Amazing News...

A "severe" vulnerability in GNU Privacy Guard (GnuPG)'s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs from The Hacker News https://ift.tt/3j4ks0R via IFTTT

Why Robinhood disabled buys but not sells 584 by stu2b50 | 607 comments on Hacker News.

GitHub Should Start an App Store 591 by quaintdev | 220 comments on Hacker News.

CDC website built by Deloitte at a cost of $44M is abandoned due to bugs 592 by donsupreme | 359 comments on Hacker News.

Statement of SEC Regarding Recent Market Volatility 563 by TeMPOraL | 847 comments on Hacker News.

Robinhood, in Need of Cash, Raises $1B from Its Investors 631 by coloneltcb | 459 comments on Hacker News.

Robinhood Play Store listing went from 329K reviews to 180K in few hours 693 by rvnx | 560 comments on Hacker News.

Robinhood is said to draw on bank credit lines amid tumult 727 by kypro | 464 comments on Hacker News.

Losing faith in UX 552 by duck | 313 comments on Hacker News.

Protocols, Not Platforms: A Technological Approach to Free Speech (2019) 638 by ege_erdogan | 264 comments on Hacker News.

Element (Matrix chat app) suspended from the Google Play Store 825 by redsolver | 431 comments on Hacker News.

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security researchers at Google from The Hacker News https://ift.tt/3ch1Nxw via IFTTT

The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same (relative) damages and consequences when breaches occur as the largest enterprises but are forced to protect their organizations with a fraction of the resources as the largest enterprises.  from The Hacker News https://ift.tt/3cnKz1s via IFTTT

A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information. In a new report published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250 public-facing web servers since early 2020 that have from The Hacker News https://ift.tt/39txGkt via IFTTT

Facebook shuts popular stock trading group amid GameStop frenzy 682 by ttt0 | 343 comments on Hacker News.

EU citizens’ rights are under threat from anti-encryption proposals 644 by eddieoz | 133 comments on Hacker News.

Robinhood now has a 1-Star rating on the Google Play Store 658 by sschueller | 274 comments on Hacker News.

We Are Preparing a Class Action Lawsuit Against Robinhood 676 by f430 | 272 comments on Hacker News.

WebRTC is now a W3C and IETF standard 617 by kaycebasques | 88 comments on Hacker News.

My 2 Year Journey to $10K MRR 629 by ronyfadel | 103 comments on Hacker News.

Robinhood is limiting purchases of stocks: AMC, Blackberry, Nokia, and GameStop 769 by Miner49er | 585 comments on Hacker News.

Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed "Oscorp" by Italy's CERT-AGID, the malware "induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the screen." So named because of the title of the login from The Hacker News https://ift.tt/39oT3mV via IFTTT

U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. "We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom from The Hacker News https://ift.tt/3t2lUWb via IFTTT

Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet, a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. The coordinated takedown of the botnet on Tuesday — dubbed "Operation Ladybird" — is the result of a joint effort between authorities in the Netherlands, Germany, the U.S. from The Hacker News https://ift.tt/3cf2A21 via IFTTT

Discord bans r/WallStreetBets server, subreddit went private for a while 637 by icpmacdo | 506 comments on Hacker News.

GameStop Is Rage Against the Financial Machine 581 by tempsy | 655 comments on Hacker News.

The unreasonable effectiveness of simple HTML 578 by edent | 227 comments on Hacker News.

The Mark Cuban Cost Plus Drug Company 583 by yawnxyz | 357 comments on Hacker News.

Social media damages teenagers' mental health, report says 556 by alexrustic | 263 comments on Hacker News.

IKEA Buys 11,000 Acres of U.S. Forest to Keep It from Being Developed 530 by Beggers1960 | 387 comments on Hacker News.

Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have "determined that the from The Hacker News https://ift.tt/3cfsvX7 via IFTTT

Newly discovered security vulnerabilities in ADT's Blue (formerly LifeShield) home security cameras could have been exploited to hijack both audio and video streams. The vulnerabilities (tracked as CVE-2020-8101) were identified in the video doorbell camera by Bitdefender researchers in February 2020 before they were eventually addressed on August 17, 2020. LifeShield was acquired by from The Hacker News https://ift.tt/36hRlSC via IFTTT

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack (CVE-2020-16043 and CVE-2021-23961) builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal from The Hacker News https://ift.tt/3otXTUA via IFTTT

I tried to report scientific misconduct. How did it go? 500 by ivank | 183 comments on Hacker News.

With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before. "Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images. from The Hacker News https://ift.tt/39nEtfD via IFTTT

Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have to bolster security around resetting passwords on user accounts. How can organizations bolster the from The Hacker News https://ift.tt/3ooCko2 via IFTTT

Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. Reported by an anonymous researcher, the three zero-day flaws — CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 — could have allowed an attacker to elevate privileges and achieve remote code execution. The iPhone maker did not from The Hacker News https://ift.tt/36cPONp via IFTTT

Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021. But at the end of the from The Hacker News https://ift.tt/3cbg4Md via IFTTT

Firefox 85 472 by amake | 256 comments on Hacker News.

Halt and Catch Fire Syllabus 453 by gammarator | 168 comments on Hacker News.

Firefox 85 Cracks Down on Supercookies 561 by todsacerdoti | 316 comments on Hacker News.

Myopia treatment 'smart glasses' from Japan to be sold in Asia 475 by isof4ult | 281 comments on Hacker News.

An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration from The Hacker News https://ift.tt/2YcHclG via IFTTT

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, successful exploitation of the from The Hacker News https://ift.tt/2Yd15cr via IFTTT

Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security from The Hacker News https://ift.tt/3iLuNi9 via IFTTT

Time-lapse of a single cell transforming into a salamander (2019) 472 by smusamashah | 121 comments on Hacker News.

