-
0 votes
-
When Machine Learning Tells the Wrong Story
6 votes -
Encrypted Root with LUKS and Opal
6 votes -
Reversing file access control using disk forensics on low-level flash memory
6 votes -
Anyone can access deleted and private repository data on GitHub
46 votes -
Preventing the worst supply chain attack you can imagine in the Python ecosystem
28 votes -
Simple ways to find exposed sensitive information
9 votes -
This GitHub profile has a custom background
31 votes -
Four in five CISOs have been told to downplay a potential risk’s severity
9 votes -
Significant cyber incidents | Strategic technologies program
1 vote -
Cybercriminals pose as "helpful" Stack Overflow users to push malware
19 votes -
On the XZ Utils backdoor (CVE-2024-3094): FOSS delivered on its pitfalls and strengths
27 votes -
Bug in glibc's iconv() function allows for RCE in PHP servers by setting charset to ISO-2022-CN-EXT to trigger buffer overflow (CVE-2024-2961)
9 votes -
When provided with CVE descriptions of 15 different vulnerabilities and a set of tools useful for exploitation, GPT-4 was capable of autonomously exploiting 13 of which, yielding an 87% success rate
17 votes -
Twitter replaces twitter.com with x.com without user consent. Bad implementation invites an influx of Phishing attacks. (german source)
48 votes -
Don’t set up wildcard DNS records for GitHub Pages
18 votes -
Critical vulnerability in Rust's Command library allows for command injection when using its API to invoke batch scripts with arguments on Windows systems (CVE-2024-24576)
18 votes -
Backdoor in upstream libxz targeting sshd
104 votes -
Ross Anderson, computer security expert, passed away
12 votes -
White House to Developers: Using C or C++ Invites Cybersecurity Risks
5 votes -
What Is A Secure Note-Taking App?
I've been using Google's Keep Notes for all my note-taking, but I would like to shift away from that and use an app that is more secure. I've heard of Notion and Evernote but I'm not sure about...
I've been using Google's Keep Notes for all my note-taking, but I would like to shift away from that and use an app that is more secure. I've heard of Notion and Evernote but I'm not sure about their level of security/encryption. Any suggestions?
20 votes -
A 2024 plea for lean software
36 votes -
What are people's thoughts on "secureblue", "bazzite" and other ublue images?
7 votes -
Your security program is shit
63 votes -
4-year campaign backdoored iPhones using possibly the most advanced exploit ever
43 votes -
EU Cyber Resilience Act: What does it mean for open source?
13 votes -
Now Open: 2023 SANS Holiday Hack Challenge & KringleCon
1 vote -
Immersive Labs "Haunted Halloween" Challenges 2023
Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive,...
Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive, gamified learning in the realm of cybersecurity. They've been known to host challenges that test and enhance cyber skills.
You can sign up for free using code HAUNTEDHOLLOW to try it out hubs.ly/Q026LTZV0.
Now, I'm not posting this solely out of altruism. I could use some help on the 'Mirrored Mayhem' task.
Spoiler Alert: Details about the challenge below
I've managed to get the RCE. I've crafted a PNG and successfully executed remote code. However, I'm only able to find the 'webapp-token'. I'm at a loss when it comes to the 'user-token' or 'root-token'. The 'whats in the mirror?' file isn't giving me any leads either. I've also got a username/password from it but can't figure out where to use them.Would appreciate any pointers or hints from anyone who's tackled this challenge. Thanks in advance!
4 votes -
Systems Alchemy: The Transmutation of Hacking (2023)
5 votes -
How do you test your home network security?
As I'm exploring the idea of hosting my data at home (with offsite backups), I would like to better understand how to test my home network for security vulnerabilities. I have run basic Nmap scans...
As I'm exploring the idea of hosting my data at home (with offsite backups), I would like to better understand how to test my home network for security vulnerabilities.
