Security News

Morningstar Security News gathers all the most popular infosec and cyber security news headlines into a single page that auto-updates 24/7.

Vulnerabilities

Reversing/I like ASM

Locks/Social Engineering

Mainstream Media

Thirsty for more

Security Twitterverse

Most Popular Security News

PacketStorm

VMware Discloses Trio Of High Severity Bugs In Network Monitoring Tool new

Hacker Attempts To Exploit Old And New Bugs Up 55% new

People Are Pirating GPT-4 By Scraping Exposed API Keys new

Deepfakes Of Victims Used In Sextortion Attacks Spike, FBI Warns

BBC, BA, And Boots Issued With Ultimatum By Cyber Gang Clop

What's Really Changed 10 Years After The Snowden Revelations

ByteDance Accused Of Helping China Spy On Hong Kong Activists

Crypto Catastrophe Stikes Some Atomic Wallet Users, Over $35 Million Thought Stolen

Microsoft To Pay $20m For Child Privacy Violations

MoveIt Hack: What Actions Can Data Breach Victims Take?

SEC Accuses Coinbase Cryptocurrency Exchange Of Breaking US Regulations

Ransomware Attacks Have Room To Grow, Verizon Report Shows

The Register

Darkweb credit card marts in decline across Asia, researchers claim new

Google changes email authentication after spoof shows a bad delivery for UPS new

Robot can rip the data out of RAM chips with chilling technology new

North Korea's Lazarus Group linked to Atomic Wallet heist new

Barracuda tells its ESG owners to 'immediately' junk buggy kit new

Google puts $1M behind its promise to detect cryptomining malware new

New York City latest to sue Hyundai and Kia claiming their cars are too easy to steal new

On the frontline of cyber threats new

Microsoft says share the wealth with cyber-info for business new

Helping Windows 11 fight the hackers new

UK government to set deadline for removal of Chinese surveillance cams

Deepfakes being used in 'sextortion' scams, FBI warns

Reddit - NetSec

MSSQL linked servers: abusing ADSI for password retrieval - BlackArrow new

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign new

Legacy authentication: The curious case of BAV2ROPC new

Patching Windows Event Tracing in memory to be stealthier (POC) new

Pending motion for investigation in federal case over prosecutors planting trojan malware in emailed discovery documents!

SignatureGate - Bypassing AV/EDRs by exploiting 10 years old CVE

When hackers hack the hackers

Popular AI tool MLflow hit with more LFIs, exploit tool updated

OPC UA Structure, Messaging, Security Features

2023 Vulnerabilities and Threat Trends

IRCP: A robust information gathering tool for large scale reconnaissance on Internet Relay Chat servers

Hack Dojo - search 3000+ awesome security conference videos + AI summary

Bleeping Computer

The Hacker News

Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks new

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation new

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 new

How to Improve Your API Security Posture new

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

Barracuda Urges Immediate Replacement of Hacked ESG Appliances

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox

Winning the Mind Game: The Role of the Ransomware Negotiator

New PowerDrop Malware Targeting U.S. Aerospace Industry

New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency

Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices

Threat Wire

Exploits

Packet Storm Exploits

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution new

Microsoft Windows PowerShell Remote Command Execution new

WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation new

Delta Electronics InfraSuite Device Master Deserialization new

Expert Restaurant eCommerce 1.0 Cross Site Scripting new

Expert Restaurant eCommerce 1.0 SQL Injection new

MVC Shop 0.5 Cross Site Scripting new

NETXPERTS CMS 0.1 SQL Injection new

Microsoft HVCIScan DLL Hijacking new

Anuranan SBAdmin 2 Insecure Settings new

PaperCut PaperCutNG Authentication Bypass

Magento eCommerce 2.4.0 Information Disclosure

Exploit-DB Webapps

[webapps] Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)

[webapps] Total CMS 1.7.4 - Remote Code Execution (RCE)

[webapps] STARFACE 7.3.0.10 - Authentication with Password Hash Possible

[webapps] Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)

[webapps] Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] MotoCMS Version 3.4.3 - SQL Injection

[webapps] File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)

