-
17 votes
-
‘TunnelVision’ attack leaves nearly all VPNs vulnerable to spying
40 votes -
London Drugs closes stores until further notice due to cyberattack
22 votes -
US medical providers still grappling with UnitedHealth cyberattack
9 votes -
Help me ditch Chrome's password manager!
I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options...
I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options I'm overwhelmed by the selection. There are a lot of popular options out there, and I really don't have the time/energy to endure a misstep. So without a clear idea of which manager will check all of my boxes, I end up bailing on the process and keep using chrome's built in option.
So to start, here's what I like about Chrome:
- Automatically offers to store passwords without extra clicks
- Autofills automatically where it can, and gives me an easy choice when it can't
- Works everywhere I need passwords. (basically everywhere I browse the internet since chrome works everywhere)
- Minimal overhead. This is hard to beat since Chrome just includes it, so I'm fine with a little extra setup if necessary.
I used to use keepass portable on a thumb drive (I want to say circa ~2009ish), but it became really inconvenient as my usage shifted more to mobile devices.
I see this as a first step to also reducing my reliance on Chrome so I can start to consider other browsers. Right now I feel locked in to Google's ecosystem, but I know I can break it up if I don't get too bogged down by choice. Much appreciate any help. :)
34 votes -
Bug in glibc's iconv() function allows for RCE in PHP servers by setting charset to ISO-2022-CN-EXT to trigger buffer overflow (CVE-2024-2961)
9 votes -
When provided with CVE descriptions of 15 different vulnerabilities and a set of tools useful for exploitation, GPT-4 was capable of autonomously exploiting 13 of which, yielding an 87% success rate
17 votes -
Twitter replaces twitter.com with x.com without user consent. Bad implementation invites an influx of Phishing attacks. (german source)
48 votes -
Critical vulnerability in Rust's Command library allows for command injection when using its API to invoke batch scripts with arguments on Windows systems (CVE-2024-24576)
18 votes -
Sweden's public sector has ditched Big Tech in the name of privacy as a major telecom provider unveiled a new secure collaboration hub
14 votes -
Backdoor in upstream libxz targeting sshd
104 votes -
Hackers can read private AI-assistant chats even though they’re encrypted
20 votes -
‘We’re hemorrhaging money’: US health clinics try to stay open after unprecedented cyberattack
31 votes -
White House urges use of type safe and memory safe programming languages and hardware
38 votes -
White House to Developers: Using C or C++ Invites Cybersecurity Risks
5 votes -
Leak of documents on spyware developed by vendor for Chinese government
33 votes -
Your security program is shit
63 votes -
ChatGPT is leaking passwords from private conversations of its users, Ars reader says
17 votes -
In major gaffe, hacked Microsoft test account was assigned admin privileges
28 votes -
Twenty-six billion records exposed in massive leak, including data from Linkedin, X, Dropbox
44 votes -
Hackers can infect network-connected wrenches to install ransomware, researchers say
28 votes -
EU Cyber Resilience Act: What does it mean for open source?
13 votes -
Ten years later, new clues in the Target breach
24 votes -
Now Open: 2023 SANS Holiday Hack Challenge & KringleCon
1 vote -
Self-proclaimed 'gay furry hackers' breach nuclear lab; demands research into IRL catgirls
71 votes -
Nothing’s iMessage app was a security catastrophe, taken down in twenty-four hours
65 votes -
Microsoft’s Windows Hello fingerprint authentication has been bypassed
41 votes -
Cybersecurity firm CEO pleads guilty to hacking hospitals to boost his company's business
36 votes -
Payments app Zelle begins refunds for imposter scams after Washington pressure
13 votes -
After hack, personally identifiable information records of a large percentage of citizens of India for sale on the dark web. The hack includes biometric data.
22 votes -
US sues SolarWinds for fraud over alleged cyber security neglect ahead of 2020 Russian hack of Justice and Homeland Security departments
25 votes -
Immersive Labs "Haunted Halloween" Challenges 2023
Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive,...
Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive, gamified learning in the realm of cybersecurity. They've been known to host challenges that test and enhance cyber skills.
You can sign up for free using code HAUNTEDHOLLOW to try it out hubs.ly/Q026LTZV0.
Now, I'm not posting this solely out of altruism. I could use some help on the 'Mirrored Mayhem' task.
Spoiler Alert: Details about the challenge below
I've managed to get the RCE. I've crafted a PNG and successfully executed remote code. However, I'm only able to find the 'webapp-token'. I'm at a loss when it comes to the 'user-token' or 'root-token'. The 'whats in the mirror?' file isn't giving me any leads either. I've also got a username/password from it but can't figure out where to use them.Would appreciate any pointers or hints from anyone who's tackled this challenge. Thanks in advance!
4 votes -
Prosecutors in Finland have charged a hacker accused of the theft of tens of thousands of records from psychotherapy patients
9 votes -
Finland faces growing Russian online threat, Finnish security services say – espionage attempts have increased since Ukraine invasion
22 votes -
The dangers of LLM self-exfiltration: AI alignment and cybersecurity challenges
5 votes -
US building automation giant Johnson Controls hit by ransomware attack
8 votes -
Popular thesaurus website used in sneaky cryptojacking scheme
11 votes -
New SprySOCKS Linux malware used in cyber espionage attacks
12 votes -
WinRAR zero-day exploited since April to hack trading accounts
31 votes -
Cyberattack shutters major NSF-funded telescopes for more than two weeks
18 votes -
FedFingerprinting: A federated learning approach to website fingerprinting attacks in Tor networks
6 votes -
Hackers exploited a zero-day flaw in Ivanti's software undetected for at least three months, US and Norwegian cybersecurity agencies warn
14 votes -
Microsoft lost its keys, and the US government got hacked
25 votes -
Apple fixes zero-days used to deploy Triangulation spyware via iMessage
8 votes -
Security expert defeats Lenovo laptop BIOS password with a screwdriver
13 votes -
SolarWinds: The untold story of the boldest supply-chain hack ever
7 votes -
A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster
9 votes -
Belgium launches nationwide safe harbor for ethical hackers
10 votes -
Danish parliament urges lawmakers and employees to remove TikTok on work phones as a cybersecurity measure, saying “there is a risk of espionage”
4 votes -
SolarWinds and market incentives
8 votes