cyber
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
Added 1 month ago
Paul Butler – Smuggling arbitrary data through an emoji
https://paulbutler.org/2025/smuggling-arbitrary-data-through-an-emoji/
Added 1 month ago
splunk/DECEIVE
https://github.com/splunk/DECEIVE
DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work! - splunk/DECEIVE
Added 1 month ago
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
Added 1 month ago
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Secu
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Introduction
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt
on my router.1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it.
After reading the description, I found that it states it builds new firmware using an online service.
Added 1 month ago
New AWS Security Incident Response helps organizations respond to and recover from security events |
https://aws.amazon.com/blogs/aws/new-aws-security-incident-response-helps-organizations-respond-to-and-recover-from-security-events/
AWS introduces a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats.
Added 1 month ago
FBI says hackers are sending fraudulent police data requests to tech giants to steal people's privat
https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/?guccounter=1
The warning is a rare admission from the FBI about the threat from fake emergency data requests submitted by hackers with access to police email accounts.
Added 1 month ago
Google Claims World First As AI Finds 0-Day Security Vulnerability
https://www.forbes.com/sites/daveywinder/2024/11/04/google-claims-world-first-as-ai-finds-0-day-security-vulnerability/
Google’s Project Zero hackers and DeepMind boffins have collaborated to uncover a zero-day security vulnerability in real-world code for the first time using AI.
Added 1 month ago
OpenSSF Adds Minder as a Sandbox Project to Simplify the Integration and Use of Open Source Security
https://openssf.org/blog/2024/10/28/openssf-adds-minder-as-a-sandbox-project-to-simplify-the-integration-and-use-of-open-source-security-tools/
Added 1 month ago
dns recon & research -find & lookup dns records
https://dnsdumpster.com/
Free domain research tool to discover hosts related to a domain. Find visible hosts from the attackers perspective for Red and Blue Teams.
Added 1 month ago
'Shift Left' Triggers Security Soul Searching
https://www.darkreading.com/application-security/shift-left-pushback-triggers-security-soul-searching
Added 1 month ago
Internet Archive hacked data breach impacts 31 million users
https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
Added 1 month ago
The Australian government has introduced new cyber security laws. Here’s what you need to know
https://theconversation.com/the-australian-government-has-introduced-new-cyber-security-laws-heres-what-you-need-to-know-240889
The long-awaited law, if passed, will be Australia’s first standalone cyber security act.
Added 1 month ago
Palo Alto Networks warns of firewall hijack bugs with public exploit
https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-firewall-hijack-bugs-with-public-exploit/
Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls.
Added 1 month ago
How open source SIEM and XDR tackle evolving threats
https://www.bleepingcomputer.com/news/security/how-open-source-siem-and-xdr-tackle-evolving-threats/
Evolving threats require security solutions that match the sophistication of modern threats. Learn more about how Wazuh, the open-source XDR and SIEM, tackles these threats.
How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack
https://blog.cloudflare.com/how-cloudflare-auto-mitigated-world-record-3-8-tbps-ddos-attack/
Over the past couple of weeks, Cloudflare's DDoS protection systems have automatically and successfully mitigated multiple hyper-volumetric L3/4 DDoS attacks exceeding 3 billion packets per second (Bpps). Our systems also automatically mitigated multiple attacks exceeding 3 terabits per second (Tbps), with the largest ones exceeding 3.65 Tbps. The scale of these attacks is unprecedented.
Added 1 month ago
Critical doomsday Linux bug is CUPS-based vulnerability • The Register
https://www.theregister.com/2024/09/26/unauthenticated_rce_bug_linux/
No patches yet, can be mitigated, requires user interaction
Added 1 month ago
NIST Drops Password Complexity Mandatory Reset Rules
https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules
Added 1 month ago
Critical Unauthenticated RCE Flaw Impacts all GNU/Linux systems
https://cybersecuritynews.com/critical-unauthenticated-rce-flaw/
Critical Unauthenticated RCE Flaw, no Common CVE identifiers have been assigned yet, although experts suggest there should be at least three to six.
Added 1 month ago
OWASP Threat Dragon
https://owasp.org/www-project-threat-dragon/
OWASP Threat Dragon is a threat modeling tool; great for both developers and defenders alike. Use on your desktop or as a web application.
Added 1 month ago
Threagile — Agile Threat Modeling Toolkit
https://threagile.io/
Threagile enables teams to execute Agile Threat Modeling as seamless as possible, even highly-integrated into DevSecOps environments.
Added 1 month ago
This Windows PowerShell Phish Has Scary Potential
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that…
Added 1 month ago
Platform Engineering Is Security Engineering
https://www.darkreading.com/application-security/platform-engineering-is-security-engineering
Added 1 month ago