[webapps] Pydio Cells 4.1.2 - Unauthorised Role Assignments

[webapps] Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download

[webapps] Pydio Cells 4.1.2 - Server-Side Request Forgery

[webapps] MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

[webapps] Rukovoditel 3.3.1 - CSV injection

Exploit-DB Local and Privilege Escalation

[local] USB Flash Drives Control 4.1.0.0 - Unquoted Service Path

[local] Macro Expert 4.9 - Unquoted Service Path

[local] Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation

[local] Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

[local] Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

[local] MobileTrans 4.0.11 - Weak Service Privilege Escalation

[local] Trend Micro OfficeScan Client 10.0 - ACL Service LPE

[local] Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

[local] Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution

[local] Microsoft Update Health Service - 'Service uhssvc' Unquoted Service Path

[local] Performance Counter DLL Host - 'Service perfhost' Unquoted Service Path

[local] Elan Service - 'Service ETDService' Unquoted Service Path

Exploit-DB DoS

[dos] FLEX 1080 < 1085 Web 1.6.0 - Denial of Service

[dos] Paradox Security Systems IPR512 - Denial Of Service

[dos] FortiRecorder 6.4.3 - Denial of Service

[dos] Microsoft Windows 11 - 'cmd.exe' Denial of Service

[dos] ImageMagick 7.1.0-49 - DoS

[dos] Apache Tomcat 10.1 - Denial Of Service

[dos] XWorm Trojan 2.1 - Null Pointer Derefernce DoS

[dos] AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)

[dos] qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)

[dos] Router ZTE-H108NS - Stack Buffer Overflow (DoS)

[dos] VMware Workstation 15 Pro - Denial of Service

[dos] SuperMailer v11.20 - Buffer overflow DoS

Exploit-DB Shellcode

Exploit-DB Papers

Exploit-DB Remote

[remote] Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

[remote] Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

[remote] Optoma 1080PSTX Firmware C02 - Authentication Bypass

[remote] Screen SFT DAB 600/C - Authentication Bypass Account Creation

[remote] Screen SFT DAB 600/C - Authentication Bypass Password Change

[remote] Screen SFT DAB 600/C - Authentication Bypass Erase Account

[remote] Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

[remote] Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

[remote] Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

[remote] Epson Stylus SX510W Printer Remote Power Off - Denial of Service

[remote] Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)

[remote] Franklin Fueling Systems TS-550 - Default Password

LiveOverflow

Bug Bounties

HackerOne Blog

Seven Essential Components Of A Top-Tier Attack Surface Management Program

Audit the Security Posture of DevOps with HackerOne Source Code Assessments

A Year In HackerOne’s Bug Bounty Program

GUEST BLOG: Governments Across The World Are Mandating Vulnerability Disclosure So Why Are Companies Sitting On Their Hands?

GUEST BLOG: Vulnerability Disclosure Adoption In The Consumer IoT space Is Lagging, But What About Elsewhere?

Decoding the HackerOne Code of Conduct

FDA's New Cybersecurity Requirements: Are You Prepared as a Medical Device Manufacturer?

First Time Valid Bugs Smashed in April 2023!

Reddit - BugBounty

Question about WAFs (related to previous post by u/Fun-Career9787

BugBeat The New Bug Bounty Plateform Every Hacker Should Know About

Bug Bounty Help: How to Utilize VPN and Burp Suite Simultaneously?

how do you guys deal with waf. this is the main issue while i hunt on real webapps

An open letter on the state of affairs regarding the API pricing and third party apps and how that will impact moderators and communities.

Burp Suite Professional

Taxes in EU countries

how the medium article/twitter guys find straight forward P1 issue. Meanwhile I have to dig deep and spend more and more time on a single…

How much should I expect from bug bounty

Stored XSS via Kroki diagram

Bug Hunter that doesn't work in Security

Pentester Land

Portswigger

New: Burp Suite Enterprise Edition Pay as you scan pricing

New: Burp Suite Enterprise Edition Unlimited pricing

Burp Suite Enterprise Edition Power Tools: Unleashing the power to the command line, Python, and more

Server-Side Prototype Pollution Scanner

HackerOne Hacktivity

Vulnerabilities

Full Disclosure

Defense in depth -- the Microsoft way (part 85): escalation of privilege plus remote code execution with HVCISCAN.exe

LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863

[CVE-2023-29459] FC Red Bull Salzburg App "at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity" Arbitrary URL Loading

[RT-SA-2022-004] STARFACE: Authentication with Password Hash Possible

CVE-2022-48336 - Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8)

CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90)

CVE-2022-48334 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370)

CVE-2022-48333 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c)

CVE-2022-48332 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18)

CVE-2022-48331 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0)

SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer

[RT-SA-2023-005] Pydio Cells: Server-Side Request Forgery

NIST National Vulnerability Database

CVE-2023-3173 new

CVE-2023-3172 new

CVE-2023-34112 new

CVE-2023-34243 new

CVE-2023-32750 new

CVE-2023-34233 new

CVE-2023-29404 new

CVE-2023-29405 new

CVE-2023-34230 new

CVE-2023-32751 new

CVE-2023-34232 new

CVE-2023-0954 new

Tools

CyberPunk nowhere.net

Packet Storm Tools

OpenSSL Toolkit 3.1.1

OpenSSL Toolkit 3.0.9

OpenSSL Toolkit 1.1.1u

Wireshark Analyzer 4.0.6

tc Tor Chat Client

Nmap Port Scanner 7.94

Darknet

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

DataSurgeon – Extract Sensitive Information (PII) From Logs

Exploit Dev

Reddit - Exploit Dev

Google Chrome (CVE-2020-16040) Bug Analysis & Exploitation WriteUp

Guide: Porting Metasploit exploits to Ronin exploits

Begginer question to start the journey

Phoenix Challenges -- Stack Five (Custom Shellcode)

unable to install pwntools on mac m1

Phoenix Challenges — Stack Five (Pwntools Shellcode)

Can an Http upgrade to websocket request be converted to a reverse shell?

You have probably heard of Temu right?

PSPRAY: Timing Side-Channel based Linux Kernel Heap Exploitation Technique

3 whole days of work and study to find a bypass for the latest vgac update thankfully after only reading one single decent sized article…

Source Incite

Google Project Zero

Release of a Technical Report into Intel Trust Domain Extensions

Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

Security Researchers

Confirmation & Research Note 1: Pegasus infections in Armenian Civil Society

Assign severity ratings on Attack Surface Custom Policies

Reversing/I like ASM

Reddit - Reverse Engineering

I Hacked Magic the Gathering: Arena for a 100% Winrate

/r/ReverseEngineering's Weekly Questions Thread

Reverse engineer a scale to make it smart

'Wireshark for Android Binder' - tool for reverse engineering and intercepting/ parsing Android Binder messages

is it possible to change this meter from kmh to mph?

Commented disassembly of classic NES game Jackal

GitHub - wader/fq: jq for binary formats - tool, language and decoders for working with binary and text formats

Another (small) RE challenge

Radare2 Power Ups | Delivering Faster macOS Malware Analysis With r2 Customization

A simple static Reverse Engineering challenge I created with Intervee - can you solve it? [should take ~15min]

BlackLotus stage 2 bootkit-rootkit analysis

Guide to Suricata Rules: Detecting Malicious Domains with Datasets

Reddit - Game Hacks

OUTERPLANE v1.1.12 Hack Mod for Android new

Bad 2 Bad: Apocalypse v1.2.6 Hack Mod for Android new

DB LEGEND JP v4.22.0 Hack Mod for Android new

Night Agent: I'm the Savior v3.591.0 Hack Mod for Android new

CheatEngineV3 new

ANOTHER EDEN MENU v3.1.100 Hack Mod for Android new

Fate/Grand Order v2.73.0 Hack Mod for Android new

Legend of Heroes v1.4.0 Hack Mod for Android new

DRAGON BALL LEGENDS v4.22.0 Hack Mod for Android new

NieR Re[in]carnation ENG v3.1.0 Hack Mod for Android new

Fire Force Enbu no Shо̄ v1.1.16 Hack Mod for Android new

BLUE REFLECTION SUN v1.0.13 Hack Mod for Android new

Reddit - REGames

Is there a way to revive a game Wich server was shut down? new

How to extract these PS2 files to UE5 new

A game I love is being shut down, but I really want to keep playing it. Is it possible to create a private server for…

How can I open a .dat format?

Where can I start to make a mobile game with its servers shut down playable?

Can anyone try to reverse engineer this online game for resources?

Commented disassembly of Jackal for NES

Extracting the japanese game script from PSX games

Problems trying to reverse engineer Phantasy Star Online 2

RDR2 ESP (Single Player) DirectX12

Can I redirect a game so it plays cutscenes from the game folder, not a disc?

How do I extract sound files from Sly 4 via RPCS3?

