cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
White House working on cyber insurance policy proposal for ‘catastrophic’ incidents
White House working on cyber insurance policy proposal for ‘catastrophic’ incidents
At the Black Hat cybersecurity conference on Thursday, National Cyber Director Harry Coker, Jr. said his office is working with the Department of Treasury’s federal insurance office as well as officials at the Cybersecurity and Infrastructure Security Agency (CISA) on the effort.
·therecord.media·
White House working on cyber insurance policy proposal for ‘catastrophic’ incidents
The Hidden Treasures of Crash Reports
The Hidden Treasures of Crash Reports
Sadly, nobody really loves crash reports, but I’m here to change that! This research, a crash course on crash reports, will highlight how these often overlooked files are an invaluable source of information, capable of revealing malware infections, exploitation attempts, or even buggy (exploitable?) system code. Such insights are critical for defense and offense, empowering us to either protect or exploit macOS systems.
·objective-see.org·
The Hidden Treasures of Crash Reports
Troy Hunt: Inside the "3 Billion People" National Public Data Breach
Troy Hunt: Inside the "3 Billion People" National Public Data Breach
I decided to write this post because there's no concise way to explain the nuances of what's being described as one of the largest data breaches ever. Usually, it's easy to articulate a data breach; a service people provide their information to had someone snag it through an act of unauthorised access and publish a discrete corpus of information that can be attributed back to that source. But in the case of National Public Data, we're talking about a data aggregator most people had never heard of where a "threat actor" has published various partial sets of data with no clear way to attribute it back to the source. And they're already the subject of a class action, to add yet another variable into the mix. I've been collating information related to this incident over the last couple of months, so let me talk about what's known about the incident, what data is circulating and what remains a bit of a mystery.
·troyhunt.com·
Troy Hunt: Inside the "3 Billion People" National Public Data Breach
Extension Trojan Malware Campaign
Extension Trojan Malware Campaign
Malwares make no distinction between corporate and personal devices. Therefore, past perceptions of different levels of antivirus for businesses and households must be challenged. ReasonLabs is the first endpoint protection based on a multilayered machine-learning engine, that provides enterprise-grade security for all your personal devices.
·reasonlabs.com·
Extension Trojan Malware Campaign
Exploiting pfsense Remote Code Execution – CVE-2022-31814
Exploiting pfsense Remote Code Execution – CVE-2022-31814
Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall that can be easily configured via the web interface and installed on any PC. With all of the
·laburity.com·
Exploiting pfsense Remote Code Execution – CVE-2022-31814
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
Today, the National Institute of Standards and Technology (NIST) announced the first standardization of three cryptography schemes that are immune against the threat of quantum computers, known as post-quantum cryptography (PQC) schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning as soon as possible.
·spectrum.ieee.org·
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
  • Bitdefender researchers have identified a series of vulnerabilities in PV plant management platforms operated by Solarman and Deye. This platform is responsible for coordinating production operations of millions of solar installations worldwide generating a whopping output of approximately 195 GW of solar power (20% of the global solar production) If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing blackouts. * These vulnerabilities have been communicated to the affected vendors and fixed.
·bitdefender.com·
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States