Hacker News with Generative AI: Cybersecurity

Pegasus spyware infections found on several private sector phones (therecord.media)
New findings from the mobile device security company iVerify show that powerful zero-click spyware is more widely used than has been previously understood and is impacting business executives in addition to members of civil society.

Cybersecurity, Spyware, Private Sector, Mobile Security

8 points by johnshades 2 hours ago | 0 comments

Putin's secret weapon: The threat to the cables on our sea beds (bbc.co.uk)
Shortly after midday local time on Christmas Day 2024, workers at the Finnish electricity company Fingrid noticed the main undersea electricity cable linking Finland with Estonia was damaged, significantly reducing Estonia’s power supply.

International Relations, Geopolitics, Infrastructure, Cybersecurity

16 points by ralphhughes 9 hours ago | 4 comments

Ask HN: How can I prepare my digital life for geopolitical disruptions? (ycombinator.com)
I'm from Germany and currently rely on macOS and iOS, with all my personal data stored in iCloud. Recent political tensions have made me question what might happen in the event of a military conflict between the US and Europe. Could Apple be forced to shut down its services in Europe? What would happen to my devices, operating systems, and stored data in such a scenario?

Geopolitics, Cybersecurity, Privacy, Technology, Data Security

13 points by mwinatschek 10 hours ago | 15 comments

Hackers could attack Europes energy grid [video] (dw.com)
Cyber criminals are able to access solar power installations and throw entire electricity grids into chaos. DW talked to some well-minded hackers about the threat and what consumers can do to avoid it.

Cybersecurity, Energy, Europe, Hacking

6 points by HanchoPan 11 hours ago | 0 comments

Doge Teen with Cybercrime Connections Now Inside Cybersecurity Agency CISA (nextgov.com)
A handle dubbed “Rivage” was reportedly tied to Coristine, and used to discuss and solicit hacking activities with a cybercrime syndicate known as The Com.

Cybersecurity, Government, Crime, Artificial Intelligence

86 points by chonkerz 16 hours ago | 55 comments

Hacked on Stripe–$41K Gone, No Real Help from Support. What Now? (reddit.com)
I’ve always been nervous about using Stripe after reading horror stories here. Unfortunately, I took my chances due to the ease of integration, and now I’m here with my own nightmare.

Stripe, Cybersecurity, User Experiences, Customer Support

78 points by Stripeissue 17 hours ago | 28 comments

An inside look at NSA tactics, techniques and procedures from China's lens (inversecos.com)
Since I reside in a Five Eyes country (Australia) and have publicly presented four cases I led on China’s APT41 attacking organisations in ASEAN, particularly concerning China’s cyber and political strategies, I was curious to explore what China publishes about Five Eyes operations.

Cybersecurity, Espionage, Intelligence Agencies, International Relations, China

216 points by davikr 1 day ago | 68 comments

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage (wired.com)
Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.

Cybersecurity, Espionage, Russia, Signal, Ukraine

11 points by 01-_- 1 day ago | 2 comments

Multiple Russia-aligned threat actors actively targeting Signal Messenger (cloud.google.com)
Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services.

Cybersecurity, Russia, Messaging Apps, Espionage, Threat Intelligence

788 points by karel-3d 1 day ago | 274 comments

Russian phishing campaigns exploit Signal's device-linking feature (bleepingcomputer.com)
Russian threat actors have been launching phishing campaigns that exploit the legitimate “Linked Devices” feature in the Signal messaging app to gain unauthorized access to accounts of interest.

Cybersecurity, Phishing, Signal, Messaging Apps, Russia

7 points by todsacerdoti 1 day ago | 0 comments

Juniper Networks Routers API Authentication Bypass Vulnerability (juniper.net)
Loading×Sorry to interruptCSS ErrorRefresh

Cybersecurity, Network Security, Vulnerability, Juniper Networks, Routers

3 points by zdw 2 days ago | 0 comments

US publisher uses linguistic gymnastics to avoid saying outage due to ransomware (theregister.com)
US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a "cybersecurity attack," per a regulatory filing, and is the latest company to avoid using the dreaded R word.

Ransomware, Cybersecurity, Journalism, News Media, Technology

5 points by rntn 2 days ago | 1 comments

Cybersecurity Is Full (2024) (cyberisfull.com)
There has been a lot of hype for a while now about cybersecurity careers. Cybersecurity careers are hot, they say. Allow me to throw some cold water on that.

Cybersecurity, Employment, Trends

25 points by 1970-01-01 3 days ago | 18 comments

Ask HN: Why was my post on cybersecurity flagged? (ycombinator.com)
Earlier I submitted a story about elections and cybersecurity, it got several dozen upvotes, and then was quickly flagged.