StackExchange - ReverseEngineering

How to send HID commands over USB? Laird BT820 in HID-Proxy mode new

Need Help Figuring out Multi-byte (in-memory) byte replacement using ida script (idc) new

Cyber Talent Basic Malware Reverse Engineering new

angr - project.loader.find_symbol("main") does not works

Help wanted identifying 4x mimo cellular data antennas in HR-01 5G router

Need help reverse engineering a usb firmware patching tool

In the IDA xrefs window, can I filter by unique addresses? Or is there an alternative view providing that?

Teaching IDA to keep column width in xrefs window, or shortcut to quickly adjust them?

Anyway to hook to change file content and return for application keep read it?

How to map a decompiled c program back into original source code

Dumpbin show function names

Radare2: How to Create a Custom Scripted Panel?

Guided Hacking

Malware/APT

Reddit - Malware

Can't figure out how to get rid of Conditioner new

Ressources for learning about malwares new

Ransomware group sites leaking info via error/404/misc. pages

Scammer revenge

Scanning big files in Virustotal

Practicing Malware Analysis

Malware Detection Evasion with Debugging | TryHackMe Dynamic Malware Analysis

Intro to Malware Analysis Module - TryHackMe

Barracuda zero-day abused since 2022 to drop new malware, steal data

VirusTotal Says That Bkav Pro Thinks That FontForge Is Malicious.

Questions for any Malware Analysts

Malvertising via brand impersonation is back again

Unit42

CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief

Analyzing Web Application and API Attacks: The Cloud as a Target and a Launch Pad

Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID

Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (aka Volt Typhoon)

Cold as Ice: Unit 42 Wireshark Quiz for IcedID

Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices

It’s All in the Name: How Unit 42 Defines and Tracks Threat Adversaries

Threat Assessment: Royal Ransomware

Teasing the Secrets From Threat Actors: Malware Configuration Parsing at Scale

Network Security Trends: November 2022-January 2023

Recent Trends in Internet Threats: Common Industries Impersonated in Phishing Attacks, Web Skimmer Analysis and More

Chinese Alloy Taurus Updates PingPull Malware

FireEye Threat Research

Crypto

Reddit - Crypto

Mnemonikey | Determinstic PGP key recovery using phrases | v0.0.1 prerelease published

Question about what "big Galois group" means in NTRU Prime

FHE.org Meetup: "Differential Privacy for Free? Harnessing the Noise In Approximate HE" with Tabitha Ogilvie, Thu, Jun 8, 2023, 4:00 PM CEST

Weekly cryptography community and meta thread

Why don't password managers use Key Management Services (KMS)?

Don't Let Reddit Kill 3rd Party Apps!

StackExchange - Crypto

The concept of foo encryption scheme [closed] new

Is bilinear pairing reversible? new

Any SuperSingular curve or similar with Fp = Fq which is not badly broken unless big field orders are used?

What if LWE, factoring and discrete log are not as secure as we think?

LLL on Knapsack-eque problem

FIPS 180-4 Compliant SHA-512 Implementations [closed]

How to read libsodium's scalar from integer/bytes or NTL:zz

implementing pedersen commtiment using lib sodium

How to force openssl/s_client to send a keyshare for the specific elliptic curve (secp256r1)?

Wrong verification with Pedersen verifiable secret sharing

PCI compliance - use of ANSI X9.17 for export keys

Cache-hard or memory-hard password hashing algorithms?

Seytonic

Podcasts

Security Weekly

L0pht Heavy Industries Panel - PSW Vault

Crazy Chronicles: Hilarious Penetration Tester Stories & Unbelievable Security News - PSW #787

Generative AI Security Implications - Liam Mayron - PSW #786

PSW #785 - Kevin Johnson

PSW #784 - Paula Januszkiewicz

PSW #783 - Rob Fuller

PSW #782 - Kaitlyn Handelman

PSW #781 - Ivan Arce

PSW #780 - Billy Boatright

PSW #779 - Sin Ming Loo

PSW #778 - Philippe Laulheret

PSW #777 - Nico Waisman

Risky.Biz

Risky Business #709 -- Cl0p goes berserk with MOVEit 0day

Risky Business #708 – China's lolbin-powered adventures in US critical infrastructure

Risky Biz Soap Box: Why your EDR won't save you

Risky Business #707 -- Inside China's information lockdown with Chris Krebs

Risky Business #706 -- Why BlackBerry thinks Cuba ransomware is a Russian front

Risky Business #705 -- USA's Turla takedown marks a shift in tactics

Snake Oilers: Resourcely, Panther and Island

Risky Business #704 -- Why LLMs aren't an exploit bonanza

Risky Business #703 -- Russia whines about its tech dependence on China

Snake Oilers: Socket, Teleport and Mandiant's Purple Team

Risky Business #702 -- 3CX: It's like SolarWinds, but stupider

Risky Biz Soap Box: Haroon Meer on why the VC apocalypse is great news

The CyberWire

ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking… new

PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.

Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.

Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.

Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]

Lancefly screams bloody Merdoor.

Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.

Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.

Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.

Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.

Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]

8 GoAnywhere MFT breaches and counting. [Research Saturday]

Cyber Security Interviews

#126 – Douglas Brush (Part 4): Dollars and Cents, Not Bytes

#125 – Douglas Brush (Part 3): What is a Special Master?

#124 – Douglas Brush (Part 2): Words of Advice

ISC Daily Stormcast

ISC StormCast for Friday, June 9th, 2023 new

ISC StormCast for Thursday, June 8th, 2023

ISC StormCast for Wednesday, June 7th, 2023

ISC StormCast for Tuesday, June 6th, 2023

ISC StormCast for Monday, June 5th, 2023

ISC StormCast for Friday, June 2nd, 2023

ISC StormCast for Thursday, June 1st, 2023

ISC StormCast for Wednesday, May 31st, 2023

ISC StormCast for Tuesday, May 30th, 2023

Darknet Diaries

133: I'm the Real Connor

132: Sam the Vendor

Threat Intel

Reddit - Onions

What a time to be online new

How should I go about finding out if I'm on new

ProPublica news new

WHAT THE F* HOW? WHY? new

Anyone have a recent source for PIDs(test, mast, etc)? new

The Psychonaut Wiki new

Feather wallet new

Reddit - Pwned

/r/pwned will be going dark from June 12 in protest against Reddit's API changes which will kill 3rd party apps & tools

KFC, Pizza Hut owner discloses data breach after ransomware attack

Western Digital says criminals stole data in 'network security' breach; led to disruption of business operations and services including My Cloud online NAS

Fresh produce giant Dole discloses employee data breach after February ransomware attack that resulted in delays and shortages of Dole products on store shelves for…

Automaker Ferrari discloses data breach after receiving ransom demand

CISA: Multiple APTs exploited U.S. Government IIS Server, had access to a "federal civilian agency" from August to January 2023

HaveIBeenPwned

JD Group - 521,878 breached accounts

RaidForums - 478,604 breached accounts

Polish Credentials - 1,204,870 breached accounts

Luxottica - 77,093,812 breached accounts

RentoMojo - 2,185,697 breached accounts

MEO - 8,227 breached accounts

Terravision - 2,075,625 breached accounts

OGUsers (2022 breach) - 529,020 breached accounts

The Kodi Foundation - 400,635 breached accounts

Sundry Files - 274,461 breached accounts

Leaked Reality - 114,907 breached accounts

TheGradCafe - 310,975 breached accounts

Privacy/VPNs

Slashdot - Rights

Man Sues OpenAI Claiming ChatGPT 'Hallucination' Said He Embezzled Money new

Louisiana Passes Bill Banning Kids From the Internet Without Parental Consent new

Smart TV Industry Rocked By Alleged Patent Conspiracy From Chipmaker new

Apple, Epic Ask US Appeals Court To Reconsider Its Antitrust Ruling new

iOS 17 Automatically Removes Tracking Parameters From Links You Click On new

Malwarebytes Faces Lawsuit For Classifying Rival's Anti-Spyware Program As a Threat new

10 Years After Snowden's First Leak, What Have We Learned?

Microsoft Says Clop Ransomware Gang Is Behind MOVEit Mass-Hacks

TSA Expands Controversial Facial Recognition Program

SEC Asks For Emergency Order To Freeze Binance US Assets Anywhere In the World

Microsoft To Pay $20 Million Settlement For Illegally Collecting Children's Personal Data

White House Quiet on National Cyber Director Choice, Senator Says

Reddit - Privacy

Amazon’s Ring doorbell was used to spy on customers, FTC says in privacy case | Amazon | The Guardian new

need advice. not judgement. new

Private Messaging Application new

scared of my digital footprint. new

With the world government's central banks going to digital currency and preventing and limiting the use of cash, how do I protect my privacy from… new

Anonymously send money via FB Messenger? new

Business texted me after browsing their website and not buying anything or sharing any info. How? new

