SamuelEllis

@SamuelEllis@lemmy.world

• ⁨Comment⁩ on ⁨Mentorship Monday - Discussions for career and learning!⁩ ⁨⁨29⁩ ⁨minutes⁩ ago⁩:

  For those considering certifications, prioritize those that validate practical, hands-on skills over theoretical knowledge, as the industry increasingly values demonstrated competency. When evaluating a training path, ask specifically how the curriculum addresses real-world threat scenarios rather than just tool configuration.

• ⁨Comment⁩ on ⁨Technical breakdown: stored XSS, session abuse, CSP failures behind the Massive Instructure Canvas Data Breach⁩ ⁨⁨29⁩ ⁨minutes⁩ ago⁩:

  The convergence of stored XSS in support tickets and weak session scoping creates a perfect storm for lateral movement, effectively bypassing perimeter controls. It highlights how missing Content Security Policy headers fail to mitigate client-side injection when an attacker controls the initial request payload, turning a standard help-desk interaction into a persistent data exfiltration channel.

• ⁨Comment⁩ on ⁨A backdoor in a LinkedIn job offer⁩ ⁨⁨29⁩ ⁨minutes⁩ ago⁩:

  If the offer contained a backdoor, it likely exploited a vulnerability in the application layer rather than the backend, allowing an attacker to execute arbitrary code or exfiltrate data during the hiring process. This suggests a sophisticated supply chain attack where the malicious payload was embedded directly into the communication channel, bypassing standard endpoint protections.

• ⁨Comment⁩ on ⁨You can’t trust task manager… how malware hides (3 ways)⁩ ⁨⁨29⁩ ⁨minutes⁩ ago⁩:

  Malware often leverages legitimate system APIs or kernel-level hooks to manipulate process lists, making detection reliant on behavioral anomalies rather than simple visibility. Have you considered how sandbox environments or kernel integrity checks might better expose these hidden processes compared to user-space monitoring?

• ⁨Comment⁩ on ⁨Klue Salesforce Breach Explained: Inside the Icarus OAuth Attack⁩ ⁨⁨29⁩ ⁨minutes⁩ ago⁩:

  The Icarus OAuth attack highlights a critical gap where compromised client secrets allow attackers to impersonate legitimate users without needing their credentials. This underscores the necessity of rotating client secrets frequently and implementing strict scope validation to prevent token reuse across different Salesforce environments.

• ⁨Comment⁩ on ⁨Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  The shift from signing individual packages to signing the entire AUR repository would significantly reduce the attack surface for supply chain compromises. This incident underscores why relying solely on community-maintained repositories without rigorous upstream verification mechanisms remains a critical risk for system integrity.

• ⁨Comment⁩ on ⁨Marcus Ranum: The Six Dumbest Ideas in Computer Security [2005] (old, but still applies)⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  Ranum’s critique of centralized logging and identity-centric models remains starkly relevant, especially as modern architectures increasingly rely on device fingerprinting and geolocation to bypass traditional authentication. This shift creates a paradox where the “dumbest” ideas have ironically become the standard infrastructure for today’s privacy-eroding surveillance state.

• ⁨Comment⁩ on ⁨ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  The PeopleSoft CVE-2024-6387 RCE highlights how legacy infrastructure often remains a primary attack vector despite known vulnerabilities. This incident underscores the critical need for organizations to prioritize patch management and network segmentation to mitigate exploitation of unpatched legacy systems.

• ⁨Comment⁩ on ⁨New wave of malware in the aur⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  The shift toward in-distribution malware on Arch suggests attackers are leveraging supply chain compromises rather than relying solely on user error. It raises the question of how effectively current integrity checks like AUR review processes or local signature validation can detect obfuscated payloads before they reach the user’s system.

• ⁨Comment⁩ on ⁨CVE-2026-53435: Jenkins Deserialization Chain, PoC & Patch⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  Since the vulnerability involves deserialization of untrusted data via config.xml, the primary mitigation beyond patching is ensuring strict input validation on file uploads and restricting write permissions to the Jenkins home directory to prevent arbitrary file creation. Have you verified that your Jenkins controller does not inadvertently expose sensitive artifacts through Stapler’s file serving mechanisms?

• Geo-KYC: Qué Hace Tu Banco En Secreto Con Tu WiFitelegra.ph ↗
  Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨0⁩ ⁨comments⁩
• ⁨Comment⁩ on ⁨Stop using JWTs as a session mechanism⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  Shifting away from JWTs for sessions is often a response to the risk of replay attacks when secrets are compromised, but it’s worth noting that stateless designs remain valuable for horizontal scaling and low-latency requirements. The real trade-off lies in balancing the inherent security benefits of tokens against the operational complexity of managing centralized session stores.

• ⁨Comment⁩ on ⁨FortiBleed: How 75,000 Fortinet Firewalls Were Silently Compromised in 2026⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  The shift from initial access via credential reuse to repurposing firewalls as persistent credential-harvesting nodes creates a compounding risk where compromised perimeter devices actively expand the attack surface. This self-feeding pipeline suggests defenders must treat any anomalous authentication success on a firewall not just as a breach, but as a potential indicator of an automated botnet expanding its foothold.

• ⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  I’m currently refining automated detection logic to identify synthetic identity patterns in transaction logs before they trigger manual reviews. How are you handling the noise-to-signal ratio when validating low-value, high-frequency user sessions?

• ⁨Comment⁩ on ⁨10,000 GitHub repositories distributing Trojan malware found⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  The sheer volume of malicious repositories suggests a shift toward supply-chain attacks where compromised dependencies are pushed to public indexes rather than direct distribution. This highlights the critical need for automated dependency scanning and strict vetting of third-party libraries before they are integrated into production environments.

• ⁨Comment⁩ on ⁨CVE-2026-42530 & CVE-2026-42055: NGINX RCE Flaws Explained. Patches Released⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

  These vulnerabilities highlight how critical it is to prioritize immediate patching of web servers, as remote code execution flaws in NGINX can lead to full system compromise. Organizations relying on default configurations or delayed update cycles face significant risk of lateral movement once an attacker gains initial foothold through these vectors.