Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. [...]
...moreTotal Articles Found: 50
Top sources:
Top Keywords:
Top Authors
Top Articles:
Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. [...]
...morePublished: 2024-09-06 09:05:50
Popularity: 239
Author: tomgp
Article URL: https://arstechnica.com/science/2024/09/study-playing-dungeons-dragons-helps-autistic-players-in-social-interactions/ Comments URL: https://news.ycombinator.com/item?id=41464347 Points: 131 # Comments: 72
...morePublished: 2024-08-21 21:52:05
Popularity: 114
Author: pseudolus
Article URL: https://www.cnbc.com/2024/08/21/cryptocurrency-shan-hanes-pig-butchering-scam.html Comments URL: https://news.ycombinator.com/item?id=41314542 Points: 107 # Comments: 102
...morePopular shadow library LibGen appears to be struggling with technical problems. Regular book downloads stopped working last weekend and remain unavailable. The reason for the issues are unknown but, for now, internal troubles at the site seem more likely than a copyright-related enforcement action. From: TF, for the latest news on copyright battles, piracy and more.
...morePublished: 2024-08-26 07:45:00
Popularity: 47
Author: info@thehackernews.com (The Hacker News)
Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized if guest registration is enabled, which is the default configuration for Traccar 5, Horizon3.ai
...morePublished: 2024-09-06 03:16:20
Popularity: 38
Author: _Microft
Article URL: https://www.jeffgeerling.com/blog/2024/what-happens-when-you-touch-pickle-am-radio-tower Comments URL: https://news.ycombinator.com/item?id=41462574 Points: 310 # Comments: 101
...morePublished: 2024-09-04 16:52:24
Popularity: 29
Author: None
Keywords:
" Hello pervert" sextortion mails keep adding new features to their email to increase credibility and urge victims to pay
...morePublished: 2024-08-22 10:32:13
Popularity: 22
Author: Thomas Claburn
Needless to say, it backfired in a big way University of California Santa Cruz (UCSC) students may be relieved to hear that an emailed warning about a staff member infected with the Ebola virus was just a phishing exercise.…
...morePublished: 2024-08-14 14:16:57
Popularity: 22
Author: Elizabeth Montalbano, Contributing Writer
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.
...morePublished: 2024-08-30 08:12:43
Popularity: 21
Author: Pierluigi Paganini
Keywords:
Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. The critical vulnerability CVE-2023-22527 (CVSS score 10.0) in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns. The vulnerability is a template injection vulnerability that can allow remote […]
...morePublished: 2024-09-05 18:41:02
Popularity: 21
Author: Ryan Naraine
Keywords:
A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine. The post Russian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and Espionage appeared first on SecurityWeek.
...morePublished: 2024-09-05 08:33:20
Popularity: 19
Author: Pierluigi Paganini
Keywords:
Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of […]
...morePublished: 2024-08-28 21:20:12
Popularity: 19
Author: Iain Thomson
If you haven't deployed August's patches, get busy before others do Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks ago.…
...morePublished: 2024-09-03 21:30:07
Popularity: 19
Author: Brandon Vigliarolo
Crew bragged they could help crooks raid victims' bank accounts Updated A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities estimate has raked in millions in less than two years. …
...morePublished: 2024-08-27 19:59:33
Popularity: 14
Author: Iain Thomson
More of a storm in a teacup Today's news that Intel's Software Guard Extensions (SGX) security system is open to abuse may be overstated.…
...morePublished: 2024-09-06 07:28:05
Popularity: 13
Author: Simon Sharwood
When maintenance windows are hard to open, a little lubrication helps On Call The Register understands consuming alcohol is quite a popular way to wind down from the working week, but each Friday we get the party started early with a new and sober instalment of On Call, the reader contributed column in which you share stories about the emotional hangovers you've earned delivering tech support.…
...morePublished: 2024-08-29 22:28:14
Popularity: 12
Author: Iain Thomson
Apparently made over 100 fake crime reports and bomb threats The US government has indicted two men for allegedly reporting almost 120 fake emergencies or crimes in the hope of provoking action by armed law enforcement agencies.…
...morePublished: 2024-08-29 02:27:08
Popularity: 12
Author: Jessica Lyons
Total revenue for Q2 grew 32 percent CrowdStrike's major meltdown a month ago doesn't look like affecting the cyber security vendor's market dominance anytime soon, based on its earnings reported Wednesday.…
...morePublished: 2024-09-03 22:34:09
Popularity: 12
Author: Thomas Claburn
Better late than never The White House on Tuesday indicated it hopes to shore up the weak security of internet routing, specifically the Border Gateway Protocol (BGP).…
...morePublished: 2024-09-05 14:34:10
Popularity: 12
Author: Iain Thomson
Good news? Security is still getting a growing part of IT budget It looks like security budgets are coming up against belt-tightening policies, with chief security officers reporting budgets rising more slowly than ever and over a third saying their spending this year will be flat or even reduced.…
...morePublished: 2024-08-14 10:00:00
Popularity: 11
Author: Nathan Eddy, Contributing Writer
The Democratic National Convention soon to take place in Chicago, already under heavy security, faces an additional threat in the form of stolen credentials for delegates.
