Fireship·2yUnhinged ransomware attack targets hospitals
A ransomware attack targeted hospitals in London, forcing them to shut down services and divert patients. The attack is believed to be the work of Russian hackers, who have been behind many ransomware attacks in the past. Ransomware attacks work by penetrating computer systems, exploring valuable data, encrypting it, and demanding payment in untraceable cryptocurrencies.
Netguru·2y14 Top Software Developer Skills for 2024: The Complete Guide
Discover the top software developer skills for 2024, including mastering core programming languages, data structures and algorithms, version control systems, IDE proficiency, database management, SDLC knowledge, cloud computing competency, cybersecurity awareness, soft skills, machine learning and AI fundamentals, CI/CD practices, mobile development skills, DevOps practices, and emerging technologies.
Trunk.io·2y3351 new vulnerabilities discovered in the last 30 days.
In the last 30 days, 3351 new CVEs were created and 6163 were updated. Many codebases have vulnerabilities due to outdated dependencies, such as an old version of Lodash. To mitigate risks, consider shifting security left with tools like OSV Scanner, trufflehog, checkov, and Trivy. Proactive static analysis tools like Snyk and Sonarqube can help catch issues before they affect your codebase. Regularly scan your dependencies to ensure security.
Collections·2yHow We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension and the Tool That Arose From It
A cybersecurity team successfully infiltrated multi-billion dollar companies in just 30 minutes using a fake VSCode extension, revealing significant vulnerabilities. This experiment led to the creation of ExtensionTotal, a tool designed to assess the risks associated with VSCode extensions. The team also launched a Supporters Program to sustain the project and is developing a guide for CISOs to integrate ExtensionTotal into security protocols, enhancing organizational cybersecurity.
David Bombal·2yNever use a Docker container without doing this first! (And don't create one either!)
Learn how to use Docker Scout to check for vulnerabilities in Docker containers and the risks of using containers without checking for vulnerabilities. Examples of critical vulnerabilities found in commonly used Docker containers are also provided.
Community Picks·2yCanarytokens
Canarytokens are triggers designed to alert you when certain actions are performed, such as DNS lookups, file access, email interactions, and more. They can be embedded in various forms, including URLs, documents, and code snippets, and can detect unauthorized access or suspicious actions by providing detailed alerts.
Lobsters·2y1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension
The post discusses how the authors were able to create and publish a malicious VSCode extension that stole source code in just 30 minutes. They identified vulnerabilities in VSCode extensions and highlighted the risks associated with them. Multiple multi-billion dollar companies were affected by the attack.
David Bombal·2yNext Gen Hackers are NEXT level 🤯
The post discusses various cybersecurity projects spearheaded by Angelina, an 18-year-old tech prodigy. Highlights include an AI-powered device for detecting spoofed aircraft signals, a command-line tool for satellite reconnaissance, and a forensic tool for analyzing DJI drones. Additionally, she has tools for interpreting cybersecurity payloads using AI and auditing C code according to NASA standards. Her journey includes a young start in coding, contributions to NASA and open-source communities, and plans for further education and travel.
KDnuggets·2yThe Impact of AI on the Tech Industry
AI is rapidly changing various industries, with significant benefits like increased efficiency, personalized customer experiences, and enhanced cybersecurity. However, it also raises concerns such as job displacement and ethical issues regarding data privacy. Businesses and policymakers need to address these challenges responsibly to fully harness AI's potential.
System Weakness·2yThe Ultimate Shodan Search Guide for Cybersecurity Analysts
Shodan is an essential tool for cybersecurity analysts, enabling the discovery of IoT devices, identifying vulnerabilities, and assessing the security landscape. This guide provides detailed Shodan search queries across various categories like basic filters, application-specific searches, and advanced techniques. Examples include searching for devices by city, country, IP range, and finding devices with expired SSL certificates. Detailed cheat sheets and real-world use cases are also discussed to help enhance cybersecurity defenses.