Automated Opt-out Services Annual vs Monthly companies? new

Send money anonymously via Facebook? new

Any privacy concerns with using Google Domains as a registrar? new

Standard contractual clauses: are they really a safeguard for eu-us data sharing? new

A Comprehensive Guide to Blocking Android Ads Without Installing an App new

Reddit - VPN

VPN And Spyware new

VUDU problem with VPN new

How to bind VPN Fusion profiles to WiFi SSID? new

Helping a VPN noob new

Can't use apps without VPN anymore new

I just bought a VPN to post on 4chan but it doesn't work new

VPN & Chomecast

Working internationally remote with a VPN when company wants me to work domestically

Having streaming platform troubles

Geo blocking would ur payment method rat you out?

Prime Video not letting me stream content from other countries when using VPN, can't access certain websites when using VPN

I know zero about VPNs. I want to be able to send email from my existing yahoo account without my IP address showing. What do…

PrivacyTools.io

EFF

EFF and Allies Send Letters to Senate Judiciary Opposing Bill to Require Messaging Platforms to Report Users to the DEA new

Victory! New Jersey Court Rules Police Must Give Defendant the Facial Recognition Algorithms Used to Identify Him

To Save the News, We Must Open Up App Stores

Digital Rights Updates with EFFector 35.7

Our Right To Challenge Junk Patents Is Under Threat

The Foreign Intelligence Surveillance Court Has Made a Mockery of the Constitutional Right to Privacy

The Right to Repair Is Law in Minnesota. California Should Be Next

Federal Judge Makes History in Holding That Border Searches of Cell Phones Require a Warrant

EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cybersecurity

To Save the News, We Must Ban Surveillance Advertising

Podcast Episode: Who Inserted the Creepy?

Californians: Speak Up To Protect People Seeking Repro and Gender-Affirming Care

Help Wanted

Reddit - AskNetSec

How to secure SFTP environment via DMZ new

Is there any security risk of remoting into my home computer from work? new

Reporting Security Compliance Violations (Plain text database storage of Socials, Passwords)? new

Advanced Certifications new

Differences in Nmap Scan Results with and without NordVPN - Seeking Insights

Tenable.sc connection issues

What are the differences in the scanning methods of Qualys and Nessus?

Is this bundle worth it?

Scanning AWS private instances: can a vulnerability scan performed from a bastion host considered a form of external/non-credentialed scan?

Since Cybersecurity isn't entry level, what should I choose between Dev and IT Support as first job ?

SANS OnDemand course strategy?

Reddit - Netsec Students

On June 12th, /r/netsecstudents will go dark to protest Reddit's API changes. new

Why was I hired?

Free Virtual Conference!

Career Advice: 2 Year AAS vs 4 Year traditional bachelors

We want YOUR opinion on Reddit's Upcoming API Changes

Inside the Mind of a Cyber Attacker: from Malware creation to Data Exfiltration (Part 1)

Failed my first OSCP EXAM attempt, but it wasn't too bad! - learn on my mistakes

Carrer and certifications

GCIH Practice Exam

Help a noob out. Looking for someone to elevate my cyber security skills(something that i wont get to learn in textbooks).

Stackoverflow - Security

How to securely isolate databases/users in a multi-tenant Postgresql? new

I have an AWS EC2 instance. I want to download a few Python packages, but I want to scan each package/file before they are installed.… new

Prevent insecure function new

Wordpress security, how to disable wp user_id 0 new

How do we perform penetration testing of a SPA frontend app? new

How exactly does creating and using an "integrity checksum" work with package managers? new

HeaderWriterFilter - Spring Security adding default Content-type ISO-8859-1 in response header resulting in No converter exception new

How to hide PRAGMA KEY in sqlcipher? new

Using .env file in production - conflicting information new

Security when overriding current subject in weblogic.security.service.SecurityManager new

Nscurl result , what could be reasons of failing TLSv3 when not using --bg , when i use API to execute the request it pass?

When the aler coming like that i don't understand and alos couldn't find it with searching on google

Stack Exchange

How to tell if Session is more secure than Signal? new

SSH - What is the relationship between fingerprint and known_hosts file? new

iptables drop all packets that do not come from two specific subnets new

testssl not detecting all cipher suites new

can a VPN provider do DNS poisoning? new

Credit Card Online Fraud: Suspicious Payment Dates with CCbill payement solution [closed] new

Can Outlook stay connected to an email account through a password change?

