Amazing News...

SolarWinds hackers were able to access Microsoft source code 556 by accountinhn | 339 comments on Hacker News.

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said. <!--adsense--> "We detected from The Hacker News https://ift.tt/3b4Dqmd via IFTTT

Bitcoin is a disaster 578 by wyldfire | 605 comments on Hacker News.

Happy New Year HN 525 by thunderbong | 147 comments on Hacker News. Thanks to the mods and to all the members of HN for one of the bright spots of 2020. So many submissions, so many comments. Most of all, so many intelligent discussions. Also, so much guidance in how to live life - with curiosity, empathy and optimism. Times, both bad and good, will come and go. Lives will be lived and time will move on. But seeing the humanism of people, in my humble opinion, is reason for hope for a better future. Have a wonderful new year everyone!

Four-day week means 'I don't waste holidays on chores' 481 by edward | 289 comments on Hacker News.

Amazon still hasn’t fixed its problem with bait-and-switch reviews 456 by Carducci | 361 comments on Hacker News.

Show HN: PSX Party – Online Multiplayer Playstation 1 Emulator Using WebRTC 464 by hauxir | 118 comments on Hacker News.

Visa Advertising Solutions (VAS) Opt Out 491 by enjoyyourlife | 233 comments on Hacker News.

Computer Science textbooks that are freely available online 529 by MrXOR | 49 comments on Hacker News.

Ask HN: What are you surprised isn’t being worked on more? 441 by orbOfOrthanc | 1189 comments on Hacker News. I love asking new colleagues this question, figured I would open it here as well. What are you surprised isn’t being worked on more?

Google Maps' Moat Is Evaporating 568 by ephesee | 401 comments on Hacker News.

Do You Love Me? [video] 623 by modeless | 226 comments on Hacker News.

iPhone workers given choice of forced labor or being sent to detention centers 521 by notRobot | 377 comments on Hacker News.

Ten year study: No link between violent video games and aggressive behavior 504 by chops | 267 comments on Hacker News.

Why Is There a Bucatini Shortage in America? 506 by polm23 | 206 comments on Hacker News.

Images of the the samples returned to earth from the asteroid Ryugu 494 by naetius | 128 comments on Hacker News.

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. <!- from The Hacker News https://ift.tt/37VL0xc via IFTTT

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, from The Hacker News https://ift.tt/34QLIKs via IFTTT

Cosmopolitan Libc: build-once run-anywhere C library 493 by pantalaimon | 126 comments on Hacker News.

Just Wanted to Say Thanks 640 by compumike | 138 comments on Hacker News.

California Public Utilities Commission fired director who exposed missing $200M 563 by js2 | 197 comments on Hacker News.

Fun with IP address parsing 479 by mr_tyzic | 138 comments on Hacker News.

1937 film explains how a car differential works 473 by oedmarap | 142 comments on Hacker News.

Photocatalyst splits water into H and O2 at quantum efficiency near 100% 545 by bookofjoe | 265 comments on Hacker News.

New Linux port for the Nintendo 64 515 by MegaDeKay | 174 comments on Hacker News.

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw that could from The Hacker News https://ift.tt/3aGzbwR via IFTTT

Dasung just released a 25 inch eInk monitor 628 by tyler109 | 348 comments on Hacker News.

Ask HN: Why does Pinterest dominate Google text search results? 555 by Winterflow3r | 274 comments on Hacker News. More and more often when I search (using text queries, not image search, which I know has been polluted by Pinterest for years), I get pages upon pages of Pinterest results, sometimes the same Pinterest page but from the different pinterest country domains like pinterest.fi for Finland and pinterest.se for Sweden. Does anyone know if Google gives Pinterest preferential treatement in SEO rankings? Edit: A few comments were asking what my queries were to generate search results where Pinterest dominates, so clarifying that a bit. I run a site that has a colour search engine for lipsticks and since Google is one of the dominant ways in which people land on my site (searching for things like "nyx budapest lipstick dupes"), I was studying various makeup related queries to see which sites ranked highest . Edit2: Edited the title for clarity - I mean text search, not...

