Cybersecurity

5935 readers

35 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

651

FreeBSD Gets €686,400 to Boost Security Features (www.darkreading.com)

submitted 4 months ago by [email protected] to c/cybersecurity

2 comments fedilink

The funds from Germany’s Sovereign Tech Fund will be used to integrate security features such as zero trust capabilities and tools for software bill of materials.

652

Found: 280 Android apps that use OCR to steal cryptocurrency credentials (arstechnica.com)

submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/cybersecurity

3 comments fedilink

Optical Character Recognition converts passwords shown in images to machine-readable text.

McAfee blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/

653

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (thehackernews.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

654

Chinese 'Tropic Trooper' APT Targets Mideast Governments (www.darkreading.com)

submitted 4 months ago by kid to c/cybersecurity

1 comments fedilink

655

SonicWall Access Control Vulnerability Exploited in the Wild (gbhackers.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

656

Russia APT28 Cyber Attacks German Air Traffic Control (www.cybersecurity-insiders.com)

submitted 4 months ago by kid to c/cybersecurity

1 comments fedilink

657

Zyxel warns of vulnerabilities in a wide range of its products (arstechnica.com)

submitted 4 months ago by [email protected] to c/cybersecurity

0 comments fedilink

Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10.

658

Iran pays millions to stop data leak related to banks (www.cybersecurity-insiders.com)

submitted 4 months ago by kid to c/cybersecurity

1 comments fedilink

659

Cisco warns of backdoor admin account in Smart Licensing Utility (www.bleepingcomputer.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

660

Where's a good place to look for entry-level GRC jobs? (lemmy.world)

submitted 4 months ago by [email protected] to c/cybersecurity

9 comments fedilink

I'm looking to start a career in GRC. Been searching a bunch of different things (e.g. cybersecurity internal audit, GRC analyst, cyber audit, risk analyst, etc.) but everything that's coming up is mid-senior positions, manager positions, etc.

661

DDoS Attacks Hit France Over Telegram's Pavel Durov Arrest (hackread.com)

submitted 4 months ago by kid to c/cybersecurity

2 comments fedilink

662

Hackers inject malicious JS in Cisco store to steal credit cards, credentials (www.bleepingcomputer.com)

submitted 4 months ago by [email protected] to c/cybersecurity

1 comments fedilink

Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout.

663

Thousands of abandoned PyPI projects could be hijacked: Report (www.csoonline.com)

submitted 4 months ago by [email protected] to c/cybersecurity

0 comments fedilink

Software supply chain attacks could increase by using this newly discovered tactic, say JFrog researchers

664

Sanity check: Yubikeys and password shares (reddthat.com)

submitted 4 months ago by [email protected] to c/cybersecurity

15 comments fedilink

I've been thinking about getting a couple of Yubikeys for a partner and myself, but we share certain accounts. While I would love to have the Yubikey 5 that can store TOTP, that seems like it could be problematic for shared accounts.

Would using the cheaper Yubico Security Keys to unlock Bitwarden Premium vaults, that use a Shared Organization, be a better/more sane option than trying to sync up TOTP secrets every time a new shared account gets added? Any other critiques or suggestions?

665

White House publishes latest plan to protect a key component of the internet: BGP (cyberscoop.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

666

PoC Exploit Released For 0-Day Windows Kernel Privilege Escalation Vulnerability (gbhackers.com)

submitted 4 months ago by kid to c/cybersecurity

3 comments fedilink

667

Record breaking Ransomware attacks on Schools and Colleges in 2023 (www.cybersecurity-insiders.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

668

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (arstechnica.com)

submitted 4 months ago by kid to c/cybersecurity

3 comments fedilink

669

FBI: North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks (www.ic3.gov)

submitted 4 months ago by kid to c/cybersecurity

1 comments fedilink

670

List of Old NSA Training Videos (www.schneier.com)

submitted 4 months ago by [email protected] to c/cybersecurity

2 comments fedilink

The NSA’s “National Cryptographic School Television Catalogue (pdf)” from 1991 lists about 600 COMSEC and SIGINT training videos.

There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.

671

Halliburton confirms data stolen in recent cyberattack (www.bleepingcomputer.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

672

NASA Focuses on Cybersecurity of Its Mission-Critical Software (www.darkreading.com)

submitted 4 months ago by [email protected] to c/cybersecurity

1 comments fedilink

The software verification and validation efforts helps NASA improve the safety and cost-effectiveness of its mission-critical software. Cybersecurity is now part of the evaluation.

673

Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network (hackread.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

674

[Opinion] Cloud providers must own up to their part in the current state of insecurity (www.csoonline.com)

submitted 4 months ago by [email protected] to c/cybersecurity

4 comments fedilink

Yes, the shared responsibility model long predates the cloud, but the cloud era is proving that true sharing of responsibility is more complicated than it seems, leaving enterprises less secure as a result.

675

SQL Injection Attack on Airport Security (www.schneier.com)

submitted 4 months ago by [email protected] to c/cybersecurity

16 comments fedilink

Anyone with basic knowledge of SQL injection could login to this site and add anyone they wanted to KCM and CASS, allowing themselves to both skip security screening and then access the cockpits of commercial airliners.