Hacker News, Cybersecurity, Moderation, Voting

12 points by CalRobert 3 days ago | 11 comments

AWS India allegedly lost all data for one of their client (deccanherald.com)

AWS, Data Loss, Cybersecurity, India

15 points by maxloh 4 days ago | 2 comments

Implementing a Zero Trust Architecture [pdf] (nist.gov)

Cybersecurity, Networking, Security Architecture, Cloud Security

4 points by teleforce 4 days ago | 1 comments

China's Salt Typhoon Spies Still Hacking Telecoms by Exploiting Cisco Routers (wired.com)
When the Chinese hacker group known as Salt Typhoon was revealed last fall to have deeply penetrated major US telecommunications companies—ultimately breaching no fewer than nine of the phone carriers and accessing Americans' texts and calls in real time—that hacking campaign was treated as a four-alarm fire by the US government.

Cybersecurity, China, Hacking, Telecoms, Cisco

18 points by ironyman 5 days ago | 1 comments

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication (volexity.com)
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts.

Cybersecurity, Russia, Microsoft, Microsoft 365, Social Engineering

185 points by ChrisArchitect 5 days ago | 51 comments

GitHub flooded with malware repos spoofing real projects–no response from GitHub (ycombinator.com)
GitHub is being overrun with repositories impersonating legitimate open-source projects to spread malware. One of them is spoofing my own app. I reported it through GitHub’s official channels days ago, reached out on social media, and even contacted individual GitHub employees. No response.

Cybersecurity, Open Source, GitHub, Malware

15 points by joshdotsmith 6 days ago | 4 comments

Wyden Releases Draft Bill to Secure Americans' Communications (senate.gov)
Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., today released a discussion draft of the Global Trust in American Online Services Act to secure Americans’ communications against abusive foreign demands to weaken the security of communications services and software used by Americans.

Privacy, Cybersecurity, Legislation

140 points by commandersaki 6 days ago | 28 comments

DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier Than (cyberintel.substack.com)
Over the past month, an unprecedented number of critical government systems, including those at the nation’s nuclear research labs, have been exposed to the open internet. This exposure jeopardizes both U.S. national security and the privacy of millions of Americans.

Cybersecurity, Government, National Security

99 points by jc_811 6 days ago | 29 comments

DOGE Website Hacked (arstechnica.com)
"An official website of the United States government," reads small text atop the Department of Government Efficiency (DOGE) website that Elon Musk's team started populating this week with information on agency cuts.

Cybersecurity, Government, Elon Musk, Website Hacks

50 points by kennyloginz 6 days ago | 34 comments

The Loneliness Epidemic Is a Security Crisis (wired.com)
Loneliness has never been more urgent. On top of the significant mental health concerns, the idea that people are now lonelier and having fewer social interactions is fueling very real threats to security. Foremost among these is one of today’s most pernicious digital frauds: romance scams, which exploit targets’ feelings of isolation and net fraudsters hundreds of millions of dollars per year.

Social Issues, Cybersecurity, Romance Scams

85 points by lxm 6 days ago | 73 comments

Critical PostgreSQL bug tied to zero-day attack on US Treasury (theregister.com)
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.

Cybersecurity, Databases, Government, Vulnerabilities, Zero-Day Exploits

18 points by rntn 6 days ago | 11 comments

European Parliament urges lawmakers to use encrypted messages after China hacks (politico.eu)
The European Parliament has asked lawmakers, parliamentary assistants and staff to use Signal, an end-to-end-encrypted messaging app, as an instant messaging tool for work-related communications, according to an internal email seen by POLITICO.

Cybersecurity, Europe, Government, Messaging Apps

4 points by nickslaughter02 6 days ago | 1 comments

More victims of China's Salt Typhoon crew emerge: Telcos now hit via Cisco bugs (theregister.com)
China's Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven devices linked to global telecom providers and other orgs, in addition to its previous victim count.

Cybersecurity, China, Cisco, Telecom, Espionage

9 points by rntn 7 days ago | 1 comments

Feds want devs to stop coding 'unforgivable' buffer overflow (theregister.com)

Security, Programming, Software Development, Cybersecurity

15 points by chrisjj 7 days ago | 9 comments

Cybertrucks Are Deadlier Than Infamous Ford Pintos (motherjones.com)
Elon Musk’s Cybertrucks may look indestructible: hulking blocks of aluminum and steel that appear to be better suited for a space station than a parking spot on a narrow city street. But a new report suggests that they’re actually deadlier than one of the most infamous—and flawed—American cars ever made: the Ford Pinto.

Cybersecurity, Automotive Industry, Safety, Ford Pinto

89 points by laurex 7 days ago | 68 comments

Mysterious Palo Alto firewall reboots? You're not alone (theregister.com)
Administrators of Palo Alto Networks' firewalls have complained the equipment falls over unexpectedly, and while a fix has bee prepared, it's not yet generally available.

Cybersecurity, Network Security, Firewalls, IT Issues

10 points by LinuxBender 7 days ago | 0 comments

White Hat Hackers Expose Iridium Satellite Security Flaws (ieee.org)
In a recent demonstration, German white hat hackers showed how to intercept text messages sent via the U.S. satellite communication system Iridium and locate users with an accuracy of about 4 kilometers.

Cybersecurity, Satellite Communications, Hacking

134 points by Brajeshwar 7 days ago | 31 comments