Cybersecurity

5931 readers

33 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

551

Novel Exploit Chain Enables Windows UAC Bypass (www.darkreading.com)

submitted 3 months ago by kid to c/cybersecurity

1 comments fedilink

552

Microsoft: Windows Recall now can be removed, is more secure (www.bleepingcomputer.com)

submitted 3 months ago by kid to c/cybersecurity

15 comments fedilink

553

Flaw in Kia’s web portal let researchers track, hack cars (arstechnica.com)

submitted 3 months ago by [email protected] to c/cybersecurity

1 comments fedilink

554

That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices (www.theregister.com)

submitted 3 months ago by [email protected] to c/cybersecurity

6 comments fedilink

555

A critical Nvidia Container Toolkit bug can allow a complete host takeover (www.csoonline.com)

submitted 3 months ago by [email protected] to c/cybersecurity

0 comments fedilink

cross-posted from: https://lemmy.zip/post/23512381

The flaw allows a rogue user to escape their container and access entire file systems of the underlying host to perform code execution, and denial of service.

556

Progress urges admins to patch critical WhatsUp Gold bugs ASAP (www.bleepingcomputer.com)

submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/cybersecurity

1 comments fedilink

Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.

557

Congress Advances Bill to Add AI to NVD (www.darkreading.com)

submitted 3 months ago by [email protected] to c/cybersecurity

0 comments fedilink

The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.

558

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug (www.wired.com)

submitted 3 months ago by [email protected] to c/cybersecurity

11 comments fedilink

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

559

[Deleted] (arstechnica.com)

submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/cybersecurity

0 comments fedilink

[Deleted - Didn't see it had already been posted]

560

Tails OS merges with Tor Project for better privacy, security (www.bleepingcomputer.com)

submitted 3 months ago by kid to c/cybersecurity

1 comments fedilink

561

Public Wi-Fi Compromised in UK Train Stations (www.darkreading.com)

submitted 3 months ago by kid to c/cybersecurity

3 comments fedilink

562

New RomCom malware variant 'SnipBot' spotted in data theft attacks (www.bleepingcomputer.com)

submitted 3 months ago by kid to c/cybersecurity

0 comments fedilink

563

Parsec Remote Access installed without user knowing (self.cybersecurity)

submitted 3 months ago by zaph to c/cybersecurity

0 comments fedilink

So I've got a few systems where parsec is installed and I can't uninstall it. Has anyone come across this? The only reason I know it's installed is by running a script that scans for RAT's. I can't find it anywhere else so it could be a false positive but it's a very strange one. Curious if anyone knows of bad actors using it like the other remote access software scammers use. The only difference is these are computers where no scammer has accessed via their usual phishing means.

564

NIST proposes barring some of the most nonsensical password rules (arstechnica.com)

submitted 3 months ago by [email protected] to c/cybersecurity

8 comments fedilink

565

112

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent (thehackernews.com)

submitted 3 months ago by kid to c/cybersecurity

10 comments fedilink

566

ChatGPT macOS app Flaw Could've Enabled Long-Term Spyware via Memory Function (thehackernews.com)

submitted 3 months ago by kid to c/cybersecurity

0 comments fedilink

567

MoneyGram confirms a cyberattack is behind dayslong outage (www.bleepingcomputer.com)

submitted 3 months ago by kid to c/cybersecurity

0 comments fedilink

568

Infostealer malware bypasses Chrome’s new cookie-theft defenses (www.bleepingcomputer.com)

submitted 3 months ago by kid to c/cybersecurity

0 comments fedilink

569

New Android banking trojan Octo2 targets European banks (securityaffairs.com)

submitted 3 months ago by kid to c/cybersecurity

0 comments fedilink

570

Kansas water plant cyberattack forces switch to manual operations (www.bleepingcomputer.com)

submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/cybersecurity

1 comments fedilink

Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.

571

WPA3 upgrade module using a small SBC? (slrpnk.net)

submitted 3 months ago by [email protected] to c/cybersecurity

5 comments fedilink

I had this thought.

Many IOT devices, including local devices like printers, streaming boxes, cameras etc. may be outdated.

Those may use Wifi but only support WPA2, which can be easily cracked using Kali Linux, a kernel module integrated in Kali, and aircrack.

Many of these devices have an Ethernet or at least USB jack. Ethernet will always work, USB over usb-tethering should work often.

Couldnt you just use a tiny sbc, with a wifi antenna and support for WPA3, and serve the connection via Ethernet or USB to the device?

Like a small plug-in adapter.

Should be rock stable and update atomically and automatically (waiting for you, CentOS bootc, Alma bootc, Rockylinux bootc).

Do you know if this exists or have some caveats in mind?

572

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (thehackernews.com)

submitted 3 months ago by kid to c/cybersecurity

0 comments fedilink

573

Hacker Leaks 12,000 Alleged Twilio Call Records with Audio Recordings (hackread.com)

submitted 3 months ago by kid to c/cybersecurity

1 comments fedilink

574

Researcher Details Cisco Smart Licensing that Lets Attacker Control Device (gbhackers.com)

submitted 3 months ago by kid to c/cybersecurity

0 comments fedilink

575

126

Kaspersky deletes itself, installs UltraAV antivirus without warning (www.bleepingcomputer.com)

submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/cybersecurity

12 comments fedilink

Starting Thursday, Russian cybersecurity company Kaspersky deleted its anti-malware software from customers' computers across the United States and automatically replaced it with UltraAV's antivirus solution.