ThePrimeTime·2yRabbit R1s Leaks Are REALLY BAD
Rabbit R1 has experienced significant security breaches due to failure to properly reset API keys, exposing user data and email functionalities. Despite initial denial, Rabbit has revoked some keys but missed others, leading to ongoing vulnerabilities. The incident sheds light on the severe risks posed by hardcoded API keys, which can allow unauthorized access to sensitive services and user information. Researchers demonstrated these vulnerabilities by sending emails from internal Rabbit domains, pointing to serious lapses in Rabbit's security management.
Nordic APIs·2yUsing Hacking APIs GPT For API Security Testing
Hacking APIs GPT is an AI-powered tool designed to enhance API security. It excels in endpoint analysis, OpenAPI review, JWT examination, and fuzzing payloads. The tool offers practical insights into potential vulnerabilities and suggests mitigations, making it useful for both novice and experienced developers. It can generate API documentation, write code, and improve API security, thus revolutionizing the API landscape.
Community Picks·2y4/6 | Introducing ExtensionTotal: How to Assess Risk in VS Code Extensions
ExtensionTotal is a web tool that assesses the risk of Visual Studio Code extensions being malicious. It analyzes extensions, extracts attributes, and provides a comprehensive report with a risk score and findings. The tool helps organizations identify risky extensions and offers recommendations for mitigation.
CSO Online·2y12 hottest IT security certs for higher pay today
Security professionals certified in IT security can earn up to 11% more in pay. Certifications like Cisco Certified Network Professional Security, Certified Cloud Security Professional, and Certified Forensic Computer Examiner are particularly valuable, with pay premiums rising significantly. These certifications cover various domains and cater to different roles, such as security engineers, analysts, cloud architects, and IT managers, with varying training and exam costs.
ThePrimeTime·2yI Survived A DDOS
The post describes the author's experience surviving a DDoS attack and offers advice on how to prevent and handle such attacks. It highlights the importance of using a web application firewall, a reverse proxy, and a cloud provider with DDoS protection. The author also emphasizes the need to become proficient with tooling, such as AWS Athena, for monitoring and analyzing access logs.
System Weakness·2yAuthentication & How it works ?
This post explores the concept of authentication and the process of confirming the identity of a user or process to grant access. It discusses common authentication methods, such as password-based authentication, and the steps involved in the login form process.
InfoSec Write-ups·2yWhy & How I Use Linode VPS For My Personal and Cybersecurity Projects
This post is a guide on setting up Linode's Virtual Private Servers (VPS) for personal and cybersecurity projects. It details the advantages of using Linode, such as its simplicity, transparent pricing, and flexibility. Specific uses include web servers, mail servers, coding environments, and cybersecurity tasks like honeypots and network testing. The guide covers setting up a VPS instance, connecting to it, and performing security configurations.
TechCrunch·2yExperts say Telegram’s ’30 engineers’ team is a security red flag
Security experts raise concerns about Telegram's small engineering team and its use of proprietary encryption, which is not enabled by default. The app, which also serves as a social media platform, stores a significant amount of user data unencrypted. Experts highlight the potential vulnerabilities and the inability to effectively handle legal requests, abuse, and content moderation with such limited staff. With nearly one billion users, Telegram is a noteworthy target for hackers, making security a critical and growing concern.
Netguru·2ySoftware Development Industry in 2024: Key Insights and Statistics
The software development industry is experiencing rapid growth, with market size expected to surge from $203.35 billion in 2022 to $1,450.87 billion by 2031. Key drivers include AI, new programming languages, and the increasing demand for skilled professionals. Challenges such as cybersecurity and talent retention persist, but innovations like low-code platforms and cloud technologies are revolutionizing the field. The impact extends across various industries including healthcare and finance, underscoring the essential role of software development in today's digital economy.
System Weakness·2yKali Linux for Beginners
Kali Linux is a specialized Linux distribution for digital forensics, penetration testing, and ethical hacking. It offers a wide range of pre-installed tools and software packages for various security testing purposes. It prioritizes security with features like encryption and regular updates. However, its usage should be within legal boundaries and with proper authorization.
