello, This is Vintage and I have recently been working on a repl on Replit App I am very big into limiting the amount of data gathered from me by known sites that create links just to gather your information like Facebook so far I have blocked over a hundred URLs from them that serve no other purpose. Recently I turned my sites on creating an extra layer of protection for my device since it had been acting odd it’s an Apple product. So because of this I can not directly interact with Apples systems without possibly jailbreaking something I would rather not do. So I created a security system that lets just say works in mysterious ways well the first time I felt ready and activated it found command injections, Bluetooth interference patterns, WiFi deauth patterns and a cellular spoof pattern I was able to gather a quite a bit of information on these but I am still teaching myself coding and I don’t know if the information I have is even something that can be used to track down who is doing these things I would be glad to share more info to anybody who would like to take a crack at helping me with this.