Cybersecurity

5938 readers

14 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

676

Transport for London cyberattack? (lemmy.zip)

submitted 4 months ago by [email protected] to c/cybersecurity

4 comments fedilink

Link goes to https://tfl.gov.uk/campaign/cyber-security-incident?cid=email_FINAL_TFLU369_Security_update-CTA_text_website

Got this email today. It seems someone is getting fired in the IT department...

677

If you had to access an unfamiliar flash drive (or other data storage), what safety precautions would you take? (lemm.ee)

submitted 4 months ago by [email protected] to c/cybersecurity

28 comments fedilink

The safest option is obvious, don't try to access its contents, but if you absolutely had to, what steps would you take to minimize/contain any potential harm to your device/network?

678

.NET-based Snake Keylogger Attack Windows Using Weaponized Excel Documents (gbhacke1.txpro1.fcomet.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

679

Business services giant CBIZ discloses customer data breach (www.bleepingcomputer.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

680

GitHub comments abused to push password stealing malware masked as fixes (www.bleepingcomputer.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

681

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems (thehackernews.com)

submitted 4 months ago by kid to c/cybersecurity

4 comments fedilink

682

Durex India data breach leaks sensitive details of customers (www.cybersecurity-insiders.com)

submitted 4 months ago by kid to c/cybersecurity

2 comments fedilink

683

Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems (www.bleepingcomputer.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

684

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (thehackernews.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

685

5G in Australia or Malaysia - who did it better? (water.house)

submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/cybersecurity

0 comments fedilink

5G in Australia or Malaysia - who did it better?

During my trip to Malaysia, I noticed a Huawei store—something that’s become rare in Australia. While Huawei phones aren’t banned, they’re hard to find due to the lack of Google services and Australia’s reliance on those seevices.

But it got me thinking: Australia has excluded Huawei from its 5G infrastructure, whereas Malaysia has taken a different approach by considering Huawei’s involvement in its 5G rollout. How do you view these differing tech strategies?

Tags for federation:

@cybersecurity
@austech

#infosec

686

Researchers find SQL injection to bypass airport TSA security checks (www.bleepingcomputer.com)

submitted 4 months ago by [email protected] to c/cybersecurity

0 comments fedilink

Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits.

687

'Voldemort' Malware Curses Orgs Using Global Tax Authorities (www.darkreading.com)

submitted 4 months ago by [email protected] to c/cybersecurity

0 comments fedilink

The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control.

688

Brain Cipher claims cyberattack on Olympic venue (www.theregister.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

689

Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day (www.akamai.com)

submitted 4 months ago by kid to c/cybersecurity

1 comments fedilink

690

FBI: RansomHub ransomware breached 210 victims since February (www.bleepingcomputer.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

691

North Korean Hackers Launch New Wave of npm Package Attacks (www.infosecurity-magazine.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

692

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool (www.trendmicro.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

693

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says (arstechnica.com)

submitted 4 months ago by [email protected] to c/cybersecurity

0 comments fedilink

Findings undercut pledges of NSO Group and Intgellexa their wares won't be abused.

694

Attack tool update impairs Windows computers (news.sophos.com)

submitted 4 months ago by kid to c/cybersecurity

0 comments fedilink

695

New Tickler malware used to backdoor US govt, defense orgs (www.bleepingcomputer.com)

submitted 4 months ago by [email protected] to c/cybersecurity

3 comments fedilink

The APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates.

696

Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking (www.darkreading.com)

submitted 4 months ago by [email protected] to c/cybersecurity

1 comments fedilink

Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.

697

Google increases Chrome bug bounty rewards up to $250,000 (www.bleepingcomputer.com)

submitted 4 months ago by [email protected] to c/cybersecurity

0 comments fedilink

Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000.

698

Hitachi Energy Vulnerabilities Plague SCADA Power Systems (www.darkreading.com)

submitted 4 months ago by [email protected] to c/cybersecurity

0 comments fedilink

The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.

699

Bug bounty programs take root in Russia — with possible far-reaching implications (www.csoonline.com)

submitted 4 months ago by [email protected] to c/cybersecurity

0 comments fedilink

International sanctions, IT isolation, and shifting attitudes to ethical hacking have bug bounty programs on the rise in Russia, with zero-day acquisition companies potentially poised to profit.

700

Unpatchable 0-day in surveillance cam is being exploited to install Mirai (arstechnica.com)

submitted 4 months ago by [email protected] to c/cybersecurity

2 comments fedilink

Vulnerability is easy to exploit and allows attackers to remotely execute commands.