Hacker News with Generative AI: Cybersecurity

Still Standing [4chan] (4chan.org)
On the afternoon of April 14th, a hacker using a UK IP address exploited an out-of-date software package on one of 4chan’s servers, via a bogus PDF upload.

Cybersecurity, Hacking, 4chan

7 points by ydnaclementine 2 hours ago | 1 comments

FBI offers $10M for information about Salt Typhoon members (arstechnica.com)
The FBI is offering $10 million for information about the China-state hacking group tracked as Salt Typhoon and its intrusion last year into sensitive networks belonging to multiple US telecommunications companies.

Cybersecurity, Hacking, China, US Government, Telecommunications

7 points by Bender 5 hours ago | 0 comments

$6.7M stolen from city of Portland in phishing scheme (oregonlive.com)
A person posing as a city of Portland vendor persuaded a city employee to send them a link allowing them to redirect $6.7 million meant for a legitimate vendor to them, a lawsuit filed in New York this month says.

Cybersecurity, Phishing, Government, Lawsuit, Portland

14 points by rwc9 2 days ago | 1 comments

Unpatched Microsoft zero-day has been exploited by DPRK, Iran, Russia, and China (trendmicro.com)
Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373 (aka ZDI-25-148), a Windows .lnk file vulnerability that enables hidden command execution.

Cybersecurity, Microsoft, Zero-day Exploits, State-Sponsored Attacks

12 points by suraci 2 days ago | 2 comments

2024 FBI Internet Crime Report [pdf] (ic3.gov)

Cybersecurity, Law Enforcement, Government Reports

6 points by gnabgib 2 days ago | 0 comments

Ransomware scum bilked victims out of a 'staggering' $16.6B last year, says FBI (theregister.com)
Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started tracking them 25 years ago.

Cybersecurity, Crime, Data Breaches, FBI

9 points by LinuxBender 2 days ago | 0 comments

Ex-NSA chief warns AI devs: Don't repeat infosec's early-day screwups (theregister.com)
AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike Rogers.

Artificial Intelligence, Cybersecurity, Security, Information Security

5 points by rntn 3 days ago | 0 comments

'They cannot be jammed': fibre optic drones pose new threat in Ukraine (theguardian.com)
On the battlefields of Ukraine, new sights emerge. Thread-like filaments of wire, extended across open fields. Netting rigged up between trees along key supply roads. Both are responses to a hard-to-detect weapon able to sneak into spaces previously thought safe, hi tech and low tech all at once.

Military Technology, Drones, Ukraine, Warfare, Cybersecurity

8 points by YeGoblynQueenne 3 days ago | 0 comments

America's cyber defenses are being dismantled from the inside (theregister.com)
America's cyber defenses are being dismantled from the inside

Cybersecurity, Politics, National Security, United States

342 points by rntn 3 days ago | 200 comments

Hacking US crosswalks to talk like Zuck is as easy as 1234 (theregister.com)
Video Crosswalk buttons in various US cities were hijacked over the past week or so to – rather than robotically tell people it's safe to walk or wait – instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.

Cybersecurity, Social Media, AI, Hacktivism

4 points by yk 3 days ago | 1 comments

M&S (Marks and Spencer) Cyber Incident Update (londonstockexchange.com)

Cybersecurity, Retail, Business

5 points by gnabgib 3 days ago | 0 comments

CISA officials jump ship, both proud of pushing for Secure by Design software (theregister.com)
Two top officials have resigned from Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, furthering fears of a brain drain amid White House cuts to the federal workforce.

Cybersecurity, Government, Resignation, Software Development

8 points by rntn 3 days ago | 0 comments

CISA's Secure by Design initiative in limbo after key leaders resign (cybersecuritydive.com)
The future of the federal government’s software-security advocacy campaign is in doubt following the departure of the two Cybersecurity and Infrastructure Security Agency officials who oversaw the program.

Cybersecurity, Government, Software Security, Leadership

6 points by johnshades 3 days ago | 0 comments

AI is helping fraudsters pump out scamming campaigns in minutes (techradar.com)

Artificial Intelligence, Fraud, Cybersecurity

14 points by Brajeshwar 4 days ago | 4 comments

1Password Service Is Unavailable (1password.com)
We are currently investigating a service disruption affecting our the 1Password web interface. Our engineering team is actively working to identify and resolve the issue.

Service Disruptions, Cybersecurity, Online Services

5 points by gpi 4 days ago | 0 comments

Whistleblower: DOGE siphoned NLRB case data (krebsonsecurity.com)
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity.

