FreshRSS

πŸ”’
β–³ πŸ”ƒ
☐ β˜† βœ‡ /r/netsec - Information Security News & Discussion

Customised CVE Notifier based on keywords

By /u/shantanu14g β€” April 15th 2024 at 14:00

I coded this over the weekend. It's my first hands-on experience with Golang, and I had fun.

This basically scrapes the RSS feed from vuldb.com and notifies on Slack when any CVEs matching the keywords are added.

Keywords can be any technology or product that you want to track, e.g., CVEs related to Apple, WordPress, Ivanti VPN, etc.

The intended users are bug bounty hunters who want to look out for interesting CVEs and organizations that want to take action when any CVE affecting them is released.

Feedback and criticism are always welcome.

Ideally, I would like to scrape the NVD API instead of vuldb, but I will work on that later.

submitted by /u/shantanu14g
[link] [comments]
☐ β˜† βœ‡ WIRED

The US Government Has a Microsoft Problem

By Eric Geller β€” April 15th 2024 at 10:30
Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.
☐ β˜† βœ‡ WIRED

How Israel Defended Against Iran's Drone and Missile Attack

By Brian Barrett β€” April 14th 2024 at 01:01
The Iron Dome, US allies, and long-range interceptor missiles all came into play.
☐ β˜† βœ‡ WIRED

Space Force Is Planning a Military Exercise in Orbit

By Stephen Clark, Ars Technica β€” April 13th 2024 at 11:30
Two satellites will engage in a β€œrealistic threat response scenario” when Victus Haze gets underway.
☐ β˜† βœ‡ /r/netsec - Information Security News & Discussion

Security headers audit tool

By /u/SmokeyShark_777 β€” April 13th 2024 at 11:06

Hello guys! Here's a Go tool to check HTTP security headers insecure configuration. It supports Content-Security-Policy directives audit as well and can be used to assess multiple webpages/domains. If someone wants to collaborate or just leave feedback, here's the repo!

submitted by /u/SmokeyShark_777
[link] [comments]
☐ β˜† βœ‡ WIRED

Roku Breach Hits 567,000 Users

By Andy Greenberg, Andrew Couts β€” April 13th 2024 at 10:30
Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth.
☐ β˜† βœ‡ WIRED

House Votes to Extendβ€”and Expandβ€”a Major US Spy Program

By Dell Cameron β€” April 12th 2024 at 19:30
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.
☐ β˜† βœ‡ WIRED

Change Healthcare Faces Another Ransomware Threatβ€”and It Looks Credible

By Andy Greenberg, Matt Burgess β€” April 12th 2024 at 18:25
Change Healthcare ransomware hackers already received a $22 million payment. Now a second group is demanding money, and it has sent WIRED samples of what they claim is the company's stolen data.
☐ β˜† βœ‡ /r/netsec - Information Security News & Discussion

CVE 10.0 vulnerability in PAN-OS

By /u/kerubi β€” April 12th 2024 at 09:29

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled.

No patch yet, apply mitigations. Actively exploited.

submitted by /u/kerubi
[link] [comments]
☐ β˜† βœ‡ WIRED

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

By Matt Burgess β€” April 11th 2024 at 12:00
Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.
☐ β˜† βœ‡ WIRED

Trump Loyalists Kill Vote on US Wiretap Program

By Dell Cameron β€” April 10th 2024 at 20:15
An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law.
☐ β˜† βœ‡ WIRED

How to Stop Your Data From Being Used to Train AI

By Matt Burgess, Reece Rogers β€” April 10th 2024 at 11:30
Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.
☐ β˜† βœ‡ WIRED

Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

April 9th 2024 at 20:21
The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.
☐ β˜† βœ‡ /r/netsec - Information Security News & Discussion

Streamline Threat Hunting: Shortemall Automates Short URL Analysis with a Click

By /u/osint_matter β€” April 8th 2024 at 18:13

Short'Em All is a URL scanning tool trusted by CTI Analysts and Security Researchers. It's designed to scan short URLs and provide insights into potential security risks or useful information. This tool automates the process of scanning URLs, allowing users to focus on analyzing the results.

submitted by /u/osint_matter
[link] [comments]
☐ β˜† βœ‡ WIRED

AI Scam Calls: How to Protect Yourself, How to Detect

By Reece Rogers β€” April 8th 2024 at 11:30
AI tools are getting better at cloning people’s voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert tips.
☐ β˜† βœ‡ WIRED

A Breakthrough Online Privacy Proposal Hits Congress

By Makena Kelly β€” April 7th 2024 at 21:13
While some states have made data privacy gains, the US has so far been unable to implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.
☐ β˜† βœ‡ WIRED

Best Privacy Browsers (2024): Brave, Safari, Ghostery, Firefox, DuckDuckGo

By David Nield β€” April 6th 2024 at 12:30
Ad trackers are out of control. Use a browser that reins them in.
☐ β˜† βœ‡ WIRED

Identity Thief Lived as a Different Man for 33 Years

By Dell Cameron, Andrew Couts β€” April 6th 2024 at 09:00
Plus: Microsoft scolded for a β€œcascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.
☐ β˜† βœ‡ /r/netsec - Information Security News & Discussion

Don't trust the cache :Exposing Web cache vulnerabilities

By /u/anasbetis94 β€” April 5th 2024 at 17:13

I tried to gather all the related Web Cache vulnerabilities techniques into one blog post.

submitted by /u/anasbetis94
[link] [comments]
☐ β˜† βœ‡ /r/netsec - Information Security News & Discussion

Wifi credential dumping

By /u/S3cur3Th1sSh1t β€” April 5th 2024 at 09:13

My latest blog post

submitted by /u/S3cur3Th1sSh1t
[link] [comments]
☐ β˜† βœ‡ WIRED

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

By Andy Greenberg β€” April 4th 2024 at 09:00
As β€œP4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it canβ€”and shouldβ€”adopt his methods.
☐ β˜† βœ‡ WIRED

The Mystery of β€˜Jia Tan,’ the XZ Backdoor Mastermind

By Andy Greenberg, Matt Burgess β€” April 3rd 2024 at 13:54
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.
❌