Hacker News with Generative AI: Cybersecurity

Story of a Pentester Recruitment (silentsignal.eu)
In 2015, we published a blog post about the recruitment challenges we devised for candidates who’d like to join our pentester team. The post got much attention, with supportive comments and criticism as well. Learning from this experience, we created a completely new challenge that we’re retiring today, and we’d once again share our experiences (and the solutions!) we gained from this little game.

Cybersecurity, Penetration Testing, Recruitment, Security

5 points by ramimac 4 hours ago | 0 comments

The Former Israeli Spies Building AI Systems at Global Tech Companies (donotpanic.news)
Dozens of former members of Israel’s Unit 8200 - a secretive cyber warfare team accused of building the AI systems that helped enable the Gaza genocide - are now building AI systems for the world’s biggest tech and AI companies.

AI, Cybersecurity, Israel, Technology, Military

4 points by nerfbatplz 4 hours ago | 0 comments

Investigating an "Evil" RJ45 Dongle (lcamtuf.substack.com)
When it comes to information security headlines, a good rule of thumb is that claims about about widespread supply-chain sabotage are usually false.

Information Security, Hardware, Cybersecurity

230 points by zdw 5 hours ago | 70 comments

Chinese hackers accessed Yellen's computer in US Treasury breach (bloomberg.com)
US Treasury Secretary Janet Yellen’s computer was infiltrated and unclassified files were accessed as part of a broader breach of the agency by Chinese state-sponsored hackers, according to two people familiar with the matter.

Cybersecurity, China, Government, Hacking

4 points by Timber-6539 17 hours ago | 2 comments

Trusting clients is probably a security flaw (liberda.nl)
If your service needs to trust the clients, hold my Big Mac

Security, Trust, Software, Cybersecurity

152 points by aquastorm 18 hours ago | 122 comments

Chinese Innovations Spawn Wave of Toll Phishing via SMS (krebsonsecurity.com)
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid.

Cybersecurity, Phishing, SMS, Toll Roads, China

4 points by todsacerdoti 1 day ago | 0 comments

CISA Director posts call to action about cyber threats (cisa.gov)
As America’s Cyber Defense Agency and the National Coordinator for critical infrastructure security and resilience, CISA’s mission is to safeguard America’s critical infrastructure and enhance our nation’s collective resilience.

Cybersecurity, Government, Critical Infrastructure

17 points by heresie-dabord 1 day ago | 0 comments

New Executive Order on Cybersecurity (whitehouse.gov)
By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.), the National Emergencies Act (50 U.S.C. 1601 et seq.), section 212(f) of the Immigration and Nationality Act of 1952 (8 U.S.C. 1182(f)), and section 301 of title 3, United States Code, it is hereby ordered as follows:

Government, Cybersecurity, Politics, Law, Executive Orders

4 points by dlgeek 1 day ago | 0 comments

Russia's largest platform for state procurement hit by cyberattack (therecord.media)
Russia’s main electronic trading platform for government and corporate procurement confirmed on Monday that it had been targeted by a cyberattack after initially claiming that outages were caused by “maintenance work.”

Cybersecurity, Russia, Government, Business, Procurement

8 points by doener 2 days ago | 0 comments

UnitedHealth hid its Change Healthcare data breach notice for months (techcrunch.com)
Change Healthcare, the UnitedHealth-owned health tech company that lost more than 100 million people’s sensitive health data in a ransomware attack last year, said on Tuesday that the company has “substantially” completed notifying affected individuals about the massive data breach.

Data Breaches, Healthcare, Cybersecurity, UnitedHealth

7 points by blackeyeblitzar 2 days ago | 1 comments

NSA Warns iPhone and Android Users–Disable Location Tracking (forbes.com)
Our phones know where we are and they know where we have been—the problem is they have a nasty habit of sharing that information with others. And the latest location tracking nightmare to hit phone users shows the threat remains, despite new protections built into our iPhone and Android devices. NSA has warned users how to stop this secretive tracking—and you need to make this change now.

Privacy, Cybersecurity, Mobile Devices, Android, iPhone

8 points by taimurkazmi 2 days ago | 2 comments

FBI forces Chinese malware to delete itself from US computers (arstechnica.com)
The FBI said today that it removed Chinese malware from 4,258 US-based computers and networks by sending commands that forced the malware to use its "self-delete" function.

Cybersecurity, Malware, Government, China, United States

7 points by chha 3 days ago | 2 comments

Justice Dept., FBI and International Partners Delete China-Backed Malware (justice.gov)
The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide.

Cybersecurity, Malware, Law Enforcement, International Cooperation

11 points by Signez 3 days ago | 1 comments

DOJ confirms FBI operation that mass-deleted Chinese malware from US computers (techcrunch.com)
U.S. authorities have confirmed that they disrupted the operations of a Chinese state-backing hacking group, which infiltrated millions of computers worldwide to steal data as part of a years-long espionage campaign.

Cybersecurity, Government, China, Espionage

37 points by alp1n3_eth 3 days ago | 18 comments

Ministers consider ban on all UK public bodies making ransomware payments (theguardian.com)
Schools, the NHS and local councils will be banned from making ransomware payments under government proposals to tackle hackers.