Data Breaches, Cybersecurity, Labor Law, Elon Musk, Government Efficiency

35 points by todsacerdoti 4 days ago | 4 comments

AI hallucinations lead to a new cyber threat: Slopsquatting (csoonline.com)
Cybersecurity researchers are warning of a new type of supply chain attack, Slopsquatting, induced by a hallucinating generative AI model recommending non-existent dependencies.

Cybersecurity, AI Hallucinations

15 points by walterbell 4 days ago | 1 comments

Bulletproof hosting provider Proton66 steps-up malware campaigns (scworld.com)
The Russian bulletproof hosting provider Proton66 was observed conducting malware campaigns that compromised WordPress sites and then leveraged them to target Android devices.

Cybersecurity, Malware, Hosting, WordPress, Android

5 points by LinuxBender 4 days ago | 0 comments

Oracle hopes talk of cloud data theft dies off. CISA just resurrected it (theregister.com)
CISA – the US government's Cybersecurity and Infrastructure Security Agency – has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.

Cybersecurity, Data Security, Oracle, Cloud Computing, Government

8 points by LinuxBender 4 days ago | 0 comments

Krebs resigns from SentinelOne after Trump revokes clearances (theregister.com)
Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked the security clearances of everybody at the company.

Cybersecurity, Politics, Government, Resignation, Security Clearances

27 points by cedws 5 days ago | 3 comments

4Chan was hacked and has been down for 4 days (pcworld.com)
A few days ago, on April 14, the infamous internet forum known as 4chan.org was subjected to a major hacking attack, which took down the site and made it inaccessible.

Cybersecurity, Online Communities, Hacking

12 points by Magi604 5 days ago | 23 comments

Can We Trust CVE? (opensourcesecurity.io)
If you are a security nerd, and even if you’re not, you probably heard about the epic CVE mess that happened. It’s a very long story and was covered in many places, but the TL;DR was the funding for CVE fell through, panic ensued, then CISA found some temporary funds to keep the lights, so everything is fine and we can all go back to normal.

Cybersecurity, Vulnerabilities, Open Source

58 points by gpi 6 days ago | 17 comments

Ssl.com: DCV bypass and issue fake certificates for any MX hostname (mozilla.org)
SSL.com failed to conduct accurate domain validation control when utilizing the BR 3.2.2.4.14 DCV method (Email to DNS TXT Contact). It incorrectly marks the hostname of the approver's email address as a verified domain, which is completely erroneous.

Security, SSL Certificates, Domain Validation, Cybersecurity

216 points by xPaw 6 days ago | 63 comments

CISA warns threat hunting staff of end to Google, Censys contracts due to cuts (nextgov.com)
Hundreds of staff in the Cybersecurity and Infrastructure Security Agency were notified this week that the organization discontinued one cybersecurity tool and is preparing to retire another focused on threat hunting, according to two people familiar with the matter and internal email correspondence seen by Nextgov/FCW.

Cybersecurity, Government, Technology, Budget Cuts

14 points by palebluedot 7 days ago | 3 comments

Im launching a community of dis-regulation hackers (unblend.me)

Cybersecurity, Hacking, Community, Regulation

5 points by igershteyn 7 days ago | 5 comments

Cisco Webex bug lets hackers gain code execution via meeting links (bleepingcomputer.com)
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.

Security, Cybersecurity, Cisco, Webex, Vulnerabilities

5 points by LinuxBender 7 days ago | 0 comments

Whistleblower: Doge came in, data went out, and Russians started to login (threadreaderapp.com)
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.

Cybersecurity, Whistleblower, Russia, Data Breaches

32 points by HatchedLake721 8 days ago | 9 comments

CVE fallout: The splintering of the standard vulnerability tracking system (theregister.com)
The splintering of the global system for identifying and tracking security bugs in technology products has begun.

Cybersecurity, Vulnerability Management, Standards

15 points by mdp2021 8 days ago | 1 comments

Deafening Silence from the Cybersecurity Industry (forbes.com)
In the world of cybersecurity, where truth is paramount and trust is everything, silence can be louder than an alarm.

Cybersecurity, Silence, Trust

333 points by rbanffy 8 days ago | 254 comments

Doge came in, data went out, and Russians started attempting logins (twitter.com)
Something went wrong, but don’t fret — let’s give it another shot.

Cybersecurity, Russia, Twitter, Social Media

24 points by eecc 8 days ago | 2 comments