Hacker News with Generative AI: Cybersecurity

Swedish police focus on Chinese ship after suspected undersea cable sabotage (theguardian.com)
Swedish police investigating the believed sabotage of two fibre-optic undersea cables in the Baltic Sea have said a Chinese ship off the coast of Denmark was “of interest” as Danish officials said its navy was shadowing a Chinese-registered cargo ship.

Cybersecurity, International Relations, Maritime Security, Sweden, China

7 points by beedeebeedee 4 hours ago | 1 comments

Europe's Internet resilience mitigates impact of submarine cable cuts (cloudflare.com)
When cable cuts occur, whether submarine or terrestrial, they often result in observable disruptions to Internet connectivity, knocking a network, city, or country offline.

Internet, Cybersecurity, Infrastructure, Europe

112 points by hampus 8 hours ago | 24 comments

Does the Internet Route Around Damage? – Baltic Sea Cable Cuts (ripe.net)
This week's Internet cable cuts in the Baltic sea have been widely reported, even as attempts to understand their cause and impact are ongoing. We turn to RIPE Atlas to provide a preliminary analysis of these events and examine to what extent the Internet in the region is resilient to these events.

Internet Infrastructure, Network Resilience, Cybersecurity, Data Analysis

59 points by voytec 12 hours ago | 12 comments

GitHub projects targeted with malicious commits to frame researcher (bleepingcomputer.com)
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects.

Cybersecurity, GitHub, Software Development, Open Source

4 points by lucaslazarus 13 hours ago | 1 comments

Ghost Tap: New cash-out tactic with NFC Relay (threatfabric.com)
Threat actors are scaling the cash-outs

Cybersecurity, NFC, Fraud, Mobile Payments

20 points by gnabgib 13 hours ago | 7 comments

D-Link says replace vulnerable routers or risk pwnage (theregister.com)
Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.

Cybersecurity, Networking, Security Vulnerabilities, Hardware

8 points by fork-bomber 15 hours ago | 1 comments

Chinese ship investigated over 'sabotaged' Baltic Sea internet cables (telegraph.co.uk)
Swedish investigators are looking into the movements of a Chinese vessel in the Baltic Sea after two internet cables were severed in what some Western leaders suspect was an act of sabotage.

Cybersecurity, International Relations, Infrastructure, Espionage

4 points by toss1 17 hours ago | 0 comments

Hackers Steal MLB Star Kris Bryant's $200K Lamborghini by Rerouting Delivery (carscoops.com)
Thieves were reportedly able to use a compromised email to reroute the car to a different destination

Cybersecurity, Sports, Crime, Automotive

36 points by rntn 1 day ago | 19 comments

Chinese vessel spotted where Baltic Sea cables were severed (afr.com)
Investigators of two severed data cables in the Baltic Sea are looking at the movements of a Chinese bulk carrier, the second such probe in recent months amid rising jitters in Europe over potential acts of sabotage.

Cybersecurity, International Relations, Maritime Security, Europe

25 points by belter 1 day ago | 7 comments

GitHub projects targeted with malicious commits to frame researcher (bleepingcomputer.com)
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects.

Cybersecurity, GitHub, Malicious Code, Software Development

10 points by bdstanga 1 day ago | 4 comments

US extradites Russian for extorting millions in Phobos ransomware payments (techcrunch.com)
The U.S. government has secured the extradition of an alleged Russian hacker who allegedly served as a key administrator of the prolific Phobos ransomware operation.

Cybersecurity, Russia, Extortion, Ransomware

7 points by impish9208 2 days ago | 3 comments

Threat Actor Exposes Playbook for Exploiting NPM to Build Blockchain-Powered (socket.dev)
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.

Cybersecurity, Blockchain, Botnets, Software Development

11 points by feross 2 days ago | 0 comments

Two telecoms cables in Baltic Sea severed, raising suspicions of sabotage (theguardian.com)
Two undersea fibre-optic communications cables in the Baltic Sea, including one linking Finland and Germany, have been severed, raising suspicions of sabotage by bad actors.

Cybersecurity, International Relations, Infrastructure, Telecommunications, Europe

7 points by Wytwwww 2 days ago | 1 comments

Finland and Germany on the severed undersea cable in the Baltic Sea (auswaertiges-amt.de)
We are deeply concerned about the severed undersea cable connecting Finland and Germany in the Baltic Sea. The fact that such an incident immediately raises suspicions of intentional damage speaks volumes about the volatility of our times. A thorough investigation is underway. Our European security is not only under threat from Russia‘s war of aggression against Ukraine, but also from hybrid warfare by malicious actors. Safeguarding our shared critical infrastructure is vital to our security and the resilience of our societies.

Cybersecurity, International Relations, Infrastructure, Europe, Russia

34 points by doener 2 days ago | 2 comments

DNA testing company vanishes along with its customers' genetic data (malwarebytes.com)
A DNA testing company that promised clients insights into their genetic disposition has suddenly disappeared.

