Infosec.Pub

Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is simply part of the environment, not something they think about every day. That is where trouble can start. James Cusick, a researcher at Ritsumeikan University, recently set out to answer a question: how secure is the code we depend on? His study looked at both open-source and … More → The post The hidden risks inside open-source code appeared first on Help Net Security.

Your logins will live on after you pass on. Make sure they end up in the right hands.

UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information. [...]

cross-posted from: https://linkage.ds8.zone/post/515550

Folks— Most Lemmy client apps are on the phone. I am looking for a FOSS phone app that works offline. That is, the phone has no data plan and only occasionally connects to public wifi hotspots. I do not want to be entering login passwords and reading and writing posts when I am connected. Reading and writing posts interactively needs to happen offline. Typical workflow: when I meet people at a bar/cafe, I need the app to sync over the public wi-fi without using my attention. It should post my comments and fetch threads for which I am active, for offline access later. It needs to support multiple accounts spanning multiple instances.

Does anything like this exist? Or do all Lemmy/kbin/mbin phone apps demand your realtime attention when connected?

Possessor(s) is a fast-paced action side scroller with combat inspired by platform fighters, a story told through dangerous characters, set in a deep interconnected world ready for exploration.

🌐 Steam

I see that someone posted there just 11 hours ago, so it may be temporary.

I was also able to post just now, but I guess mbin masks quite well the case of the host node being offline because it posted fine, probably just to a fedia.io cache of dabradio.

When I query my own copy of the LV DB for “infosec security netsec opsec sigsec hack phreak 2600 digital crypt stego defen defcon” (it does a logical OR on all those tokens), results are:

baseurl = lemmy.securitycafe.ca
   desc = A Lemmy instance for the InfoSec community and users of securitycafe.ca
   tags = []

baseurl = digipres.cafe
   desc = A community notice board and discussion space for all things digital preservation, including digital-GLAM, and digital information records management.
   tags = []
   
baseurl = lemmy.dbzer0.com
   desc = Be Weird, Download a Car, Generate Art, Screw Copyrights, Do Maths
   tags = ["anarchist","adhd","neurodivergence","anarchism","pirate cove","hosted in eu","fuck around and find out","anti-cryptocurrency","pro-lgbtq","antifa","pro-science","SFW","anti-tankie","filesharing","AI","copylefts","anti-copyrights","acab"]

baseurl = crazypeople.online
   desc = A digital retreat from a world gone mad.
   tags = ["neurodivergence","friendly","general purpose","moderated","lemmy","lgbtq friendly","english","general","small instance","powered by renewable energy","acab","anarchist","music","memes","weed","pokemon","racing"]

No hit on infosec.pub because tags and description are empty fields. Of course if I search the baseurls themselves then infosec.pub hits, but it’s a bit incidental. Infosec.pub may not be as findable as @jerry@infosec.pub might want it to be.

(note about the results: if anyone is wondering why so few records resulted in that query, Cloudflare instances are filtered out of my searches. The unfiltered list in this sample query is larger)

A Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $1 million. [...]

Cyberattacks are becoming more frequent and severe, with 71% of surveyed security leaders saying attacks have grown more common in the past year and 61% reporting greater impact when incidents occur, according to a new report from VikingCloud. Nation-state attacks move to the forefront Nearly 80% of surveyed security leaders said they are concerned about being targeted by a nation-state attack within the next year. The study shows how geopolitical tensions are fueling activity that … More → The post Cybersecurity leaders underreport cyber incidents to executives appeared first on Help Net Security.

Cross-posted from: https://lemmy.sdf.org/post/43105573

Archived

Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU).

"The new variant's features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, the XOR-RC4-RtlDecompressBuffer algorithm used to encrypt/decrypt payloads and the RC4 keys used," Cisco Talos researchers Joey Chen and Takahiro Takeda said in an analysis published this week.

The cybersecurity company noted that the configuration associated with the PlugX variant diverges significantly from the usual PlugX configuration format, instead adopting the same structure used in RainyDay, a backdoor associated with a China-linked threat actor known as Lotus Panda (aka Naikon APT). It's also likely tracked by Kaspersky as FoundCore and attributed to a Chinese-speaking threat group it calls Cycldek.

[...]