FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

House Votes to Extendβ€”and Expandβ€”a Major US Spy Program

By Dell Cameron
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.

Change Healthcare Faces Another Ransomware Threatβ€”and It Looks Credible

By Andy Greenberg, Matt Burgess
Change Healthcare ransomware hackers already received a $22 million payment. Now a second group is demanding money, and it has sent WIRED samples of what they claim is the company's stolen data.

CVE 10.0 vulnerability in PAN-OS

By /u/kerubi

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled.

No patch yet, apply mitigations. Actively exploited.

submitted by /u/kerubi
[link] [comments]

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

By Matt Burgess
Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

Trump Loyalists Kill Vote on US Wiretap Program

By Dell Cameron
An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law.

How to Stop Your Data From Being Used to Train AI

By Matt Burgess, Reece Rogers
Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

Streamline Threat Hunting: Shortemall Automates Short URL Analysis with a Click

By /u/osint_matter

Short'Em All is a URL scanning tool trusted by CTI Analysts and Security Researchers. It's designed to scan short URLs and provide insights into potential security risks or useful information. This tool automates the process of scanning URLs, allowing users to focus on analyzing the results.

submitted by /u/osint_matter
[link] [comments]

AI Scam Calls: How to Protect Yourself, How to Detect

By Reece Rogers
AI tools are getting better at cloning people’s voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert tips.

A Breakthrough Online Privacy Proposal Hits Congress

By Makena Kelly
While some states have made data privacy gains, the US has so far been unable to implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.

Identity Thief Lived as a Different Man for 33 Years

By Dell Cameron, Andrew Couts
Plus: Microsoft scolded for a β€œcascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.

Don't trust the cache :Exposing Web cache vulnerabilities

By /u/anasbetis94

I tried to gather all the related Web Cache vulnerabilities techniques into one blog post.

submitted by /u/anasbetis94
[link] [comments]

Wifi credential dumping

By /u/S3cur3Th1sSh1t

My latest blog post

submitted by /u/S3cur3Th1sSh1t
[link] [comments]

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

By Andy Greenberg
As β€œP4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it canβ€”and shouldβ€”adopt his methods.

The Mystery of β€˜Jia Tan,’ the XZ Backdoor Mastermind

By Andy Greenberg, Matt Burgess
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

/r/netsec's Q2 2024 Information Security Hiring Thread

By /u/netsec_burn

Overview

If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.

We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.

Please reserve top level comments for those posting open positions.

Rules & Guidelines

Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.

  • If you are a third party recruiter, you must disclose this in your posting.
  • Please be thorough and upfront with the position details.
  • Use of non-hr'd (realistic) requirements is encouraged.
  • While it's fine to link to the position on your companies website, provide the important details in the comment.
  • Mention if applicants should apply officially through HR, or directly through you.
  • Please clearly list citizenship, visa, and security clearance requirements.

You can see an example of acceptable posts by perusing past hiring threads.

Feedback

Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)

submitted by /u/netsec_burn
[link] [comments]

The XZ Backdoor: Everything You Need to Know

By Dan Goodin, Ars Technica
Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.

The Incognito Mode Myth Has Fully Unraveled

By Dell Cameron, Andrew Couts
To settle a years-long lawsuit, Google has agreed to delete β€œbillions of data records” collected from users of β€œIncognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy.

Last part of Lord Of The Ring0

By /u/Idov31

Last chapter of my windows kernel development series with usermode and kernel mode memory patching, AMSI bypass driver and more

submitted by /u/Idov31
[link] [comments]

A Ghost Ship’s Doomed Journey Through the Gate of Tears

By Matt Burgess
Millions lost internet service after three cables in the Red Sea were damaged. Houthi rebels deny targeting the cables, but their missile attack on a cargo ship, left adrift for months, is likely to blame.

You Should Update Apple iOS and Google Chrome ASAP

By Kate O'Flaherty
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.

Yogurt Heist Reveals a Rampant Form of Online Fraud

By Andy Greenberg, Andrew Couts
Plus: β€œMFA bombing” attacks target Apple users, Israel deploys face recognition tech on Gazans, AI gets trained to spot tent encampments, and OSINT investigators find fugitive Amond Bundy.
❌