FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Customised CVE Notifier based on keywords

By /u/shantanu14g

I coded this over the weekend. It's my first hands-on experience with Golang, and I had fun.

This basically scrapes the RSS feed from vuldb.com and notifies on Slack when any CVEs matching the keywords are added.

Keywords can be any technology or product that you want to track, e.g., CVEs related to Apple, WordPress, Ivanti VPN, etc.

The intended users are bug bounty hunters who want to look out for interesting CVEs and organizations that want to take action when any CVE affecting them is released.

Feedback and criticism are always welcome.

Ideally, I would like to scrape the NVD API instead of vuldb, but I will work on that later.

submitted by /u/shantanu14g
[link] [comments]

The US Government Has a Microsoft Problem

By Eric Geller
Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

How Israel Defended Against Iran's Drone and Missile Attack

By Brian Barrett
The Iron Dome, US allies, and long-range interceptor missiles all came into play.

Space Force Is Planning a Military Exercise in Orbit

By Stephen Clark, Ars Technica
Two satellites will engage in a β€œrealistic threat response scenario” when Victus Haze gets underway.

Security headers audit tool

By /u/SmokeyShark_777

Hello guys! Here's a Go tool to check HTTP security headers insecure configuration. It supports Content-Security-Policy directives audit as well and can be used to assess multiple webpages/domains. If someone wants to collaborate or just leave feedback, here's the repo!

submitted by /u/SmokeyShark_777
[link] [comments]

Roku Breach Hits 567,000 Users

By Andy Greenberg, Andrew Couts
Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth.

House Votes to Extendβ€”and Expandβ€”a Major US Spy Program

By Dell Cameron
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.

Change Healthcare Faces Another Ransomware Threatβ€”and It Looks Credible

By Andy Greenberg, Matt Burgess
Change Healthcare ransomware hackers already received a $22 million payment. Now a second group is demanding money, and it has sent WIRED samples of what they claim is the company's stolen data.

CVE 10.0 vulnerability in PAN-OS

By /u/kerubi

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled.

No patch yet, apply mitigations. Actively exploited.

submitted by /u/kerubi
[link] [comments]

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

By Matt Burgess
Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

Trump Loyalists Kill Vote on US Wiretap Program

By Dell Cameron
An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law.

How to Stop Your Data From Being Used to Train AI

By Matt Burgess, Reece Rogers
Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

Streamline Threat Hunting: Shortemall Automates Short URL Analysis with a Click

By /u/osint_matter

Short'Em All is a URL scanning tool trusted by CTI Analysts and Security Researchers. It's designed to scan short URLs and provide insights into potential security risks or useful information. This tool automates the process of scanning URLs, allowing users to focus on analyzing the results.

submitted by /u/osint_matter
[link] [comments]

AI Scam Calls: How to Protect Yourself, How to Detect

By Reece Rogers
AI tools are getting better at cloning people’s voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert tips.

A Breakthrough Online Privacy Proposal Hits Congress

By Makena Kelly
While some states have made data privacy gains, the US has so far been unable to implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.

Identity Thief Lived as a Different Man for 33 Years

By Dell Cameron, Andrew Couts
Plus: Microsoft scolded for a β€œcascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.

Don't trust the cache :Exposing Web cache vulnerabilities

By /u/anasbetis94

I tried to gather all the related Web Cache vulnerabilities techniques into one blog post.

submitted by /u/anasbetis94
[link] [comments]

Wifi credential dumping

By /u/S3cur3Th1sSh1t

My latest blog post

submitted by /u/S3cur3Th1sSh1t
[link] [comments]

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

By Andy Greenberg
As β€œP4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it canβ€”and shouldβ€”adopt his methods.

The Mystery of β€˜Jia Tan,’ the XZ Backdoor Mastermind

By Andy Greenberg, Matt Burgess
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.
❌