Sosohttps://sgued.fr/blog/need-csrf-token/
You should still use CSRF tokens. SameSite is not the same definition as Cross-Origin, so SameSite=Lax does not protect from CSRF coming from a "neighbor" subdomain.
SevorisW.r.t #ArcBrowser leaking user information and permitting JavaScript injection over their backend, a thought that just struck me:
Also more generally I must remark - okay, so you have all of these fancy social browser features. So far so understandable.
Why exactly is this wrapped in a giant pull-all-the-time paradigm instead of pushing local updates to people and having their browsers run queries for important information locally?
Lars Marowsky-BrĂ©e đ·I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.
Yeah, sure, but ...
Good luck finding such an attack in proprietary code.
Via the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote "offshored" contracted temporary developer (or nowadays, embedded into some LLM output).
If anything, Open Source Security has *worked*.
ChristianMicrosoft is being hacked and nobody cares. There are no consequences. If you rely on #Linux and #foss and it goes wrong, it's your fault. If you rely on #Microsoft and it goes wrong, it's Microsoft's fault. Win-win.
pdougmcFree Article: #CyperSecurity FBI, UK Crime Agency Say They Have Disrupted LockBit Cyber Gang
Law enforcement from 11 agencies participated in operation
Ransomware websites used by hackers seized to thwart attacks https://www.bloomberg.com/news/articles/2024-02-19/fbi-uk-crime-agency-say-they-have-disrupted-lockbit-hacking-gang?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTcwODM4MjgxNywiZXhwIjoxNzA4OTg3NjE3LCJhcnRpY2xlSWQiOiJTOTQ4WUFUMEcxS1cwMCIsImJjb25uZWN0SWQiOiI4QkU4ODVEMzMzNzI0OTI1QjNFQkJEOTY3MzU3OEIxNCJ9.SmwV4uOOwRxJJYBT0sSEf_fzPsvFib9hUW_PbdYzjLc
Law enforcement from 11 agencies participated in operation
Ransomware websites used by hackers seized to thwart attacks https://www.bloomberg.com/news/articles/2024-02-19/fbi-uk-crime-agency-say-they-have-disrupted-lockbit-hacking-gang?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTcwODM4MjgxNywiZXhwIjoxNzA4OTg3NjE3LCJhcnRpY2xlSWQiOiJTOTQ4WUFUMEcxS1cwMCIsImJjb25uZWN0SWQiOiI4QkU4ODVEMzMzNzI0OTI1QjNFQkJEOTY3MzU3OEIxNCJ9.SmwV4uOOwRxJJYBT0sSEf_fzPsvFib9hUW_PbdYzjLc
FBI, UK National Crime Agency Say They Have Disrupted LockBit Hacking Gang
A coalition of international law enforcement agencies, including the FBI and UK National Crime Agency, said they have disrupted LockBit, one of the most prolific hacker groups of all time, including shutting down websites the organization used for ransomware payments.
John LeonardMoD cybersecurity worst in Whitehall, figures reveal
The UK Ministry of Defence has by far the worst protected IT systems of any Whitehall department, with 11 "red-rated" systems.
https://www.computing.co.uk/news/4161325/mod-cybersecurity-worst-whitehall-figures-reveal
#uk #technews #cni #mod #infosec #cypersecurity #ukpol #ukgov
CoreSecSo Weihnachten sitzen alle zusammen und lösen #sudoku und ich lese ein paper wie Informatiker sodoku lösen...
Ach und ich schaue mir verschiedene #fernstudiums UniversitÀten an
Kann jemand eine fĂŒr #bachelor #Cypersecurity empfehlen :P
Just saw that there is currently a No Starch press HumbleBundle deal. Never bought one before, but this one looks interesting. Anybody has some experience or opinions?
https://www.humblebundle.com/books/hacking-2023-no-starch-books
