Information Security News - The Reddit of Infosec

Smart devices: using them safely in your home

<div>Many everyday items are now connected to the internet: we explain how to use them safely.</div>

Are you hungry? A two-part blog about risk appetites

<div>Risk appetites; what are they, what’s their purpose, how do organisations go about defining them?</div>

Please stop saying 'it depends'!

<div>Why I'm trying desperately to stop saying 'it depends' when it comes to simple cyber security questions...</div>

Using TLS to protect data

<div>Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.</div>

Setting up 2-Step Verification (2SV)

<div>How setting up 2SV can help protect your online accounts, even if your password is stolen.</div>

Do we need technology to filter fraudulent job applicants?

I got an urgent call from our lead engineer this summer, "Our AI is behaving strangely with candidates, saying things that should never be said in a hiring process..."I'm CEO of Conversa AI, a new talent screening product. Our AI at that moment was chatting with candidates for a Remote Engineering role. Over the next few hours I,- discovered highly unusual candidate behavior from ~21% of candidates who had been PreSelected during resume screening- I wound up on screening calls wit

Ask HN: Stream about cyber security startup, would you watch?

Hi, I am the founder/developer/"ethical hacker" of a cyber security startup (Codean). We are working on a platform (call it an Integrated Development Environment) that focuses on reviewing code for security purposes.See https://about.codean.io (work in progress...)It has been quite a journey so far, building a company, getting investment, hiring people, letting go of people, finding market fit etc. In short, many ups and many downs!Lately, I came across PirateSoftwa

Ask HN: Looking for Thesis Project Inspiration

Never thought I would get here, but these are desperate times. For context, I am currently deep in my degree in Cybersecurity and have finally reached the dreaded point where I have to pick a topic for my master's thesis. Needless to say, I knew this moment would come eventually, but it inevitably still caught me off guard, especially since we have received little to no academic guidance in choosing a topic. Now, with 1 month left to my official start, I am still without a clear topic.This

New macOS Trojan-Proxy piggybacking on cracked software

Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch”. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malwar

Automating Tasks in CentOS 7 with Cron and Anacron

In the realm of Linux system management, task automation stands as a cornerstone, a trusted ally for administrators seeking to navigate the complex landscape of server maintenance. Within this intricate tapestry, CentOS 7 emerges as a stalwart choice, known for its stability and reliability, particularly favored by those who oversee servers and professional workstations. But […] The post Automating Tasks in CentOS 7 with Cron and Anacron appeared first on TuxCare. The post Automating Tasks in Ce

Kali Linux 2023.4 Release with Cloud ARM64, Raspberry Pi 5 Support, and New Tools

Kali Linux 2023.4 Release with Cloud ARM64, Raspberry Pi 5 Support, and New Tools Post Views: 3 (adsbygoogle = window.adsbygoogle || []).push({});

Trickbot Malware Developer Pleads Guilty & Faces 35 Years in Prison

A 40-year-old Russian national, Vladimir Dunaev, pleaded guilty for developing and deploying Trickbot malware. Trickbot, a suite of malware tools, targeted hospitals and businesses, causing millions in losses. Trickbot is a sophisticated modular banking Trojan that primarily targets financial institutions. It’s favored by hackers for its versatility, allowing them to:- Deploy various malicious payloads Engage in financial fraud Stealing sensitive information Facilitating larg

Hello Authentication Vulnerabilities Discovered: Stay Safe

In the realm of cybersecurity, a recent study has brought to light a series of Hello Authentication vulnerabilities that could compromise the Windows Hello authentication on popular laptop models, including Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X. Conducted by researchers at Blackwing Intelligence, a firm specializing in hardware and software product […] The post Hello Authentication Vulnerabilities Discovered: Stay Safe appeared first on TuxCare. The post Hello Authen

Kubernetes Security: Sensitive Secrets Exposed

Cybersecurity researchers are warning of Kubernetes security issues amid the exposure of configuration secrets. It has been deemed that such exposure could put organizations at risk of supply chain attacks. Researchers believe that such attacks could be orchestrated using Kubernetes secrets exposed in public repositories as they allow access to the Software Development Life Cycle […] The post Kubernetes Security: Sensitive Secrets Exposed appeared first on TuxCare. The post Kubernetes Security:

Atlassian security advisory reveals four fresh critical flaws – in mail with dead links

<div><h4>Bitbucket, Confluence and Jira all in danger, again. Sigh</h4> <p>Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own – the links it contained weren't live for all readers at the time of despatch.…</p></div>

Microsoft issues deadline for end of Windows 10 support – it's pay to play for security

<div><h4>Limited options will be available into 2028, for an undisclosed price</h4> <p>Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence.…</p></div>

"Sierra:21" vulnerabilities impact critical infrastructure routers

<div>A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. [...]</div>

Three security data predictions for 2024

How do companies protect their digital environments in a world where everything is growing more complex, quickly – data, customer expectations, cyber threats and more? It’s difficult: Adversaries are adopting and using AI and even generative AI-based technologies against enterprises. Nation-state cyber activity is morphing from attacks and ransomware to espionage and information theft. In addition, new and updated regulations (think PCI-Data Security Standard 4.0, with which organizations will n

Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

<div>Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as follows - CVE-2023-33063 (CVSS score: 7.8) - Memory corruption in DSP Services during a remote call from HLOS to DSP. CVE-2023-33106 (CVSS score: 8.4) - Memory corruption in</div>

5 open-source tools for pentesting Kubernetes you should check out

Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments have also become a target for cyber threats. So, in this article, we present powerful open-source tools designed for you to use for Kubernetes pentesting. kubeaudit kubeaudit is a command line tool and a