FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Yesterday β€” April 24th 2024Your RSS feeds

ShotSpotter Keeps Listening for Gunfire After Contracts Expire

By Max Blaisdell, Jim Daley
Internal emails suggest that the company continued to provide gunshot data to police in cities where its contracts had been canceled.
Before yesterdayYour RSS feeds

Change Healthcare Finally Admits It Paid Ransomware Hackersβ€”and Still Faces a Patient Data Leak

By Andy Greenberg
The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark web.

The Next US President Will Have Troubling New Surveillance Powers

By Dell Cameron
Over the weekend, President Joe Biden signed legislation not only reauthorizing a major FISA spy program but expanding it in ways that could have major implications for privacy rights in the US.

North Koreans Secretly Animated Amazon and Max Shows, Researchers Say

By Matt Burgess
Thousands of exposed files on a misconfigured North Korean server hint at one way the reclusive country may evade international sanctions.

AI-Controlled Fighter Jets Are Dogfighting With Human Pilots Now

By Dell Cameron, Andrew Couts
Plus: New York’s legislature suffers a cyberattack, police disrupt a global phishing operation, and Apple removes encrypted messaging apps in China.

The Biggest Deepfake Porn Website Is Now Blocked in the UK

By Matt Burgess
The world's most-visited deepfake website and another large competing site are stopping people in the UK from accessing them, days after the UK government announced a crackdown.

The Trump Jury Has a Doxing Problem

By Andrew Couts
One juror in former US president Donald Trump’s criminal case in New York has been excused over fears she could be identified. It could get even messier.

The Real-Time Deepfake Romance Scams Have Arrived

By Matt Burgess
Watch how smooth-talking scammers known as β€œYahoo Boys” use widely available face-swapping tech to carry out elaborate romance scams.

Big Tech Says Spy Bill Turns Its Workers Into Informants

By Dell Cameron
One of Silicon Valley’s most influential lobbying arms joins privacy reformers in a fight against the Biden administration–backed expansion of a major US surveillance program.

Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities

By Andy Greenberg
Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.

Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse

By Eric Geller
A cybercriminal gang called RansomHub claims to be selling highly sensitive patient information stolen from Change Healthcare following a ransomware attack by another group in February.

US Senate to Vote on a Wiretap Bill That Critics Call β€˜Stasi-Like’

By Dell Cameron
A controversial bill reauthorizing the Section 702 spy program may force whole new categories of businesses to eavesdrop on the US government’s behalf, including on fellow Americans.

[Article] Sniping at web applications to discover input-handling vulnerabilities

By /u/daindragon2

Web applications play a crucial role in modern businesses, offering various services and often exposing sensitive data that can be enticing to attackers. As a result, there is a growing interest in finding innovative approaches for discovering vulnerabilities in web applications. In the evolving landscape of web security, the realm of fuzz testing has garnered substantial attention for its effectiveness in identifying vulnerabilities. However, existing literature has often underemphasized the nuances of web-centric fuzzing methodologies. This article presents a comprehensive exploration of fuzzing techniques specifically tailored to web applications, addressing the gap in the current research. Our work presents a holistic perspective on web-centric fuzzing, introduces a modular architecture that improves fuzzing effectiveness, demonstrates the reusability of certain fuzzing steps, and offers an open-source software package for the broader security community. By addressing these key contributions, we aim to facilitate advancements in web application security, empower researchers to explore new fuzzing techniques, and ultimately enhance the overall cybersecurity landscape

submitted by /u/daindragon2
[link] [comments]

Customised CVE Notifier based on keywords

By /u/shantanu14g

I coded this over the weekend. It's my first hands-on experience with Golang, and I had fun.

This basically scrapes the RSS feed from vuldb.com and notifies on Slack when any CVEs matching the keywords are added.

Keywords can be any technology or product that you want to track, e.g., CVEs related to Apple, WordPress, Ivanti VPN, etc.

The intended users are bug bounty hunters who want to look out for interesting CVEs and organizations that want to take action when any CVE affecting them is released.

Feedback and criticism are always welcome.

Ideally, I would like to scrape the NVD API instead of vuldb, but I will work on that later.

submitted by /u/shantanu14g
[link] [comments]

The US Government Has a Microsoft Problem

By Eric Geller
Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

How Israel Defended Against Iran's Drone and Missile Attack

By Brian Barrett
The Iron Dome, US allies, and long-range interceptor missiles all came into play.

Space Force Is Planning a Military Exercise in Orbit

By Stephen Clark, Ars Technica
Two satellites will engage in a β€œrealistic threat response scenario” when Victus Haze gets underway.

Security headers audit tool

By /u/SmokeyShark_777

Hello guys! Here's a Go tool to check HTTP security headers insecure configuration. It supports Content-Security-Policy directives audit as well and can be used to assess multiple webpages/domains. If someone wants to collaborate or just leave feedback, here's the repo!

submitted by /u/SmokeyShark_777
[link] [comments]

Roku Breach Hits 567,000 Users

By Andy Greenberg, Andrew Couts
Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth.
❌