cybersecurity

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

A new vulnerability impacting AMD’s line of Zen 2 processors — which includes popular CPUs like the budget-friendly Ryzen 5 3600 — has been discovered that can be exploited to steal sensitive data like passwords and encryption keys. Google security researcher Tavis Ormandy disclosed the “Zenbleed” bug (filed as CVE-2023-20593) on his blog this week after first reporting the vulnerability to AMD on May 15th.

The entire Zen 2 product stack is impacted by the vulnerability, including all processors within the AMD Ryzen 3000 / 4000 / 5000 / 7020 series, the Ryzen Pro 3000 / 4000 series, and AMD’s EPYC “Rome” data center processors. AMD has since published its anticipated release timeline for patching out the exploit, with most firmware updates not expected to arrive until later this year.

Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!

cross-posted from: https://lemmy.capebreton.social/post/82259

OSLO, July 24 (Reuters) - Twelve Norwegian government ministries have been hit by a cyber attack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe's largest gas supplier and NATO's northernmost member.

"We identified a weakness in the platform of one of our suppliers. That weakness has now been shut," Erik Hope, head of the government agency in charge of providing services to ministries, told a news conference.

The attack was identified due to "unusual" traffic on the supplier's platform, Hope said, declining to provide specifics. It was uncovered on July 12 and was being investigated by police.

"It is too early to say who is back this and what is the extent of the impact (of the attack)," he said.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Crosspost of an ongoing thread over at !android@lemdro.id

Some interesting discussions on the trade-off between security and being able to use your aging Android for a little while longer.

The certificate authority (CA) system does an incredible job of solving an impossible challenge. Think about it. The CAs measure control of a domain name and then issue TLS certificates that pair cryptographic keys to those names. They do this on a global scale, often automatically. It's impossible to do this perfectly, and unfortunately, they occasionally fail.

In this post I describe the challenges the CAs face, describe a history of failures, and explain the process we use to maintain confidence in the system in spite of it all.

Article published by AlternativeTo yesterday. Visiting the VirusTotal website I could not find an official sources or response, let's see how this develops.

EDIT: Source appears to be the German news outlet Der Spiegel, here is a link (no paywall)

Hi all,

I did a lot of research, but got the point where I wonder: Is there any real meaningful infosec certification a company could gain?

I can follow a lot of frameworks and do certifications on them (like ISO 27001, NIST CSF, ISACA COBIT, TISAX, etc.), but they all are looking at documents and processes which kind of prove the mindset, but not actual security.

I think about something like "company survived a 5-day pentest or regulary does blue team exercises", etc., which show that the company can detect and respond and not only write documents.

Does anyone know about something like that? Or does this simply don't exists yet?

Thanks for the input!

Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met:

• Exploitation requires the presence of specific libraries on the victim system.
• Remote exploitation requires that the agent was forwarded to an attacker-controlled system.

In addition to removing the main precondition for exploitation, this release removes the ability for remote ssh-agent(1) clients to load PKCS#11 modules by default (see below).

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

@cybersecurity hi i want to that if comptia N+ and security+ and ISACA are enough to get an entry level job in cybersecurity.

Storm-0558 used forged authentication tokens to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud

Not very low level, but good details on some of the threat actor activities.

A primer on “Crown Jewels Analysis” (ala MITRE)

Hello! My name is Mike and I am an infosec engineer with 10+ years experience. I've worked in GRC, Vulnerability Management, PenTesting & AppSec. I have 17 SANS certs (I have a serious problem) and I'm also an infosec community enthusiast and creator/mod for /c/cybersecurity. AMA!