Plain encryption HDD

Is a leaked encrypted password more secure than a leaked hash?

Server-side solution to protect from bots? [duplicate]

Security risk by setting authorized_key for root user and limiting to one command?

sqlmap base64 encoded cookie with working manual sql injection

Locks/Social Engineering

Reddit - Lockpicking

Thank you for all your help yesterday new

Decoders needed? new

The VSR 2 Row is a lot of fun in a small package and similar in general layout to some High-Pin-Count locks. Ranked at Blue,… new

1K GIVEAWAY 🙂 check it out ❗ new

New addition picked out of package and pretty jazzed! new

What Does "EE" Code Mean on GSA X09? new

Holy sh*t, I got the Abus 55/40 10 minutes after the 140! new

Finally got that 140! new

Are these drivers technically spool pins? new

I built a lockpicking training stand. new

Got the covert instruments practice lock, what am I doing wrong? new

Reddit - Social Engineering

How do I disagree with men new

Me anytime I cause a minor inconvenience new

How Can I Manipulate A New Internet Provider to Give Me a Better Deal? (ASAP replies extremely appreciated) new

How to be 3X more decisive

For neurotic people what're good ways to build rapport?

Advice needed to “put myself out there” at my companies Corporate Night Event

Learn about (and practice) Social Engineering in this Hacking Simulator

How can you help someone with their motivations through words?

How To Skillfully Defend Yourself In Any Conversation

(Survey) Trash-Talking and Toxic Chatting in Online Gaming

What kind of suspicions are good for confirming in others?

what constitutes of someones inner child?

Hak5

Security Blogs

Adam Shostack & friends

Security Bloggers Network

Control Third party Access Risk new

7 Actions to Ensure Compliance of Citizen-Built Applications new

Zero API attacks = no detection capability? | Study | Contrast Security new

SBOM Executive Order: Ready for the June 11th deadline? new

Wiz Previews Sensor to Secure Cloud Application Workloads new

Better Software Development: Insights from the SBOM Scorecard new

Supporting Cyber Protection Teams new

AppSec Decoded: Ease of use with Polaris new

BSidesSF 2023 – Justin Wynn – Red Team Tales – 7 Years of Physical Penetration Testing new

The Gigabyte firmware backdoor: Lessons learned about supply chain security new

MSPs Can Simplify and Streamline CMMC 2.0 Preparation and Certification for SMBs new

Cybersecurity in Manufacturing: Key Threats and Risks new

Graham Cluley

Malware menaces Minecraft mods new

That ticking noise is your end users’ laptops

Smashing Security podcast #325: Rick Astley and the little birdie scam

Now TikTok is even banned from US govt contractors’ personal smartphones

Cl0p gang tells MOVEit hack victims to contact it before June 14, or else…

Academics, media, and think tanks warned of North Korean hacking campaign

BBC staffers warned of payroll data breach. BA and Boots also affected by MOVEit vulnerability

Hate speech is driving advertisers away from Twitter

Decade-old critical vulnerability in Jetpack patched on millions of WordPress websites

Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?

Hacking forum hacked, user database leaked online

SAS Airlines hit by $3 million ransom demand following DDoS attacks

ThreatPost

Rapid7

OWASP TOP 10 API Security Risks: 2023! new

Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec new

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances new

Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode

Metasploit Weekly Wrap-Up

This is Ceti Alpha Five!

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 Sales Director Devin Poulter On Building a Career as an Account Executive

Rapid7 Data Engineers Inspire Future Tech Talent at Summer Search Career Fest

Widespread Exploitation of Zyxel Network Devices

Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session

Healthcare Orgs: Do You Need an Outsourced SOC?

digitalmunition

Hacker News (YCombinator) - Security

Manjaro is a free and open source Linux operating system that emphasizes privacy new

