Cybersecurity

9887 readers
11 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
listing: all - local
1
36
CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March | The Record from Recorded Future News (therecord.media)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
2
45
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign (thehackernews.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
3
13
New ‘Pack2TheRoot’ flaw gives hackers root Linux access (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
3 comments fedilink
4
20
Cosmetics giant Rituals discloses data breach affecting customers (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
5
17
Microsoft: Some Teams users can’t join meetings after Edge update (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
6
13
Attacker embeds Claude Code in mass credential harvesting op - iTnews (www.itnews.com.au)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
7
12
UK warns of Chinese hackers using proxy networks to evade detection (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
8
20
Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn (www.theregister.com)
submitted 3 days ago by Sepia@mander.xyz to c/cybersecurity@sh.itjust.works
1 comments fedilink
 
 

Here is the report, Defending against China-nexus covert networks of compromised devices (pdf).

A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim organizations’ operations, according to a joint 10-country advisory.

"Anyone who is a target of China-nexus cyber actors may be impacted by the use of covert networks," the security advisory warned. It was jointly released by the UK National Cyber Security Centre (NCSC) and 15 other government agencies from the United States, Australia, Canada, Germany, Japan, the Netherlands, New Zealand, Spain, and Sweden.

"The use of covert networks of compromised devices - also known as botnets - to facilitate malicious cyber activity is not new, but China-nexus cyber actors are now using them strategically, and at scale," according to the alert.

Some of these covert networks are created and maintained by Chinese information security companies, the advisory says. For example, China's Integrity Technology Group controlled and managed the so-called Raptor Train network, which in 2024 infected more than 200,000 devices worldwide, including small office home office (SOHO) routers, internet-connected web cameras and video recorders, plus firewalls and network-attached storage (NAS) devices.

...

Web Archive link

9
10
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign | The Record from Recorded Future News (therecord.media)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
10
6
UK Biobank Breach: Health Data of 500,000 Listed for Sale in China - Infosecurity Magazine (www.infosecurity-magazine.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
11
28
Hackers Use Hidden Website Instructions in New Attacks on AI Assistants (hackread.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
12
7
New Checkmarx supply-chain breach affects KICS analysis tool (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
13
6
How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite | Google Cloud Blog (cloud.google.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
14
26
Researcher claims Claude Desktop installs “spyware” on macOS (www.malwarebytes.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
15
31
Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission | news | SC Media (www.scworld.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
2 comments fedilink
16
6
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets (www.darkreading.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
17
5
Hackers exploit file upload bug in Breeze Cache WordPress plugin (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
18
28
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens (thehackernews.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
3 comments fedilink
19
5
AI-driven attacks target governments, cloud agents, supply chains | news | SC Media (www.scworld.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
20
21
Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach (hackread.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
21
114
Unauthorized Group Gains Access to Anthropic's Exclusive Cyber Tool Mythos (cybersecuritynews.com)
submitted 5 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
21 comments fedilink
22
4
Trigona ransomware attacks use custom exfiltration tool to steal data (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
23
14
Phishing reclaims the top initial access spot, attackers experiment with AI tools - Help Net Security (www.helpnetsecurity.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
24
9
Recent Microsoft Defender Vulnerability Exploited as Zero-Day - SecurityWeek (www.securityweek.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
25
12
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says - SecurityWeek (www.securityweek.com)
submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
view more: next ›