Cybersecurity

9810 readers

59 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Google rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional tools (www.bleepingcomputer.com)

submitted 15 hours ago by Innerworld@lemmy.world to c/cybersecurity@sh.itjust.works

0 comments fedilink

ur best techno-babble to bypass clueless auditors? (dev.to)

submitted 21 hours ago by astrobird@thelemmy.club to c/cybersecurity@sh.itjust.works

0 comments fedilink

quick question for the dev/cybersec folks here. dealing with a wave of non-tech dpo/compliance types askin for audit proofs but they literally dont get basic architecture...

whats ur go-to excuse or techno-babble to get them off ur back when they ask for impossible stuff??

i usually just drop the classic "its covered by the aws shared responsibility model" or mumble somethin about "ephemeral instances & dynamic salts" and they just nod and leave 🤷‍♂️

lookin for some fresh red herrings or jedi mind tricks for the arsenal. how do u guys contourn the endless audit loops???

Massive Data Breach Exposes 337K LAPD-Linked Records (www.techrepublic.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

1 comments fedilink

Healthcare IT solutions provider ChipSoft hit by ransomware attack (www.bleepingcomputer.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

0 comments fedilink

Cryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack | The Record from Recorded Future News (therecord.media)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

0 comments fedilink

Do extremely short credential lifetimes actually help security? (piefed.social)

submitted 1 day ago by lnklnx@piefed.social to c/cybersecurity@sh.itjust.works

10 comments fedilink

My company has an external auth provider for the whole organization, and MFA is required (push notification to a phone app). This all works well and I agree with it, BUT they have configured the credentials to expire in 20 minutes. In practice this means everyone in the company is typing their password and fiddling with their phone dozens of times per day to work with any application except for email (somehow it gets away with caching the credentials).

Timeouts for credentials are good, but does this aggressively low setting actually provide increased security?

New ‘LucidRook’ malware used in targeted attacks on NGOs, universities (www.bleepingcomputer.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

0 comments fedilink

120

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions (cybersecuritynews.com)

submitted 2 days ago by gokayburucdev@lemmy.world to c/cybersecurity@sh.itjust.works

13 comments fedilink