Cybersecurity

5404 readers
139 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
listing: all - local
1
20
News are reporting a new attack in Lebanon where devices caught fire and exploded, from radio to cars. Share the info you have (sh.itjust.works)
submitted 14 hours ago by index@sh.itjust.works to c/cybersecurity@sh.itjust.works
3 comments fedilink
2
17
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (thehackernews.com)
submitted 20 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
3
14
Australian cops bust underworld app through compromised software updates (www.csoonline.com)
submitted 20 hours ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
0 comments fedilink
 
 

The authorities infiltrated Ghost’s distribution channel and modified updates to gain access to subscribers’ phones.

4
20
Construction firms breached in brute force attacks on accounting software (www.bleepingcomputer.com)
submitted 1 day ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
0 comments fedilink
 
 

Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks.

5
11
Ukraine, Gaza Wars Inspire DDoS Surge Against Finservs (www.darkreading.com)
submitted 1 day ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
1 comments fedilink
 
 

Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.

6
10
CISA urges software devs to weed out XSS vulnerabilities (www.bleepingcomputer.com)
submitted 1 day ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
2 comments fedilink
 
 

​CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping.

7
10
PKfail Secure Boot bypass remains a significant risk two months later (www.bleepingcomputer.com)
submitted 1 day ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
0 comments fedilink
 
 

Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks.

8
10
RCE Flaw in Google Cloud Affected Millions of Servers (www.darkreading.com)
submitted 1 day ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
0 comments fedilink
 
 

Attackers could have exploited a dependency confusion vulnerability dubbed "CloudImposer" affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

9
56
Cloudflare outage cuts off access to websites in some regions (www.bleepingcomputer.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
10
53
Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries (securityaffairs.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
8 comments fedilink
11
36
Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data (www.darkreading.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
12
28
Ransomware gangs now abuse Microsoft Azure tool for data theft (www.bleepingcomputer.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
13
10
Broadcom fixes critical RCE bug in VMware vCenter Server (www.bleepingcomputer.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
14
0
Why Pay A Pentester? (thehackernews.com)
submitted 16 hours ago by gwilikers@lemmy.ml to c/cybersecurity@sh.itjust.works
4 comments fedilink
 
 

What do you guys think? I don't think there's a lot of depth to the arguments, myself. It reads more like an threadbare op-ed with a provocative title. But I'd like to hear you opinions on the impact of automated testing solutions on the role of pen-testers in the industry.

15
10
Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Ransomware Attacks (gbhackers.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
16
9
'Void Banshee' Exploits Second Microsoft Zero-Day (www.darkreading.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
17
6
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (thehackernews.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
18
27
TfL requires in-person password resets for 30,000 employees after hack (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
7 comments fedilink
19
17
Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (thehackernews.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
20
13
Windows vulnerability abused braille “spaces” in zero-day attacks (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
21
102
1.3 million Android-based TV boxes backdoored; researchers still don’t know how (arstechnica.com)
submitted 5 days ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
12 comments fedilink
 
 

Infection corrals devices running AOSP-based firmware into a botnet.

22
49
North Korean hackers target Python devs with malware disguised as coding tests — hack has been underway for a year (www.tomshardware.com)
submitted 5 days ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
5 comments fedilink
 
 

Fake Python job opportunities used to attack programmers

23
37
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers (thehackernews.com)
submitted 5 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
2 comments fedilink
24
40
Citrix Workspace App Vulnerable to Privilege Escalation Attacks (gbhackers.com)
submitted 5 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
13 comments fedilink
25
29
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (thehackernews.com)
submitted 5 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
3 comments fedilink
view more: next ›