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber and fraud offences, the NCA said. Of the 21 arrested—all men aged between 18 and 38— nine have been from The Hacker News https://ift.tt/3ppU2bK via IFTTT

Ask HN: Best Talks of 2020? 537 by sid6376 | 131 comments on Hacker News. 2019: https://ift.tt/2sbFTaf 2018: https://ift.tt/2KrA5P8 2017: https://ift.tt/2qauEx1 2016: https://ift.tt/2dHkYEA Ever: https://ift.tt/2AaxNzG It's been a weird year, wonder if there were still good tech talks in 2020.

Ruby 3.0 551 by 0x54MUR41 | 189 comments on Hacker News.

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal from The Hacker News https://ift.tt/2WJP8Kv via IFTTT

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. "An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to from The Hacker News https://ift.tt/34JFiwC via IFTTT

Maps.me is gone, and we must bring it back 522 by monort | 207 comments on Hacker News.

Comic Mono 590 by thesephist | 212 comments on Hacker News.

Interview advice that got me offers 575 by ZainRiz | 336 comments on Hacker News.

Tillis Releases Text of Bipartisan Legislation to Fight Illegal Streaming 523 by totaldude87 | 466 comments on Hacker News.

No, Cellebrite Cannot “Break Signal Encryption” 618 by hprotagonist | 234 comments on Hacker News.

Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24. Originally tracked as CVE-2020-0986, the flaw from The Hacker News https://ift.tt/34FTnLj via IFTTT

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting from The Hacker News https://ift.tt/3aFJcdu via IFTTT

Tips for a Better Life 649 by CapitalistCartr | 285 comments on Hacker News.

How We Saved Dot Org 560 by thomasahle | 80 comments on Hacker News.

Tokio 1.0 – async runtime for Rust 540 by carllerche | 266 comments on Hacker News.

How bad is your Spotify? 532 by feross | 360 comments on Hacker News.

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol's COVID-19 Cybercrime Analysis Report, based on the feedback of 194 from The Hacker News https://ift.tt/3riB2xT via IFTTT

The US Federal Bureau of Investigation (FBI) and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week on December 17. The operators of Joker's Stash operate several versions of the platform, including  from The Hacker News https://ift.tt/37FaKhj via IFTTT

The US Cybersecurity Infrastructure and Security Agency (CISA) has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks. The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two of from The Hacker News https://ift.tt/3azjTtB via IFTTT

Congress Crams Language to Criminalize Streaming, Meme-Sharing into Omnibus Bill 519 by CharlesW | 190 comments on Hacker News.

Apple targets car production by 2024, eyes ‘next level’ battery tech: sources 517 by coloneltcb | 663 comments on Hacker News.

YouTube Class Action: Same IP Address Upload Pirate Movies and File DMCA Notices 540 by parsecs | 122 comments on Hacker News.

Hotwire: HTML over the Wire 687 by samename | 343 comments on Hacker News.

Why can’t you buy a good webcam? 638 by murkt | 677 comments on Hacker News.

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre (EC3), announced today the coordinated takedown of Safe-Inet, a popular virtual private network (VPN) service that was used to facilitate criminal activity. The three domains in question — insorg[.]org, safe-inet[.]com, and safe-inet[.]net — were shut down, and their from The Hacker News https://ift.tt/3hmQx3j via IFTTT

Write code. Not too much. Mostly functions. 588 by brundolf | 249 comments on Hacker News.

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the from The Hacker News https://ift.tt/3nIqju6 via IFTTT

Nikon Is ending 70 years of camera production in Japan 505 by giuliomagnifico | 296 comments on Hacker News.

Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit 599 by arkadiyt | 261 comments on Hacker News.

Russian opposition leader Navalny dupes spy into revealing how he was poisoned 634 by antfarm | 145 comments on Hacker News.

A team of researchers today unveils two critical security vulnerabilities it discovered in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS from The Hacker News https://ift.tt/2LOHWdK via IFTTT

More challenging projects every programmer should try 551 by pavehawk2007 | 174 comments on Hacker News.

