Cybersecurity
uk.finance.yahoo.com
- 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024 - 82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI - During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline - 72.3% of commodity attacks used a hyperlink as its payload, followed by QR codes at 14.0% - 52.5% of advanced persistent threat (APT) campaigns were classified as zero-day attacks, while only 35.4% contained a previously identified payload - 89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft - 14.9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics - 44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols
Akamai researchers have confirmed a new attack vector using CUPS that could be leveraged to stage distributed denial-of-service (DDoS) attacks. Research shows that, to begin the attack, the attacking system only needs to send a single packet to a vulnerable and exposed CUPS service with internet connectivity. The Akamai Security Intelligence and Response Team (SIRT) found that more than 198,000 devices are vulnerable to this attack vector and are accessible on the public internet; roughly 34% of those could be used for DDoS abuse (58,000+). Of the 58,000+ vulnerable devices, hundreds exhibited an “infinite loop” of requests. The limited resources required to initiate a successful attack highlights the danger: It would take an attacker mere seconds to co-opt every vulnerable CUPS service currently exposed on the internet and cost the attacker less than a single US cent on modern hyperscaler platforms.
www.theverge.com
> A $15.75 million promise.
I have a question about hardware security keys. Like a yubikey. I have not actually used one before so maybe I am missing some critical information. Aren't they inherently less secure than a TOTP code? If someone ( like a evil government ) gets your key and knows your password for a particular service or device, they can login. If these same people try to login but it is secured with a TOTP code instead, they would need access to my phone, which requires a password to unlock and then biometric validation to open TOTP app. I mean yeah, they could just beat me with a large wrench until I agreed to login for them, but that is true with any method. I've heard that in the US, the 5th amendment protects you from being forced to divulge a password, but they can physically place your finger on the finger print scanner.
gbhackers.com
The vulnerabilities have been identified in D-Link, DrayTek, Motion Spell, and SAP products.
go.theregister.com
cross-posted from: https://infosec.pub/post/18289000 > Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.…
www.wired.com
> Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
https://github.com/umutcamliyurt/DoSDroid
Cybersecurity
!cybersecurity@sh.itjust.worksc/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world