-
22 votes
-
US medical providers still grappling with UnitedHealth cyberattack
9 votes -
Help me ditch Chrome's password manager!
I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options...
I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options I'm overwhelmed by the selection. There are a lot of popular options out there, and I really don't have the time/energy to endure a misstep. So without a clear idea of which manager will check all of my boxes, I end up bailing on the process and keep using chrome's built in option.
So to start, here's what I like about Chrome:
- Automatically offers to store passwords without extra clicks
- Autofills automatically where it can, and gives me an easy choice when it can't
- Works everywhere I need passwords. (basically everywhere I browse the internet since chrome works everywhere)
- Minimal overhead. This is hard to beat since Chrome just includes it, so I'm fine with a little extra setup if necessary.
I used to use keepass portable on a thumb drive (I want to say circa ~2009ish), but it became really inconvenient as my usage shifted more to mobile devices.
I see this as a first step to also reducing my reliance on Chrome so I can start to consider other browsers. Right now I feel locked in to Google's ecosystem, but I know I can break it up if I don't get too bogged down by choice. Much appreciate any help. :)
34 votes -
Bug in glibc's iconv() function allows for RCE in PHP servers by setting charset to ISO-2022-CN-EXT to trigger buffer overflow (CVE-2024-2961)
9 votes -
When provided with CVE descriptions of 15 different vulnerabilities and a set of tools useful for exploitation, GPT-4 was capable of autonomously exploiting 13 of which, yielding an 87% success rate
17 votes -
Twitter replaces twitter.com with x.com without user consent. Bad implementation invites an influx of Phishing attacks. (german source)
48 votes -
Critical vulnerability in Rust's Command library allows for command injection when using its API to invoke batch scripts with arguments on Windows systems (CVE-2024-24576)
18 votes -
Sweden's public sector has ditched Big Tech in the name of privacy as a major telecom provider unveiled a new secure collaboration hub
14 votes -
Backdoor in upstream libxz targeting sshd
104 votes -
‘We’re hemorrhaging money’: US health clinics try to stay open after unprecedented cyberattack
31 votes -
White House urges use of type safe and memory safe programming languages and hardware
38 votes -
White House to Developers: Using C or C++ Invites Cybersecurity Risks
5 votes -
Leak of documents on spyware developed by vendor for Chinese government
33 votes -
Your security program is shit
63 votes -
ChatGPT is leaking passwords from private conversations of its users, Ars reader says
17 votes -
In major gaffe, hacked Microsoft test account was assigned admin privileges
28 votes -
Twenty-six billion records exposed in massive leak, including data from Linkedin, X, Dropbox
44 votes -
Hackers can infect network-connected wrenches to install ransomware, researchers say
28 votes -
EU Cyber Resilience Act: What does it mean for open source?
13 votes -
Ten years later, new clues in the Target breach
24 votes -
How to lose a library [British Library cyber attacks]
10 votes -
Now Open: 2023 SANS Holiday Hack Challenge & KringleCon
1 vote -
Self-proclaimed 'gay furry hackers' breach nuclear lab; demands research into IRL catgirls
71 votes -
Nothing’s iMessage app was a security catastrophe, taken down in 24 hours
65 votes -
Microsoft’s Windows Hello fingerprint authentication has been bypassed
41 votes -
Cybersecurity firm CEO pleads guilty to hacking hospitals to boost his company's business
36 votes -
Ransomware gang files SEC complaint over victim’s undisclosed breach
26 votes -
Payments app Zelle begins refunds for imposter scams after Washington pressure
13 votes -
After hack, personally identifiable information records of a large percentage of citizens of India for sale on the dark web. The hack includes biometric data
22 votes -
US sues SolarWinds for fraud over alleged cyber security neglect ahead of 2020 Russian hack of Justice and Homeland Security departments
25 votes -
Immersive Labs "Haunted Halloween" Challenges 2023
Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive,...
Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive, gamified learning in the realm of cybersecurity. They've been known to host challenges that test and enhance cyber skills.
