Cybersecurity

"UGH! Whats the command to [insert function here]?"...

Hey infosec/cyber/tech folks of the fediverse! With reddit being a mess coupled with my interest in becoming more fedi-active/aware, I wanted to share out my site/blog where I post mostly about cyber and tech but also venture into other non cyber/tech stuff. Check it out and find me on Mastodon if you want to connect or chat!...

US agencies have 14 days to comply.

(article linked from m/Android)

Some more context around adversaries registering actual “.zip” files as domains.

Hey everyone! My name is Mike and I write about #infosec, #tech and other things at https://shellsharks.com. I'm currently running an event this week I refer to as >Shark Week (https://shellsharks.com/sharkweek), which is essentially just me posting some sort of "content" each day for the entire week, coinciding with actual...

Hey Fedia-folk of /m/cybersecurity! Wanted to get a quick pulse-check and collect some thoughts from the community here regarding their usage both current and future. I'll...

Great series on container security from Datadog.

Recent threat campaigns underscore the grave risk to the federal enterprise posed by improperly configured network devices. As part of CISA and the broad U.S. government's effort to move the federal civilian enterprise to a more defensible posture, this Directive will further reduce the attack surface of the federal government...

Daniel Huigens, the head of Proton’s cryptography team, explains how the latest crypto refresh makes PGP more secure.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Hello /m/cybersecurity folks! Wanted to get a pulse check on those who use this particular community. I mod both here at Fedia as well as at infosec.pub for /cybersecurity. I run a few weekly threads (e.g. Mentorship Monday) at infosec.pub and have tried to run those same weekly threads here but they get barely any traction,...

Threat actors are doubling down on brand impersonation by using lookalike domain names.

Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!

Draw.io libraries for #threatmodeling (courtesy of @raptor)...

Windows laptop manufacturers will likely need to fix this one.

Fortinet patches a critical-severity vulnerability in FortiOS and FortiProxy that could lead to remote code execution.

The hackers responsible for exploiting a flaw to target users of a popular file transfer tool has begun listing victims of the mass-attacks

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

As someone who has spent A LOT of time getting certifications, this is a question I ask myself a lot. In the past, I was all about them, in some part because I had the time and resources to do them and less so because I thought they were the key to big career or knowledge gains. These days, I recommend to newer folks in the...

Researchers at NC State University have outlined potential privacy issues with popular fitness app Strava which could lead to users' homes being pinpointed. The researchers' findings are detailed in a paper called Heat marks the spot: de-anonymising users' geographical data on the Strava heat map. Strava, used by more than 100...

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things,...