Cybersecurity

7739 readers

68 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

178

FBI Warns Americans to Start Using Encrypted Messaging Apps (gizmodo.com)

submitted 7 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

54 comments fedilink

What steps can I take to be more secure on the internet? (lemmy.world)

submitted 2 years ago by Tobin@lemmy.world to c/cybersecurity@sh.itjust.works

53 comments fedilink

So recently I've gotten a bit more serious about my internet security, and made some changes. Here's a short list of what I've done, but I'm wondering if I'm missing anything important:

Moved from Brave to Firefox
Bought my own domain for my email (so I can switch email providers at any time)
Switched to Duck Duck Go from google (It's gotten worse anyways)
Bought the Proton package (VPN, Encrypted email, etc...)
Installed Thunderbird (instead of microsoft mail app)
Installed uBlock Origin
Installed Bitwarden for password managing (My passwords are also no longer all the same)

Is there anything that I have missed that should be a priority for internet security?

138

NSA Warns iPhone And Android Users—Disable Location Tracking (www.forbes.com)

submitted 5 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

52 comments fedilink

196

China bans use of Intel, AMD and Nvidia Processor Chips for security concerns (www.cybersecurity-insiders.com)

submitted 7 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

52 comments fedilink

Windows 10 users urged to upgrade to avoid "security fiasco" (www.bleepingcomputer.com)

submitted 6 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

51 comments fedilink

Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025.

"It's five minutes to twelve to avoid a security fiasco for 2025," explains ESET security expert Thorsten Urbanski.

123

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask (www.wired.com)

submitted 1 year ago by Lanky_Pomegranate530@midwest.social to c/cybersecurity@sh.itjust.works

50 comments fedilink

Google's New YouTube Warning: No Ad Blockers or Lose Your Account? (securityonline.info)

submitted 3 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

47 comments fedilink

NSA Warns iPhone And Android Users To Turn It Off And On Again (www.forbes.com)

submitted 1 year ago by Renn@sh.itjust.works to c/cybersecurity@sh.itjust.works

42 comments fedilink

186

Google now allows digital fingerprinting of its users (www.malwarebytes.com)

submitted 4 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

41 comments fedilink

278

Most to least common 4-digit PINs (www.grc.com)

submitted 1 year ago by ThetaDev@lemm.ee to c/cybersecurity@sh.itjust.works

38 comments fedilink

or why it is not a good idea to use your birthday as your pin

Stablecoin Bank Hit by Cyberattack, Loses $49.5M to Hackers (gbhackers.com)

submitted 4 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

37 comments fedilink

185

Undocumented backdoor found in Bluetooth chip used by a billion devices (www.bleepingcomputer.com)

submitted 4 months ago* (last edited 4 months ago) by neme@lemm.ee to c/cybersecurity@sh.itjust.works

33 comments fedilink

201

Windows 11's big 2024 update leaves behind ~9GB of undeletable files (www.pcworld.com)

submitted 8 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

32 comments fedilink

259

Microsoft Azure Hit With The Largest Data Breach In Its History; Hundreds Of Executive Accounts Compromised (techreport.com)

submitted 1 year ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

29 comments fedilink

For the first time in the history of Microsoft, a cyberattack has left hundreds of executive accounts compromised and caused a major user data leak as Microsoft Azure was attacked.

According to Proofpoint, the hackers use the malicious techniques that were discovered in November 2023. It includes credential theft through phishing methods and cloud account takeover (CTO) which helped the hackers gain access to both Microsoft365 applications as well as OfficeHome.

DeepSeek found to be sharing user data with TikTok parent company ByteDance (www.malwarebytes.com)

submitted 4 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

28 comments fedilink

133

Cisco is still hard-coding passwords into its products (www.thestack.technology)

submitted 8 months ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works

28 comments fedilink

Static credentials with passwords written into a firewall's code. What could go wrong?

If you had to access an unfamiliar flash drive (or other data storage), what safety precautions would you take? (lemm.ee)

submitted 10 months ago by ALostInquirer@lemm.ee to c/cybersecurity@sh.itjust.works

28 comments fedilink

The safest option is obvious, don't try to access its contents, but if you absolutely had to, what steps would you take to minimize/contain any potential harm to your device/network?

RockYou2024: 10 billion passwords leaked in the largest compilation of all time (cybernews.com)

submitted 1 year ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

28 comments fedilink

285

US abruptly turns off funding for CVE program (www.theregister.com)

submitted 2 months ago by floofloof@lemmy.ca to c/cybersecurity@sh.itjust.works

26 comments fedilink

cross-posted from: https://lemmy.bestiver.se/post/328810

Comments

Password reuse is rampant: nearly half of observed user logins are compromised (blog.cloudflare.com)

submitted 3 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

26 comments fedilink

202

VW Suffers Major Breach Exposing Location of 800,000 Electric Vehicles (cyberinsider.com)

submitted 6 months ago by minyaen@lemmy.ml to c/cybersecurity@sh.itjust.works

26 comments fedilink

If emphasis wasn't already concentrated on the security of these connected vehicles, major oversight obviously...

233

Microsoft admits Russian state hack still not contained. ‘This has tremendous national security implications’ (fortune.com)

submitted 1 year ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

26 comments fedilink

Interesting view on this situation.

Federal agency warns critical Linux vulnerability being actively exploited (arstechnica.com)

submitted 1 year ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works

25 comments fedilink

Cybersecurity and Infrastructure Security Agency urges affected users to update ASAP.

Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds (thehackernews.com)

submitted 1 year ago by Lanky_Pomegranate530@midwest.social to c/cybersecurity@sh.itjust.works

25 comments fedilink

China is building a cyber army of hackers, report finds (www.firstpost.com)

submitted 2 months ago by randomname@scribe.disroot.org to c/cybersecurity@sh.itjust.works

24 comments fedilink

cross-posted from: https://scribe.disroot.org/post/2653687

Archived version

Hackathons are common, but Chinese hacking competitions are different.

...

In 2017, Zhou Hongyi, the founder of Chinese cybersecurity giant Qihoo 360, publicly criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China. His sentiments, supported by the Chinese government, gave birth to the national hacking competition called the Tianfu Cup. The contest is focused on discovering vulnerabilities in global tech products like Apple iOS, Google’s Android, and Microsoft systems.

How is Tianfu Cup different?

A 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies.

Dakota Cary, a China-focused consultant at the US cybersecurity company SentinelOne, said, “In practice, this meant vulnerabilities were passed to the state for use in operations.”

This approach effectively turned hacking competitions into a government pipeline for acquiring zero-day vulnerabilities — software flaws unknown to vendors and extremely valuable for cyber-espionage.

...

In recent years, China’s hacking competitions have increasingly shifted focus toward breaching domestic products, including Chinese-made electric vehicles, phones, and security software.

...