You can sign up for free using code HAUNTEDHOLLOW to try it out hubs.ly/Q026LTZV0.
Now, I'm not posting this solely out of altruism. I could use some help on the 'Mirrored Mayhem' task.
Spoiler Alert: Details about the challenge below
I've managed to get the RCE. I've crafted a PNG and successfully executed remote code. However, I'm only able to find the 'webapp-token'. I'm at a loss when it comes to the 'user-token' or 'root-token'. The 'whats in the mirror?' file isn't giving me any leads either. I've also got a username/password from it but can't figure out where to use them.Would appreciate any pointers or hints from anyone who's tackled this challenge. Thanks in advance!
4 votes -
Finland faces growing Russian online threat, Finnish security services say – espionage attempts have increased since Ukraine invasion
22 votes -
The dangers of LLM self-exfiltration: AI alignment and cybersecurity challenges
5 votes -
Building automation giant Johnson Controls hit by ransomware attack
8 votes -
Popular thesaurus website used in sneaky cryptojacking scheme
11 votes -
At MGM's hacked casinos in Las Vegas, evidence of the massive ransomware hack is everywhere, if you're looking for it
45 votes -
New SprySOCKS Linux malware used in cyber espionage attacks
12 votes -
WinRAR zero-day exploited since April to hack trading accounts
31 votes -
Cyberattack shutters major NSF-funded telescopes for more than two weeks
18 votes -
FedFingerprinting: A federated learning approach to website fingerprinting attacks in Tor networks
6 votes -
Hackers exploited a zero-day flaw in Ivanti's software undetected for at least three months, US and Norwegian cybersecurity agencies warn
14 votes -
Microsoft lost its keys, and the US government got hacked
25 votes -
Apple fixes zero-days used to deploy Triangulation spyware via iMessage
8 votes -
Security expert defeats Lenovo laptop BIOS password with a screwdriver
13 votes -
SolarWinds: The untold story of the boldest supply-chain hack ever
7 votes -
A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster
9 votes -
Belgium launches nationwide safe harbor for ethical hackers
10 votes -
Danish parliament urges lawmakers and employees to remove TikTok on work phones as a cybersecurity measure, saying “there is a risk of espionage”
4 votes -
SolarWinds and market incentives
8 votes -
Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices. CryWiper masquerades as ransomware, but its real purpose is to permanently destroy data.
12 votes -
Erik Prince wants to sell you a “secure” smartphone that’s too good to be true
12 votes -
Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies
13 votes -
Finland's parliament hit with cyberattack following US move to admit the country to NATO
7 votes -
Macho cyberwarfare and the long game
2 votes -
Chipmaker Nvidia investigating potential cyberattack
6 votes -
The battle for a powerful cyberweapon: A Times investigation reveals how Israel reaped diplomatic gains around the world from NSO’s Pegasus spyware
4 votes -
Winning the war on ransomware - The DOJ’s task force is changing the landscape around hackers, but will it be enough?
4 votes -
Sinclair Broadcast Group was hit by ransomware over the weekend
13 votes -
Unsecure at any speed?
7 votes -
Norway says cyber attack on parliament carried out from China – attack had utilised a security hole in Microsoft's Exchange software
10 votes -
Sophisticated exploits used to breach fully-patched iPhones of journalists, activists, as detailed by Amnesty International's Security Lab
24 votes -
Swedish Coop supermarkets shut due to US ransomware cyber-attack – the hack targeted Florida-based IT company Kaseya before spreading through corporate networks
8 votes -
NewsBlur Mongo database deleted in ransom attack (and restored)
NewsBlur was down yesterday evening due to its Mongo database getting attacked by a hacker and held for ransom. It’s restored from backup, but there are privacy implications for anyone who had...
NewsBlur was down yesterday evening due to its Mongo database getting attacked by a hacker and held for ransom. It’s restored from backup, but there are privacy implications for anyone who had sensitive private data there. We will likely find out more after the maintainer recovers from a busy night.