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first one is development permissions that don't get changed when something goes live. For example, AWS S3 from The Hacker News https://ift.tt/38rEdKG via IFTTT

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al from The Hacker News https://ift.tt/3nH5TSy via IFTTT

The web is 30 years old today 503 by Anon84 | 131 comments on Hacker News.

Back to the '70s with Serverless 460 by pjmlp | 253 comments on Hacker News.

All problems stem from man's inability to sit quietly in a room alone (2014) 579 by chesterfield | 278 comments on Hacker News.

Being kind to others is good for your health 512 by diminish | 192 comments on Hacker News.

Facebook: Free as in Bullshit 464 by throw0101a | 209 comments on Hacker News.

Zoom executive charged with disrupting meetings commemorating Tiananmen Square 458 by imraj96 | 157 comments on Hacker News.

Post Mortem of Google Outage on 14 December 2020 414 by saifulwebid | 119 comments on Hacker News.

Justin Amash Introduces Bill to End Civil Asset Forfeiture Nationwide 492 by boogies | 147 comments on Hacker News.

I Have Resigned from the Google AMP Advisory Committee 489 by edent | 191 comments on Hacker News.

Jetbrains Founders Turn Billionaires Without VC Help 472 by OJFord | 192 comments on Hacker News.

Facebook's Hypocrisy on Apple's New iOS 14 Privacy Feature 452 by anupamchugh | 269 comments on Hacker News.

Sick of spending time on Auth, we built an open source 'Stripe for Auth' 448 by advaitruia | 267 comments on Hacker News. We (my cofounder and I) have built several startups previously and spent an unnecessary amount of effort on auth. This led us to build an open source alternative to Auth0 and AWS Cognito, that’s called SuperTokens. We’ve spoken to 100s of developers and startups to understand the pain points with current services and we hope you find this useful! Why did we build this? To be able to control our user data and have it stored in our own database. Have certain customisations that other identity providers do not offer We couldn’t afford to pay It took too long to understand the documentation of alternate service providers How are we any easier? We think that Auth0, Firebase etc are great services but auth is complex. There are many different use cases for different types of apps. Since services have to cater to each of these, they tend to become complex in the...

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of Microsoft's compromise was first reported by Reuters, which also said the company's own products were then from The Hacker News https://ift.tt/34lu3uc via IFTTT

SEC charges Robinhood $65M for misleading customers about revenue sources 441 by ericliuche | 279 comments on Hacker News.

Amazon disallows pointing out paid reviews 447 by kmod | 214 comments on Hacker News.

Transmits AM radio on computers without radio transmitting hardware 443 by known | 82 comments on Hacker News.

Blob Opera 424 by BerislavLopac | 56 comments on Hacker News.

I3: Improved Tiling Window Manager 455 by Gedxx | 428 comments on Hacker News.

Show HN: After 10 years my side project has hit $8k/mo in revenue 425 by sanity31415 | 204 comments on Hacker News. Back in 2010 I had an idea for a service that would allow people to easily create semi-permanent email aliases so that they could give an email address to people and websites without revealing their real email address. These aliases will continue to work indefinitely unless you choose to block them. My brother and I spent a few months building the initial version and launched the website in July 2010. For the first year we had about 50 signups per month, by 2013 this had increased to 1500 and it's currently around 3500 per month. Similarly, our revenue grew consistently but slowly - doubling about every 18 months, reaching its current level of around $8k/mo. Over this time we redesigned the website, and found a company to create an explainer video for the service (both through 99Designs). We have not spent much on paid user acquisition, we experimented with it a bi...

No Cookie for You 717 by todsacerdoti | 243 comments on Hacker News.

One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limited in configuration settings. Let's take a look at a few best practices that have changed in regards from The Hacker News https://ift.tt/34nSkzw via IFTTT

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's website ("ca.gov.vn from The Hacker News https://ift.tt/3qZpn6V via IFTTT

States bring action against Google under federal and state antitrust laws [pdf] 478 by pondsider | 337 comments on Hacker News.

