FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

The Mystery of β€˜Jia Tan,’ the XZ Backdoor Mastermind

By Andy Greenberg, Matt Burgess
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

/r/netsec's Q2 2024 Information Security Hiring Thread

By /u/netsec_burn

Overview

If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.

We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.

Please reserve top level comments for those posting open positions.

Rules & Guidelines

Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.

  • If you are a third party recruiter, you must disclose this in your posting.
  • Please be thorough and upfront with the position details.
  • Use of non-hr'd (realistic) requirements is encouraged.
  • While it's fine to link to the position on your companies website, provide the important details in the comment.
  • Mention if applicants should apply officially through HR, or directly through you.
  • Please clearly list citizenship, visa, and security clearance requirements.

You can see an example of acceptable posts by perusing past hiring threads.

Feedback

Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)

submitted by /u/netsec_burn
[link] [comments]

The XZ Backdoor: Everything You Need to Know

By Dan Goodin, Ars Technica
Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.

The Incognito Mode Myth Has Fully Unraveled

By Dell Cameron, Andrew Couts
To settle a years-long lawsuit, Google has agreed to delete β€œbillions of data records” collected from users of β€œIncognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy.

Cryptocurrency and Blockchain security due diligence: A guide to hedge risk

By Dr. Giannis Tziakouris

Blockchain technology has experienced remarkable adoption in recent years, driven by its use across a broad spectrum of institutions, governments, retail investors, and users. However, this surge in… Read more on Cisco Blogs

Last part of Lord Of The Ring0

By /u/Idov31

Last chapter of my windows kernel development series with usermode and kernel mode memory patching, AMSI bypass driver and more

submitted by /u/Idov31
[link] [comments]

A Ghost Ship’s Doomed Journey Through the Gate of Tears

By Matt Burgess
Millions lost internet service after three cables in the Red Sea were damaged. Houthi rebels deny targeting the cables, but their missile attack on a cargo ship, left adrift for months, is likely to blame.

You Should Update Apple iOS and Google Chrome ASAP

By Kate O'Flaherty
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.

Yogurt Heist Reveals a Rampant Form of Online Fraud

By Andy Greenberg, Andrew Couts
Plus: β€œMFA bombing” attacks target Apple users, Israel deploys face recognition tech on Gazans, AI gets trained to spot tent encampments, and OSINT investigators find fugitive Amond Bundy.

After almost 7 years, new version of drozer was released

By /u/agathocles11

drozer 3.0.0 is compatible with Python 3 and modern Java was released. drozer is a very popular security testing framework for Android

submitted by /u/agathocles11
[link] [comments]

Jeffrey Epstein’s Island Visitors Exposed by Data Broker

By Dhruv Mehrotra, Dell Cameron
A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.

β€˜Malicious Activity’ Hits the University of Cambridge’s Medical School

By Matt Burgess
Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the β€œmalicious activity.”

Balancing agility and predictability to achieve major engineering breakthroughs

By Shailaja Shankar

In my last blog, I shared the progress we’re making toward building the Cisco Security Cloud, an open, integrated security platform capable of tackling the rigors of securing highly distributed, m… Read more on Cisco Blogs

Releasing Substation v1.0

By /u/jshlbrdd

My team recently released v1.0 of our open source security data pipeline toolkit β€” if you’re currently using or interested in systems like Cribl or Logstash, check it out!

submitted by /u/jshlbrdd
[link] [comments]

Judges Block US Extradition of WikiLeaks Founder Julian Assangeβ€”for Now

By Dell Cameron, Matt Burgess
A high court in London says the WikiLeaks founder won’t be extradited β€œimmediately” and the US must provide more β€œassurances” about any extradition.

Chinese Hackers Charged in Decade-Long Global Spying Rampage

By Matt Burgess
US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You

By Bradley Anstis

For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their… Read more on Cisco Blogs

Bootfuzz: MBR-based Fuzzer

By /u/lightgrains

A small fuzzer designed to test BIOS Services and Port IO for old MBR-based hosts.

submitted by /u/lightgrains
[link] [comments]
❌