Information Security News - The Reddit of Infosec

Smart devices: using them safely in your home

<div>Many everyday items are now connected to the internet: we explain how to use them safely.</div>

Are you hungry? A two-part blog about risk appetites

<div>Risk appetites; what are they, what’s their purpose, how do organisations go about defining them?</div>

'WannaCry' ransomware: guidance updates

<div>Jon L provides an update on the NCSC's guidance on the 'WannaCry' ransomware.</div>

Please stop saying 'it depends'!

<div>Why I'm trying desperately to stop saying 'it depends' when it comes to simple cyber security questions...</div>

Brightening the outlook for security in the cloud

<div>The NCSC's Cloud Security Research Lead suggests some approaches to help you get confidence in cloud services.</div>

NCSC IT: Installing software updates without breaking things

<div>Andy P explains how the NCSC rolls out software updates without delays.</div>

Cyber Threat Report: UK Legal Sector

<div>An updated report from the NCSC explaining how UK law firms - of all sizes - can protect themselves from common cyber threats.</div>

Using TLS to protect data

<div>Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.</div>

Setting up 2-Step Verification (2SV)

<div>How setting up 2SV can help protect your online accounts, even if your password is stolen.</div>

Serving up some server advice

<div>Highlighting guidance which will help you secure your servers</div>

HPR4366: My audio setup and editing

This show has been flagged as Clean by the host.Hi all!TopicsTopic 1: Hello, my name is Antoine.Topic 2: I listened to you!a) Comment from Archer72:"[...] Audio setups are *definitely* of interest to hackers :)"Link:https://hackerpublicradio.org/eps/hpr4325/index.html#comment_4278b) From hpr4351 :: HPR Community News for March 2025 (on the show)Something like: 'I'm not going to read your (long) comments, give a show on it'.Sorry for making you read my comments, dear HPR Janitors! (Specially you,

tj-actions with Endor Lab's Dimitri Stiliadis

Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with production-level security rigor instead of ignoring them. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2

BSidesLV24 – Ground Truth – Seek Out New Protocols, And Boldly Go Where No One Has Gone Before

Authors/Presenters: Douglas McKeeOur sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. PermalinkThe post BSidesLV24 – Ground Truth – Seek Out New Protocols, And Boldly Go Where No One Has Gone Before appeared first on Security Boulevard.

Grip Security Defines the Identity-Driven Future of SecOps

<p>Discover how SecOps is evolving from reactive alert handling to proactive, identity-driven security operations, and how Grip helps teams stay ahead of threats.</p><p>The post <a href="https://securityboulevard.com/2025/04/grip-security-defines-the-identity-driven-future-of-secops/">Grip Security Defines the Identity-Driven Future of SecOps</a> appeared first on <a href="https://securityboulevard.com">Security Boulevard</a>.</p>

Coinbase fixes 2FA log error making people think they were hacked

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. [...]

Storm-1977 targets education sector with password spraying, Microsoft warns

Microsoft warns that threat actor Storm-1977 is behind password spraying attacks against cloud tenants in the education sector.Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector. AzureChecker.exe connected to sac-auth[.]nodefunction[.]vip to download AES-encrypted data, which, once decrypted, revealed password spray targets. It also acce

Identity is the New Perimeter: CybeReady’s Analysis of IBM’s X-Force 2025 Threat Intelligence Index

The New Dawn Returns – Horizon Shifts in Cyberattack Trends Following our in-depth analysis of IBM’s 2025 Threat Intelligence Index, CybeReady’s research team has identified a significant “Back to the Future” moment in cyberattack trends that validates our longstanding approach to cyber readiness training. Our examination reveals a clear return to older but increasingly dominant […]The post Identity is the New Perimeter: CybeReady’s Analysis of IBM’s X-Force 2025 Threat Intelligence Index appear

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year."The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis.The tech giant noted that

Brave's Cookiecrumbler tool taps community to help block cookie notices

Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality. [...]

How To Use Digital Forensics To Strengthen Your Organization’s Cybersecurity Posture

Digital forensics has become a cornerstone of modern cybersecurity strategies, moving beyond its traditional role of post-incident investigation to become an essential proactive defense mechanism. Organizations today face an ever-expanding threat landscape, with attackers employing increasingly sophisticated tactics to breach defenses and compromise sensitive data. In this environment, digital forensics provides the technical foundation for […]The post How To Use Digital Forensics To Stren

Cyber Security News