lemmydev2

submitted by /u/aunga [link] [comments]

Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. [...]

Singapore expanded the scope of its digital-asset rules to cover the custody of tokens as well as more firms involved in fund transfers, part of the city-state’s effort to develop an institutional hub for the industry.

Researchers have uncovered a campaign that turns Android phones into proxy nodes for malicious purposes.

Lasso Security: To highlight an attack vector, a researcher made a package with a name hallucinated by ChatGPT; it had 30K+ downloads in three months and appeared in many repos  —  I kicked start on this follow-up research for several reasons:  —  ‍  —  1️⃣ I investigate whether package …

Google will delete browsing data the company compiled on Chrome users who thought their data wasn’t being collected while using Incognito mode, according to a new report from the Wall Street Journal Monday. The move is part of a settlement with consumers who first sued in 2020 after it was revealed that using Incognito…Read more...

MarineMax, self-described as one of the world's largest recreational boat and yacht retailers, says attackers stole employee and customer data after breaching its systems in a March cyberattack. [...]

UK regulator said that one of the world's most toxic sites accumulated cybersecurity "offenses" from 2019 to 2023.

In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be attributed to "Sanggiero" and "IntelBroker".

In guidance to congressional offices issued by The House's Chief Administrative Officer, Catherine Szpindor, and seen by Axios, it's stated that Copilot is "unauthorized for House use." The guidance adds that Copilot will be removed from and blocked on all Windows devices controlled by the House.Read Entire Article

The Pentagon on Friday announced that its new cyber policy shop was formally established earlier this month. The Pentagon officially stood up the congressionally-mandated Office of the Assistant Secretary of Defense for Cyber Policy on March 20, the Defense Department said in a statement.  Ashley Manning, who has held a variety of senior positions

    Illustration by Alex Castro / The Verge

Robert Robb allegedly convinced several crypto investors to send him $1.5 million to build a too-good-to-be-true crypto trading bot, according to an FBI affidavit viewed by 404 Media and CourtWatch. Robb allegedly sent a message reading, “Poof, YOU’RE A MILLIONAIRE” to one Telegram group, accompanied by this image of a purple fairy wearing a mushroom cap. The message promised recipients they could strike it rich if they used Robb’s MEV bot and invested in the cryptocurrency $RAT and the ironically named token NoRugz.

  Image: FBI affidavit, Case No. 1:24-MJ-100
  A screenshot of a Telegram message allegedly sent by Robert Robb to prospective investors.

It says Robb asked crypto investors over Telegram and other...

Continue reading…