Cybersecurity, UK Government, Ransomware, Public Sector

7 points by beardyw 4 days ago | 3 comments

DoubleClickjacking: A New type of web hacking technique (paulosyibelo.com)
“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click.

Web Security, Hacking, Cybersecurity

116 points by shinzub 4 days ago | 61 comments

USB RJ-45 adapter with malware from Aliexpress (twitter.com)

Cybersecurity, Hardware, Online Shopping, Malware

17 points by jesprenj 5 days ago | 2 comments

Apple iPhone USB-C Hacked (forbes.com)
With 100 million macOS users already reeling from news of a new credential-stealing attack, Safari users warned do not click twice, and even a report about iOS being targeted more by hackers than Android, it’s not been the most reassuring few weeks for Apple users. Now security researchers have disclosed details of a successful bypass of Apple security protections to hack the iPhone USB-C controller. So, what does this mean for smartphone security?

Cybersecurity, Apple, Smartphones, Hacking

3 points by kelt 5 days ago | 2 comments

What the TP-Link Ban in the US Means for You (thedefendopsdiaries.com)
The potential ban on TP-Link routers in the United States has sparked significant concern and debate, reflecting broader geopolitical tensions and cybersecurity challenges.

Cybersecurity, Geopolitics, Networking, US Government, Technology

25 points by tuzzmaniandevil 5 days ago | 37 comments

China: Chinese biometrics data exposed on unsecured server (medium.com)
This is a new chapter of my responsible disclosures to entities that have accidentally left unprotected data exposed in the cloud by “mistake”.

Cybersecurity, Data Privacy, China, Biometrics

5 points by jdt_jdt 5 days ago | 0 comments

FCC proposes cybersecurity labeling program for smart devices (fcc.gov)
This is the proposed U.S. Cyber Trust Mark logo, for which the FCC is seeking registration as a certification mark from the U.S. Patent and Trademark Office.

Cybersecurity, Smart Devices, Government Regulation, Technology

35 points by david_shaw 6 days ago | 4 comments

Chinese cyber-spies peek over shoulder of officials probing real-estate deals (theregister.com)
Chinese cyber-spies who broke into the US Treasury Department also stole documents from officials investigating real-estate sales near American military bases, it's reported.

Cybersecurity, Government, Espionage, Real Estate, Military

6 points by LinuxBender 6 days ago | 2 comments

OpenAI's bot crushed this seven-person company's web site 'like a DDoS attack' (techcrunch.com)
On Saturday, Triplegangers CEO Oleksandr Tomchuk was alerted that his company’s ecommerce site was down. It looked to be some kind of distributed denial-of-service attack.

Artificial Intelligence, Cybersecurity, Startups, Web Development

117 points by vednig 7 days ago | 104 comments

Legendary Hacker Receieves Presidential Pardon (semafor.com)
In early 2015, the Australian hacker Chris Wade got a visit from the fish doctor at his aquarium-filled Florida home. The patient was Gemmy the Gem Tang, a rare saltwater species known for its striking white dots and bright yellow tail that had cost Wade $3,500.

Cybersecurity, Hacking, Law, Politics

16 points by 4860vfghhtt 7 days ago | 1 comments

BlinkenCity: From Art Project to Europe-Wide Blackout Scenario (positive.security)
At the [38c3 hacker conference](https://events.ccc.de/congress/2024/infos/index.html), we [presented](https://fahrplan.events.ccc.de/congress/2024/fahrplan/talk/HSNZGR/) our “BlinkenCity” research, which **started as a fun art project idea**, and **ended up as a plausible European blackout scenario:**

Security, Cybersecurity, Art, Europe, Conferences

16 points by breakingsystems 7 days ago | 2 comments

Ukrainian Hackers have wiped out russias internet service provider NODEX (techcrunch.com)
Russian internet provider Nodex said it was in the process of restoring its systems after a destructive cyberattack earlier this week that saw hackers compromise its network and wipe its internal servers, causing an immediate and complete collapse of internet connectivity to its Russian customers.

Cybersecurity, Russia, Ukraine

10 points by amai 8 days ago | 3 comments

Japan says Chinese hackers have launched attacks (techradar.com)

Cybersecurity, China, Japan, Hacking

3 points by richbray 8 days ago | 0 comments

White House unveils Cyber Trust Mark program for consumer devices (nextgov.com)
The White House on Tuesday launched a labeling scheme for internet of things devices that would inform consumers that applicable household products meet certain government-vetted cybersecurity standards.

Cybersecurity, Consumer Protection, IoT, Government Regulations, Technology

157 points by WaitWaitWha 9 days ago | 156 comments

Cracking a 512-bit DKIM key for less than $8 in the cloud (dmarcchecker.app)
In our study on the SPF, DKIM, and DMARC records of the top 1M websites, we were surprised to uncover more than 1,700 public DKIM keys that were shorter than 1,024 bits in length.

Security, Cryptography, Cloud Computing, Cybersecurity

798 points by awulf 10 days ago | 406 comments

Backdooring your backdoors – Another $20 domain, more governments (watchtowr.com)
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability to issue valid and trusted TLS/SSL certificates for any .MOBI domain.

Security, Domains, Internet Security, Cybersecurity, Research

14 points by notmine1337 10 days ago | 2 comments