Data Privacy, Genetics, Cybersecurity, Business

112 points by nickcotter 2 days ago | 49 comments

Finland and Lithuania Report Severed Undersea Data Cables (bloomberg.com)
An undersea data cable connecting Finland and Germany was cut in the early hours of Monday by what was likely an external impact and a nearby link between Lithuania and Sweden was also damaged.

Data Cables, Finland, Lithuania, Cybersecurity

175 points by wslh 2 days ago | 1 comments

Security means securing people where they are (yossarian.net)
Standard disclaimer: These are my personal opinions, not the opinions of my employer, PyPI, or any open source I projects I participate in (either for funsies or because I’m paid to). In particular, nothing I write below can be interpreted to imply (or imply the negation of) similar opinions by any of the above, except where explicitly stated.

Security, Cybersecurity, Opinion, Technology

11 points by woodruffw 3 days ago | 0 comments

Teen behind hundreds of swatting attacks pleads guilty to federal charges (wired.com)
In perhaps the largest swatting case to ever be prosecuted, an 18-year-old from Lancaster, California, has pleaded guilty to federal charges stemming from a nationwide spree of hundreds of shooting and bomb threat hoaxes that sent police scrambling to high schools, courthouses, and the homes of law enforcement officials and prominent politicians.

Cybersecurity, Crime, Law Enforcement

238 points by LinuxBender 3 days ago | 385 comments

Drinking water systems for 26M Americans face high cybersecurity risks (scworld.com)
The Environmental Protection Agency’s (EPAs) Office of Inspector General (OIG) on Nov. 13 reported that 97 drinking water systems serving about 26.6 million Americans around the country have either “critical or high-risk” cybersecurity vulnerabilities.

Cybersecurity, Water Infrastructure, Government Reports, United States

87 points by LinuxBender 3 days ago | 72 comments

Mystery Palo Alto Networks hijack-my-firewall zero-day officially under exploit (theregister.com)
A critical zero-day vulnerability in Palo Alto Networks' firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation.

Cybersecurity, Zero-Day Vulnerabilities, Security Exploits

5 points by LinuxBender 3 days ago | 0 comments

Fake AI video generators infect Windows, macOS with infostealers (bleepingcomputer.com)
Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices.

Cybersecurity, Malware, Windows, macOS, Stealing Credentials

10 points by sandwichsphinx 4 days ago | 5 comments

Russian spy ship confirmed to be operating near cables off Dublin (rte.ie)
A Russian spy ship has been operating near subsea cables in the Irish Sea just north of Dublin in recent days, according to vessel tracking data and military sources.

Russia, Espionage, Military, Ireland, Cybersecurity

17 points by austinallegro 5 days ago | 1 comments

NSO's attacks against WhatsApp users unsealed (techcrunch.com)
On Thursday, WhatsApp scored a legal victory by convincing a U.S. federal judge to publicly release three court documents that include new revelations about the inner workings of Pegasus, the spyware made by Israeli surveillance tech maker NSO Group.

Cybersecurity, Lawsuits, Surveillance, Israel, WhatsApp

20 points by miohtama 5 days ago | 0 comments

National Security Just Called, They Can't See the Email Traffic (mad-scientist.club)
I vividly remember the first time I installed Linux. It was December 25th, 1996, and with tears running down my face, I put a SuSE Linux install disk into the floppy drive. Things were never the same again.

National Security, Cybersecurity, Linux

52 points by nivethan 5 days ago | 14 comments

NSO – not government clients – operates its spyware, legal documents reveal (theguardian.com)
Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker – and not its government customers – is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Cybersecurity, Privacy, Law, Israel, Technology

48 points by uxhacker 6 days ago | 0 comments

Trust no one: why we can't trust most stats about the cybersecurity industry (ventureinsecurity.net)
There is a problem in cybersecurity: solid industry analysis is hard to come by.

Cybersecurity, Data Analysis, Statistics, Trust

27 points by speckx 8 days ago | 6 comments

Fault Injection – Down the Rabbit Hole (humanativaspa.it)
This series of articles describes fault injection attack techniques in order to understand their real potential by testing their limits and applicability with limited hardware (available on the market at an acceptable cost). It explores possible ways of using an attack that, in my opinion, is greatly underestimated.

Cybersecurity, Software Security, Fault Injection, Attack Techniques

69 points by voxadam 8 days ago | 4 comments

Threat actor attempted to slipstream a malware payload into yt-dlp's GitHub repo (twitter.com)

Cybersecurity, Software, GitHub, Malware

33 points by raybb 8 days ago | 5 comments

North Korean hackers create Flutter apps to bypass macOS security (bleepingcomputer.com)
North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by a legitimate Apple developer ID.

Cybersecurity, Malware, Apple, Flutter, North Korea

13 points by sandwichsphinx 9 days ago | 3 comments

Sophos has installed monitoring software on its customers' systems for years (heise.de)
Sophos has installed monitoring software on its customers' systems for years – in the name of security, of course. Jürgen Schmidt takes a critical view of this.

Cybersecurity, Software, Privacy, Business, Germany

7 points by cactusmatt 9 days ago | 0 comments