Security

522 readers
6 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
1
 
 

Long live Julian Assange.

2
 
 

Microsoft is creating new capabilities that will let security vendors operate outside of the root of Windows operating systems.

3
 
 

Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.

4
6
DroidFS v2.2.0 (forge.chapril.org)
submitted 3 months ago by [email protected] to c/[email protected]
 
 

cross-posted from: https://lemmy.ml/post/18512730

DroidFS is an Android application providing rootless support for gocryptfs and CryFS encrypted file systems. It features an encrypted camera, biometric unlocking, integrated secure file viewers and allows decrypted files to be exposed to other applications. It is 100% FLOSS and developed voluntarily.

This new version...

  • aims to improve the user interface
  • implements a foreground service to keep volumes open in the background
  • allows tweaking the file export method used for sharing content with other apps
  • adds new Turkish, Simplified Chinese and Hebrew translations
  • and of course, fixes a few bugs

Official APKs are available for download now. It should land on F-Droid very soon, with a new per-ABI APKs split which will reduce quite a bit the download as well as the installed app size.

Feel free to give some feedback, open bug reports, ask for help, contribute, or just discuss about the project!

5
6
 
 

Hey Community, I figured that I could strengthen existing automated unit test generation quality by integrating mutation testing results as a metric to determine the quality of my unit tests. Figured everyone should be unit testing their code now especially after the recent Crowdstrike fiasco.

Check it out here https://github.com/codeintegrity-ai/mutahunter

Please star if you like it :)

7
 
 

Caused by security firm CrowdStrike that issued an update.

8
 
 

We're happy to announce that BusKill is presenting at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: 2024-08-10 12:00 - 13:45
Where: W303 – Third Floor – LVCC West Hall

BusKill goes to DEF CON 32 (Engage)
BusKill is presenting at DEF CON 32

via @[email protected]

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

What is BusKill? (Explainer Video)
Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

What is DEF CON?

DEF CON is a yearly hacker conference in Las Vegas, USA.

DEF CON Documentary
Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg

What is BusKill presenting at DEF CON?

I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: Sat Aug 10 12PM – 1:45PM
Where: W303 – Third Floor – LVCC West Hall

Who: Melanie Allen (goldfishlaser) More info

Talk Description

BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:

  1. a usb-a extension cord,
  2. a usb hard drive capable of being attached to a carabiner,
  3. a carabiner,
  4. the plastic pieces in this file,
  5. a usb female port,
  6. a usb male,
  7. 4 magnets,
  8. 4 pogo pins,
  9. 4 pogo receptors,
  10. wire,
  11. 8 screws,
  12. and BusKill software.
Image of the Golden BusKill decoupler with the case off
Golden DIY BusKill Print

Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.

Meet Me @ DEF CON

If you'd like to find me and chat, I'm also planning to attend:

  • ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 | 236),
  • Hacker Kareoke (Friday and Sat 20:00-21:00 | 222),
  • Goth Night (Friday: 21:00 – 02:00 | 322-324),
  • QueerCon Mixer (Saturday: 16:00-18:00 | Chillout 2),
  • EFF Trivia (Saturday: 17:30-21:30 | 307-308), and
  • Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 | 325-327)

I hope to print many fun trinkets for my new friends, including some BusKill keychains.

Image shows a collection of 3D-printed bottle openers and whistles that say "BusKill"
Come to my presentation @ DEF CON for some free BusKill swag

By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.

9
10
 
 

Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.

11
 
 

Contrary to what is stated on the polyfill.io website, Cloudflare has never recommended the polyfill.io service or authorized their use of Cloudflare’s name on their website. We have asked them to remove the false statement, and they have, so far, ignored our requests. This is yet another warning sign that they cannot be trusted.

12
 
 

If it ain't 'murican we ban 'em!

Guess all foreign cars should be next, what with all the telemetry and all...

13
 
 

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.

14
 
 

im working on a decentralized chat app. i open sourced it to get feedback on the implementation.

for a project like this, its important for it to be open source in order to gain user confidence in the security. but i find that the project is too complicated for pro-bono security assessment work (which is understandable).

fiverr probably isnt the best place to find reputable support, but i wanted to see the prices. it seems to range from 50 to 5k+

i wont be getting the support any time soon, but id like guage an estimate. i havent done something like this before so any/all advice is appriciated.

i created a threat-model which may help: https://positive-intentions.com/docs/research/threat-model/

to explain my app in more detail: https://medium.com/@positive.intentions.com/introducing-decentralized-chat-377c4aa37978

github repo: https://github.com/positive-intentions/chat

15
16
 
 

KrebsOnSecurity has been in intermittent contact with LockBitSupp for several months over the course of reporting on different LockBit victims. Reached at the same ToX instant messenger identity that the ransomware group leader has promoted on Russian cybercrime forums, LockBitSupp claimed the authorities named the wrong guy.

LockBitSupp, who now has a $10 million bounty for his arrest from the U.S. Department of State, has been known to be flexible with the truth.

17
18
19
20
13
PuTTY vulnerability vuln-p521-bias (www.chiark.greenend.org.uk)
submitted 7 months ago by testeronious to c/[email protected]
21
22
23
24
25
5
CVE 10.0 vulnerability in PAN-OS (security.paloaltonetworks.com)
submitted 7 months ago by testeronious to c/[email protected]
view more: next ›