Bye Bye Ubuntu, Hello Manjaro. How Did We Get Here? new

Cracking Open and Controlling a 747 Fuel Gauge new

AI Browser Extensions Are a Security Nightmare new

AI browser extensions are a security nightmare new

Tesla plans for 375,000 Cybertrucks per year new

Senators send letter questioning Mark Zuckerberg over Meta’s LLaMA leak new

US CDC sets first federal target for ventilation of indoor air to lower risk new

“fractureiser” malware in many popular Minecraft mods and modpacks

“Fractureiser” malware in popular Minecraft mods and modpacks

Quick VPN Setup with AWS Lightsail and WireGuard

NL national security law to grant automatic permission for targeted surveillance

eHacking News

Hacker Noon #Security

Wired - Security

The Bizarre Reality of Getting Online in North Korea

The Bold Plan to Create Cyber 311 Hotlines

Apple Expands Its On-Device Nudity Detection to Combat CSAM

Hacks Against Ukraine's Emergency Response Services Rise During Bombings

Inside 4chan’s Top-Secret Moderation Machine

AI Is Being Used to ‘Turbocharge’ Scams

How AI Protects (and Attacks) Your Inbox

The Messy US Influence That’s Helping Iranians Stay Online

Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own

Apple's iOS 16.5 Fixes 3 Security Bugs Already Used in Attacks

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor

Netflix’s Password-Sharing Crackdown Has Hit the US

Control C

Linux local storage access from Citrix Workspace Windows RDP via VeraCrypt

Krebs on Security

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways new

Service Rents Email Addresses for Account Signups

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Discord Admins Hacked by Malicious Bookmarks

Phishing Domains Tanked After Meta Sued Freenom

Interview With a Crypto Scam Investment Spammer

Russian Hacker “Wazawaka” Indicted for Ransomware

Re-Victimization from Police-Auctioned Cell Phones

Microsoft Patch Tuesday, May 2023 Edition

Feds Take Down 13 More DDoS-for-Hire Services

$10M Is Yours If You Can Get This Guy to Leave Russia

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Naked Security

S3 Ep138: I like to MOVEit, MOVEit new

Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug

Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

S3 Ep137: 16th century crypto skullduggery

Serious Security: That KeePass “master password crack”, and what we can learn from it

Serious Security: Verification is vital – examining an OAUTH login bug

S3 Ep136: Navigating a manic malware maelstrom

Ransomware tales: The MitM attack that really had a Man in the Middle

PyPI open-source code repository deals with manic malware maelstrom

Phone scamming kingpin gets 13 years for running “iSpoof” service

Schneier on Security

Paragon Solutions Spyware: Graphite new

How Attorneys Are Harming Cybersecurity Incident Response

Snowden Ten Years Later

The Software-Defined Car

Friday Squid Blogging: Squid Chromolithographs

Open-Source LLMs

On the Catastrophic Risk of AI

Chinese Hacking of US Critical Infrastructure

Brute-Forcing a Fingerprint Reader

Friday Squid Blogging: Online Cephalopod Course

Expeditionary Cyberspace Operations

On the Poisoning of LLMs

Linux Security

Top NAS Devices Are Being Targeted by This Dangerous Malware

Ubuntu Core as an Immutable Linux Desktop Base

Critical LibreOffice Code Execution Vuln Fixed

Multiple Easily Exploitable OpenSSL DoS Bugs Fixed

Linux Container Security Primer

Kali Linux 2023.2 Released with 13 New Tools, Pre-Built HyperV Image

Nitrux 2.8.1 Linux Distribution Unleashes Supercharged Security and Privacy Powers

Email Phishing Using Kali Linux

The Moment for AI

High-Severity ntfs-3g Buffer Overflow Vulns Fixed

Critical Remotely Exploitable Django Vuln Fixed

New Ransomware Group Uses Repurposed LockBit, Babuk Variants

Dark Reading

City of Dallas Still Clawing Back Weeks After Cyber Incident new

QuSecure Awarded US Army Contract for Post-Quantum Cybersecurity Solutions new

Cybercrooks Scrape OpenAI API Keys to Pirate GPT-4 new

Cybersecurity Institute to Open in Saudi Arabia new

Barracuda Warns All ESG Appliances Need Urgent Rip & Replace new

The Growing Cyber Threats of Generative AI: Who's Accountable? new

Sophisticated 'Impulse Project' Crypto Scam Sprawls With 1,000 Affiliate Sites new

Fighting AI-Powered Fraud: Let the Battle of the Machines Begin new

Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover new

60K+ Android Apps Have Delivered Adware Undetected for Months new

BioCatch Strengthens Collaboration With Microsoft Cloud for Financial Services

BeyondID Launches Initiative to Accelerate Zero Trust With Okta Identity Engine

Securelist

IT threat evolution Q1 2023

IT threat evolution Q1 2023. Mobile statistics

IT threat evolution in Q1 2023. Non-mobile statistics

Satacom delivers browser extension that steals cryptocurrency