Rocky Linux: A CentOS replacement by the CentOS founder 597 by andyjpb | 372 comments on Hacker News.

AWS CloudShell 434 by jeffbarr | 225 comments on Hacker News.

Minimal safe Bash script template 472 by signa11 | 254 comments on Hacker News.

Firefox Was Always Enough 596 by adambyrtek | 315 comments on Hacker News.

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed from The Hacker News https://ift.tt/38pDA4H via IFTTT

Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads from The Hacker News https://ift.tt/3r1K2an via IFTTT

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic. The findings form the basis of a new "5G Standalone core from The Hacker News https://ift.tt/37qMsHX via IFTTT

How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet, it can also help web development by enhancing UX through reverse geocoding. Not to mention from The Hacker News https://ift.tt/3p1FT4f via IFTTT

Gmail having issues 542 by mangoman | 358 comments on Hacker News.

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to from The Hacker News https://ift.tt/3nnPLF7 via IFTTT

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to from The Hacker News https://ift.tt/2KvdEMm via IFTTT

Facebook to move UK users to California terms, avoiding EU privacy rules 477 by EB-Barrington | 342 comments on Hacker News.

Record Breaking Number of Journalists Arrested in the U.S. This Year 451 by infodocket | 438 comments on Hacker News.

Firefox 84.0 412 by easton | 226 comments on Hacker News.

Apple’s Anti-Tracking Plans for iPhone 553 by nojito | 341 comments on Hacker News.

The Case of the Extra 40ms 555 by atg_abhishek | 185 comments on Hacker News.

Eric Engstrom, co-creator of DirectX, has died 601 by WalterBright | 326 comments on Hacker News.

Privacy matters even if “you have nothing to hide” 444 by freddyym | 140 comments on Hacker News.

Show HN: Instantly search 28M books from OpenLibrary 407 by jabo | 80 comments on Hacker News.

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as from The Hacker News https://ift.tt/34ds0s3 via IFTTT

In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, "You keep using that word. I do not think it means what you think it means." It's freely used as a response to someone's misuse or misunderstanding of a word or phrase. "Response Automation" is another one of those phrases that have different meanings to different people. It's bantered around by the from The Hacker News https://ift.tt/2LupcQy via IFTTT

SolarWinds, the enterprise monitoring software provider who found itself at the epicenter of the most consequential supply chain attacks, said as many as 18,000 of its high-profile customers might have installed a tainted version of its Orion products. The acknowledgment comes as part of a new filing made by the company to the US Securities and Exchange Commission on Monday. The Texas-based from The Hacker News https://ift.tt/388BPIT via IFTTT

A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel—surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems. Dubbed "AIR-FI," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses from The Hacker News https://ift.tt/37jUHWf via IFTTT

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise 554 by parsecs | 257 comments on Hacker News.

Lambda School is the biggest mistake I made this year 536 by barry-cotter | 391 comments on Hacker News.

Highly Evasive Attacker Leverages SolarWinds Supply Chain 509 by anigbrowl | 171 comments on Hacker News.

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M" (short for Sophos-ReversingLabs – 20 Million), as it's called, is a dataset containing metadata, labels from The Hacker News https://ift.tt/34cGuIt via IFTTT

Google Outage 1812 by abluecloud | 515 comments on Hacker News. various services are broken - youtube returning error - gmail returning 502 - docs returning 500 - drive not working status page now reflecting outage: https://ift.tt/Pn6GVU -------------- services look to be restored.

State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as part of a widespread cyberespionage campaign. The Washington Post, citing unnamed sources, said the latest attacks were the work of APT29 or Cozy Bear, the from The Hacker News https://ift.tt/2WdvjLm via IFTTT

U.S. Treasury breached by hackers backed by foreign government – sources 461 by re_re | 177 comments on Hacker News.

SCOTUS rules you may sue government agents for damages when they violate rights 420 by apsec112 | 158 comments on Hacker News.