I have run basic Nmap scans and confirmed that there are no open ports. I've confirmed that users have access to what they need but nothing else, and that guests using the network for web access don't have any sort of access to data. All data is encrypted so someone stealing the physical hardware shouldn't have access to the contents, either. But that's about as far as I know what to do.
What else could and should I try? How do you pentest your home network?
I feel I'm ok with my understanding of how to set things up so that everything is relatively secure. But I have very little idea how to actually test the setup.
Edit: Added a sentence about encryption.
25 votes -
How do you use your YubiKeys?
I'm a little late on this, admittedly. $dayjob is requiring us all to set up a pair of YubiKeys, and I'm using them for the first time and my mind is a little blown. I was seeing articles about...
I'm a little late on this, admittedly. $dayjob is requiring us all to set up a pair of YubiKeys, and I'm using them for the first time and my mind is a little blown.
I was seeing articles about "passkeys" all summer, not really grokking what they were talking about, clinging to my usernames and passwords and 2FA codes coming out of 1Password, etc.
I just set it up on a few accounts today, initially as an additional 2FA source, but when I set them on GitHub, I saw for the first time how exactly they are used instead of the username and password and 2FA combo to log in, and it seems incredible to me!
For long-time YubiKey users: what are some cool things in the ecosystem that you would recommend looking at?
21 votes -
CVE-2020-19909 is everything that is wrong with CVEs (false bug report for curl)
25 votes -
The true cost of a hack: The Rackspace Special
8 votes -
Downfall security vulnerability in Intel processors
40 votes -
The trouble with decommissioning a used FIDO security key
16 votes -
Zenbleed - Zen 2 hardware vulnerability
19 votes -
New acoustic attack steals data from keystrokes with 95% accuracy
48 votes -
Adventures with pf, nix darwin, and Tailscale on macOS Ventura
11 votes -
How do I get started in self hosting?
I'm curious on how to get started in self hosting. I have computer experience, being an Android Developer, but I hardly have experience in Linux and backend/networking work. I've been wanting to...
I'm curious on how to get started in self hosting. I have computer experience, being an Android Developer, but I hardly have experience in Linux and backend/networking work.
I've been wanting to start up a Plex/Jellyfin server for a while, and I have an old system sitting around with a Ryzen 1700 with a graphics card in there as well that's been begging for attention, and maybe I can throw on a Minecraft server in there as well. Since I travel a bunch, it would be nice too to be able to access my media for when I'm traveling, or to let my parents or friends access some shows if they so desire!
What I'm worried about is exposing my network to the internet basically. I used to run a Minecraft server with port forwarding and such on a personal computer but now I'm realizing that that's probably a bit unsafe lol.
Basically, are there any guides that I can look at, or any of your own experiences that could potentially help me or anyone who's interested?
28 votes -
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
6 votes -
LastPass users locked out due to MFA resets
64 votes -
Google released a .zip web domain and people can't decide if it's the phishing apocalypse or just as bad as any other dodgy link
13 votes -
"SHA-1 is a Shambles" - A demonstration of a chosen-prefix collision for SHA-1 (2020)
5 votes -
Samsung meeting notes and new source code are now in the wild after being leaked in ChatGPT
5 votes -
Talkback: An aggregator of security news, articles and posts
5 votes -
Monitor and respond to security alerts from within Minecraft
7 votes -
Upgraded to Windows 10, what do I need to do to optimize?
I finally got around to upgrading my mom’s computer (an Asus laptop from 2015) from Windows 8.1 to Windows 10. I’ve already deleted a few apps she won’t use (e.g., Xbox) and disabled/stopped some...
I finally got around to upgrading my mom’s computer (an Asus laptop from 2015) from Windows 8.1 to Windows 10. I’ve already deleted a few apps she won’t use (e.g., Xbox) and disabled/stopped some unneeded services. What else can I do to keep her computer fast? Particularly interesting in more services I can disable and the best browser/ad blocker combo. Thanks y’all!
10 votes -
Getting started with nmap
3 votes -
SSH server hardening
5 votes -
One-Time Programs
10 votes