Cybersecurity

7492 readers
229 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
801
802
803
4
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/cybersecurity
 
 

Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.

804
805
806
807
808
809
810
811
 
 

On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwide—including in Russia, Brazil, Germany, Belarus and Kazakhstan—by spreading trojanized versions of popular games via torrent sites.

In this report, we analyze how the attacker evades detection and launches a sophisticated execution chain, employing a wide range of defense evasion techniques.

812
 
 

title. I know Lemmy is global, so I'll see articles and links to sites that I have never heard of. I assume most content is good, but it's also the internet so there has to be assholes somewhere. any good ways to stay proactive about attacks?

813
814
815
816
817
818
819
820
821
 
 

822
 
 

Can anyone verify this report? This seems... Bad.

Between January 14 and February 8, servers belonging to Lawrence Livermore National Laboratory, Los Alamos National Laboratory, Thomas Jefferson National Accelerator Facility, and Fermi Accelerator National Laboratory have been found with Remote Desktop Protocol (RDP) services exposed to the public internet. This grants malicious actors the opportunity to hack into servers hosting sensitive nuclear research data, a golden egg for spy agencies across the globe.

My investigation also revealed government servers directly interfacing with AI products, creating yet another disturbing risk to national security that is extremely difficult to reverse or mitigate.

With the state of government security before this, I don't have a lot of hope these were secure, but at least they weren't exposed directly to the Internet for attack.....

823
824
825
view more: ‹ prev next ›