Cybersecurity

6889 readers
48 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
1676
1677
1678
1679
1680
 
 

A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India.

1681
 
 

ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices.

1682
 
 

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.

1683
1684
 
 

Nice article.

1685
1686
1687
1688
 
 

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware.

1689
 
 

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials.

1690
 
 

Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money.

1691
 
 

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day.

1692
 
 

The vulnerability is particularly hazardous as it affects Outlook’s Preview Pane once an email has been opened.

1693
 
 

The flaw was patched in March, and at the time Microsoft stated there was no evidence of its exploitation in the wild.

1694
 
 

A hacker has gained access to internal tools used by the location tracking company Tile, including one that processes location data requests for law enforcement, and stolen a large amount of customer data, such as their names, physical addresses, email addresses, and phone numbers, 404 Media reports. From the report:

The stolen data itself does not include the location of Tile devices, which are small pieces of hardware users attach to their keys or other items to monitor remotely. But it is still a significant breach that shows how tools intended for internal use by company workers can be accessed and then leveraged by hackers to collect sensitive data en masse. It also shows that this type of company, one which tracks peoples' locations, can become a target for hackers. "Basically I had access to everything," the hacker told 404 Media in an online chat. The hacker says they also demanded payment from Tile but did not receive a response.

Tile sells various tracking devices which can be located through Tile's accompanying app. Life360, another location data focused company, acquired Tile in November 2021. The hacker says they obtained login credentials for a Tile system that they believe belonged to a former Tile employee. One tool specifically says it can be used to "initiate data access, location, or law enforcement requests." Users can then lookup Tile customers by their phone number or another identifier, according to a screenshot of the tool.

Abstract credit: https://slashdot.org/story/429499

1695
 
 

Starting from 2030, Mastercard will no longer require Europeans to enter their card numbers manually when checking out online -- no matter what platform or device they're using. Mastercard will announce Tuesday in a fireside chat with CNBC that, by 2030, all cards it issues on its network in Europe will be tokenized. In other words, instead of the 16-digit card number we're all accustomed to using for transactions, this will be replaced with a randomly generated "token."

The firm says it's been working with banks, fintechs, merchants and other partners to phase out manual card entry for e-commerce by 2030 in Europe, in favor of a one-click button across all online platforms. This will ensure that consumers' cards are secure against fraud attempts, Mastercard says. Users won't have to keep entering passwords every time they try to make a payment, as Mastercard is introducing passkeys that replace passwords.

1696
1697
1698
 
 

AWS account holders can now use FIDO2 passkeys as an authentication method.

1699
 
 

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known."

1700
view more: ‹ prev next ›