There are no good links for this, but it’s being discussed on Hacker News. Since it’s open source, someone described what’s being kept in that database.
(I use NewsBlur, but I don’t think my RSS reading habits are all that sensitive. Others might be in a different situation, though.)
6 votes -
US Department of Justice recovers $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists
17 votes -
One-fifth of US beef capacity wiped out by JBS cyberattack
28 votes -
DarkSide ransomware gang quits after servers, Bitcoin stash seized
17 votes -
Largest fuel pipeline in the United States hit by ransomware attack
31 votes -
Ransomware gang threatens release of DC police records
10 votes -
A closer look at the DarkSide ransomware gang, which was responsible for the recent attack on Colonial Pipeline
15 votes -
After decades of not using them, the Pentagon has given control of millions of IP addresses to a previously unknown company in an effort to identify possible cyber vulnerabilities and threats
17 votes -
A "worst nightmare" cyberattack: The story of the SolarWinds hack
7 votes -
I now own the Coinhive domain. Here's how I'm fighting cryptojacking and doing good things with content security policies.
15 votes -
SolarWinds: New findings from our investigation of SUNBURST
6 votes -
70TB of Parler users’ messages, videos, and posts leaked by security researchers
42 votes -
Email accounts belonging to Finnish MPs were compromised during a cyberattack on the country's parliament in the autumn
6 votes -
VMware flaw a vector in SolarWinds breach?
7 votes -
Preliminary analysis of the SolarWinds Orion supply-chain nation-state attack
7 votes -
Microsoft says it found malicious software in its systems
7 votes -
Finland's parliament approved a bill designed to protect its networks against cyber threats and espionage – may be used to exclude China's Huawei and ZTE
4 votes -
Why the extortion of Vastaamo matters far beyond Finland – and how cyber pros are responding
4 votes -
Norway has blamed Russia for a cyberattack on the email system in the parliament in August – Moscow has rejected the claim, calling it a serious and wilful provocation
6 votes -
Microsoft faces complex technical challenges in TikTok carveout
5 votes -
New South Wales government was the target of major cyber attack operation linked to China
Article: New South Wales government was the target of major cyber attack operation linked to China Also: 'Cyber attacks' point to China's spy agency, Ministry of State Security, as Huawei payback,...
Article: New South Wales government was the target of major cyber attack operation linked to China
This is a follow-up to these articles posted yesterday:
8 votes -
Cyber-attack Australia: Sophisticated attacks from ‘state-based actor’, PM says
7 votes -
Prime Minister Scott Morrison says Australian organisations, including governments and businesses, are currently being targeted by a sophisticated foreign "state-based" hacker
6 votes -
Obscure Indian cyber firm spied on politicians, investors worldwide
5 votes -
Microsoft and Intel project converts malware into images before analyzing it
10 votes -
Meet the mad scientist who wrote the book on how to hunt hackers
8 votes -
Finland is preparing to defend itself against a mysterious activist group threatening to carry out cyberattacks – unless it gets some Bitcoin
7 votes -
The cybersecurity firm Tiversa dominated an emerging online market—before it was accused of fraud, extortion, and manipulating the federal government
6 votes -
Olympic destroyer - The untold story of the 2018 Olympics cyberattack
6 votes -
NSA whistleblower dropped from Australian cyber conference at the last minute
6 votes -
The extortion economy: How insurance companies are fueling a rise in ransomware attacks
12 votes -
Ottawa city hall has been targeted by cyber attacks more than 8,000 times in the past year
8 votes -
Florida city to pay $600K ransom to hacker who seized computer systems weeks ago
5 votes -
The trade secret - Firms that promised high-tech ransomware solutions almost always just pay the hackers
9 votes -
Electricity grid cybersecurity will be expensive – who will pay, and how much?
3 votes -
Hated and hunted - The perilous life of the computer virus cracker making powerful enemies online
9 votes -
Five cybersecurity mistakes companies keep making
4 votes -
Triton is the world’s most murderous malware, and it’s spreading
16 votes