Cybersecurity

5926 readers

318 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

276

Ford 'actively investigating' breach claims (www.theregister.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

277

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks (securityaffairs.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

278

Apache Kafka Vulnerability Let Attackers Escalate Privileges (gbhackers.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

279

Ransomware Attack on Oklahoma Medical Center Impacts 133,000 (www.securityweek.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

280

Space tech giant Maxar confirms hacker accessed employees' personal data (techcrunch.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

281

Akira Ransomware Racks Up 30+ Victims in a Single Day (www.darkreading.com)

submitted 1 month ago by kid to c/cybersecurity

1 comments fedilink

282

Let's Encrypt is 10 years old today ! (letsencrypt.org)

submitted 1 month ago by [email protected] to c/cybersecurity

4 comments fedilink

publication croisée depuis : https://lemmy.pierre-couy.fr/post/805239

Happy birthday to Let's Encrypt !

Huge thanks to everyone involved in making HTTPS available to everyone for free !

283

Fortra Reports Alarming Increase In Abuse Of Cloudflare Services (informationsecuritybuzz.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

284

Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices (www.trendmicro.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

Water Barghest, which comprised over 20,000 IoT devices by October 2024, monetizes IoT devices by exploiting vulnerabilities and quickly enlisting them for sale on a residential proxy marketplace.
Its botnet uses automated scripts to find and compromise vulnerable IoT devices sourced from public internet scan databases like Shodan.
Once IoT devices are compromised, the Ngioweb malware is deployed, which runs in memory and connects to command-and-control servers to register the compromised device as a proxy.
The monetization process, from initial infection to the availability of the device as a proxy on a residential proxy marketplace, can take as little as 10 minutes, indicating a highly efficient and automated operation.

285

Security Update - Release 1.32.5 · dani-garcia/vaultwarden (github.com)

submitted 1 month ago by [email protected] to c/cybersecurity

1 comments fedilink

This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.

286

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (thehackernews.com)

submitted 1 month ago by kid to c/cybersecurity

4 comments fedilink

287

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (thehackernews.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

288

Zero-Day Exploitation Targeting Palo Alto Networks Firewall (www.rapid7.com)

submitted 1 month ago by kid to c/cybersecurity

1 comments fedilink

289

Phishing emails increasingly use SVG attachments to evade detection (www.bleepingcomputer.com)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/cybersecurity

2 comments fedilink

Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection.

290

Security plugin flaw in millions of WordPress sites gives admin access (www.bleepingcomputer.com)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/cybersecurity

1 comments fedilink

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions.

291

ChatGPT allows access to underlying sandbox OS, “playbook” data (www.bleepingcomputer.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

292

Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories (www.securityweek.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink

293

Hive0145 Targets Europe with Advanced Strela Stealer Campaigns (www.infosecurity-magazine.com)

submitted 1 month ago by kid to c/cybersecurity

0 comments fedilink