...morePublished: 2024-09-04 04:28:14
Popularity: 10
Author: Simon Sharwood
Unclear if this is a sign controversial service is cleaning up its act everywhere Controversial social network Telegram has co-operated with South Korean authorities and taken down 25 videos depicting sex crimes.…
...morePublished: 2024-09-05 04:28:07
Popularity: 10
Author: Iain Thomson
Allowed access to 150K cameras, some in sensitive spots, but has been done for spamming Physical security biz Verkada has agreed to cough up $2.95 million following an investigation by the US Federal Trade Commission (FTC) – but the payment won’t make good its past security failings, including a blunder that led to CCTV footage being snooped on by miscreants. Instead, the fine is about spam.…
...morePublished: 2024-08-28 21:00:08
Popularity: 9
Author: Becky Bracken, Senior Editor, Dark Reading
CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.
...morePublished: 2024-08-22 17:31:41
Popularity: 7
Author: SecurityWeek News
Keywords:
US oil giant Halliburton confirmed its computer systems were hit by a cyberattack that affected operations at its Houston offices. The post Oil Giant Halliburton Confirms Cyber Incident, Details Scarce appeared first on SecurityWeek.
...morePublished: 2024-08-29 16:30:12
Popularity: 7
Author: Thomas Claburn
Google revises Chrome Vulnerability Rewards Program with higher payouts for bug hunters Google's Chrome Vulnerability Rewards Program (VRP) is now significantly more rewarding – with a top payout that's at least twice as substantial.…
...morePublished: 2024-09-06 14:00:00
Popularity: 6
Author: Travis Galloway
No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats
...morePublished: 2024-09-05 19:39:53
Popularity: 5
Author: Kristina Beek, Associate Editor, Dark Reading
Working with the Treasury and Justice departments, the president has sanctioned anti-democratic Russian adversaries.
...morePublished: 2024-08-22 10:15:00
Popularity: 3
Author: None
ESET claims new NGate Android malware relays NFC data to steal card details for ATM cash-out
...morePublished: 2024-09-06 15:16:21
Popularity: 3
Author: Bruce Schneier
Keywords:
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis.
...moreComments
...morePublished: 2024-08-26 11:16:01
Popularity: None
Author: None
The alleged offenses include: terrorism, narcotic supply, fraud, money laundering and receiving stolen goods.
...morePublished: 2024-08-25 18:46:30
Popularity: None
Author: Guru Baran
By leveraging this HTTP request functionality, combined with an SSRF protection bypass, they could access Microsoft's internal infrastructure for Copilot Studio.
...morePublished: 2024-08-22 19:42:04
Popularity: None
Author: Nate Nelson, Contributing Writer
A 7-month-old bug in an OSS CI/CD server is still being actively exploited, thanks to spotty patching, CISA warns.
...morePublished: 2024-08-18 17:17:43
Popularity: None
Author: None
A list of useful payloads and bypass for Web Application Security and Pentest/CTF - swisskyrepo/PayloadsAllTheThings
...morePublished: 2024-08-14 22:24:20
Popularity: None
Author: None
We couldn’t extract the content of this article. Here is the URL so you can access it:
https://cybernews.com/security/def-con-32-unfixable-bug/
Published: 2024-08-14 19:05:24
Popularity: None
Author: None
The former prime minister brings a speech to an abrupt end when the banner - which also reads "I crashed the economy" - appears.
...morePublished: 2024-08-14 12:16:58
Popularity: None
Author: Contributor
Google ramps up its campaign against ad blockers on Chrome.
...morePublished: 2024-08-13 14:00:42
Popularity: None
Author: Guru Baran
A critical security vulnerability has been discovered in OpenSSH implementations on FreeBSD systems, potentially allowing attackers to execute remote code without authentication. The vulnerability, identified as CVE-2024-7589, affects all supported versions of FreeBSD.
...morePublished: 2024-08-09 20:00:32
Popularity: None
Author: None
Everyone’s returning their Humane AI pins and nobody is buying any. This is according to leaked internal sales documents.
...morePublished: 2024-09-06 19:31:08
Popularity: None
Author: Viktorija Pajarske
On September 3, 2024, the White House Office of the National Cyber Director (ONCD) released a Roadmap to Enhancing Internet Routing Security, aimed at addressing the vulnerabilities associated with the Border Gateway Protocol (BGP). BGP underpins how information is routed across networks globally an
...morePublished: 2024-09-03 22:11:30
Popularity: None
Author: Help Net Security
Damn Vulnerable UEFI (DVUEFI) is an open-source exploitation toolkit and learning platform that enables you to simulate firmware attacks.
...morePublished: 2024-09-03 22:07:35
Popularity: None
Author: None
A Firefox fork aimed at power surfers
...morePublished: 2024-08-31 18:59:12
Popularity: None
Author: Victoria Song
It’s the end of an era.
...morePublished: 2024-08-29 22:48:01
Popularity: None
Author: Davey Winder
Some hackers get paid bounties for discovering bugs, others get a Secret Service $2.5 million Most Wanted bounty on their head for an alleged decade-long hacking spree.
...morePublished: 2024-08-29 13:59:16
Popularity: None
Author: None
Microsoft Copilot: From Prompt Injection to Data Exfiltration of Your Emails
...morePublished: 2024-08-29 12:43:40
Popularity: None
Author: Marcus Hutchins
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
...morePublished: 2024-08-28 15:55:44
Popularity: None
Author: github.com by eaytin
Keywords:
Show HN: Permify 1.0 - Open-source fine-grained authorization service Permify was born out of our repeated struggles with authorization. Like any other piece of software, authorization starts small but as things grow scaling it becomes a real pain and begins to hinder product development processes. Ad-hoc authorization systems scattered throughout your app’s codebase are hard to manage, reason about, and iterate on as the company grows. Also you will need to have more specific access controls as things grow. Traditional approaches like RBAC is inefficient for defining granular permissions such as resource-specific, hierarchical, or context-aware permissions. Architecture is another problem, in a distributed system you’re going to need a solid plan to manage permissions between your services — all while ensuring high availability and providing low latency in access checks for sure. We’ve created an open-source project to eliminate the authorization burden for devs. It’s Permify, an Authorization-as-a-Service to help developers build and manage their authorization in a scalable, secure, and extendable manner. And last week, we released the first major version (v1.0.0) of it! Here is how Permify helps you handle authorization. - Centralize & Standardize Your Authorization: Abstract your authorization logic from your codebase and application logic to easily reason, test, and debug your authorization. Treat your authorization as a sole entity and move faster within your core development. - Build Granular Permissions For Any Case You Have: You can create granular (resource-specific, hierarchical, context aware, etc) permissions and policies using Permify’s domain specific language that is compatible with RBAC, ReBAC and ABAC. - Set Custom Authorization For Your Tenants: Set up isolated authorization logic and custom permissions for your vendors/organizations (tenants) and manage them in a single place. - Scale Your Authorization As You Wish: Achieve lightning-fast response times down to 10ms for access checks with a proven infrastructure inspired by Google Zanzibar, Google’s Consistent, Global Authorization System. Try it out and send any feedback our way! Comments
...morePublished: 2024-09-01 09:08:00
Popularity: None
Author: kittenlabs.de via jummo
Keywords:
Comments
...morePublished: 2024-09-03 21:08:32
Popularity: None
Author: landlock.io via fro
Keywords:
Comments
...more