Dominion Voting Systems Sues Rudy Giuliani 494 by cf100clunk | 650 comments on Hacker News.

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant's Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, Twitter, LinkedIn from The Hacker News https://ift.tt/36d1Y9c via IFTTT

Suspended from Google Play for listing supported subtitle formats 540 by moneytoo | 285 comments on Hacker News.

Upvote to encourage more people to visit New Links on Hacker News 538 by crazypython | 82 comments on Hacker News.

PGM Indexes: Learned indexes that match B-tree performance with 83x less space 536 by hbrundage | 110 comments on Hacker News.

Google has turned off access to sync features for Chromium 415 by stsewd | 178 comments on Hacker News.

I bought 200 Raspberry Pi Model B’s and I’m going to fix them 464 by stedaniels | 155 comments on Hacker News.

Please don't say just hello in chat (2013) 448 by talhof8 | 349 comments on Hacker News.

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted from The Hacker News https://ift.tt/39fJczR via IFTTT

WhatsApp loses millions of users after terms update 574 by pseudolus | 294 comments on Hacker News.

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said. The link to the fake from The Hacker News https://ift.tt/3afZd8v via IFTTT

Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat from The Hacker News https://ift.tt/2LUudCO via IFTTT

Deskreen – Turn any device with a web browser to a second computer screen 525 by maydemir | 128 comments on Hacker News.

Pip has dropped support for Python 2 730 by groodt | 572 comments on Hacker News.

Facebook shuts down the Socialist Workers Party in Britain 525 by jimmy2020 | 501 comments on Hacker News.

Atomic resolution video of salt crystals forming in real time 653 by rbanffy | 124 comments on Hacker News.

Dissecting the Apple M1 GPU, Part II 569 by dddddaviddddd | 185 comments on Hacker News.

Show HN: Iconduck – 100k open source icons, downloadable and searchable 512 by onassar | 74 comments on Hacker News.

Software engineering topics I changed my mind on 703 by goostavos | 461 comments on Hacker News.

Pidgin – A Universal Chat Client 666 by smusamashah | 443 comments on Hacker News.

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact details of the flaw from The Hacker News https://ift.tt/39TOvEs via IFTTT

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end from The Hacker News https://ift.tt/2KJUKCa via IFTTT

Brad Cox has died 642 by carlosrg | 118 comments on Hacker News.

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide from The Hacker News https://ift.tt/399oWzW via IFTTT

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary from The Hacker News https://ift.tt/3qKI7pU via IFTTT

New Intel CEO rehiring retired CPU architects 640 by rbanffy | 417 comments on Hacker News.

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones with near-seamless fluidity, and the best part is that from The Hacker News https://ift.tt/3qJ9osw via IFTTT

Still alive 664 by Lewton | 225 comments on Hacker News.

AWS announces forks of Elasticsearch and Kibana 632 by ke4qqq | 540 comments on Hacker News.

Rust for Windows 585 by dsr12 | 199 comments on Hacker News.

Ask HN: Anyone know any funny programming jokes? 625 by arthurcolle | 752 comments on Hacker News. Can be super esoteric or super generalized, I love it when I get them, or when I just learn something new.

Porting Firefox to Apple Silicon 606 by sylvestre | 205 comments on Hacker News.

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the from The Hacker News https://ift.tt/2LRMdh0 via IFTTT

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history. Calling the threat actor "skillful and methodic operators who follow from The Hacker News https://ift.tt/3p5fmDM via IFTTT

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do list. One other reason to ignore web application protectioncould be your belief that only large from The Hacker News https://ift.tt/3iC4UkD via IFTTT

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point from The Hacker News https://ift.tt/398b7C1 via IFTTT

Show HN: I built an online interactive course that helps you learn Vim faster 577 by CoffeePython | 254 comments on Hacker News.

Select a muscle and it provides the exercises to workout the selected muscle 752 by punkspider | 172 comments on Hacker News.

Show HN: Beeper – All Your Chats in One App 592 by erohead | 335 comments on Hacker News.

I no longer trust The Great Suspender 621 by davidfstr | 236 comments on Hacker News.

Kids find a security flaw in Linux Mint by mashing keys 586 by subins2000 | 258 comments on Hacker News.

Capitol Attack Was Months in the Making on Facebook 567 by alexrustic | 776 comments on Hacker News.

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group from The Hacker News https://ift.tt/38XX0is via IFTTT

Ask HN: Anyone else burnt out due to extended lockdown and work-from-home? 569 by throwwfh | 438 comments on Hacker News. I'm no more productive at work. I produce in a week the same amount of code I used to produce in a day before the pandemic. Am I alone to feel work-from-home made things worse?

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications from The Hacker News https://ift.tt/2KzttSS via IFTTT

IPFS Support in Brave 556 by alexrustic | 183 comments on Hacker News.

GitHub has received a DMCA from MPA about torrent tracker nyaa.si 447 by livueta | 221 comments on Hacker News.

What You Should Know Before Leaking a Zoom Meeting 635 by danso | 188 comments on Hacker News.

We are sending more foster kids to prison than to college 519 by aminozuur | 377 comments on Hacker News.

Context switching costs more than we give it credit for 581 by maddynator | 347 comments on Hacker News.

BitLocker Lockscreen Bypass 564 by rdpintqogeogsaa | 123 comments on Hacker News.

‘Seven Sisters’ Myths May Reach Back 100k Years 443 by akamoonknight | 209 comments on Hacker News.

Amazon: Not OK – Why we had to change Elastic licensing 735 by buro9 | 370 comments on Hacker News.

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that from The Hacker News https://ift.tt/3nZ0Mfu via IFTTT

Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in the from The Hacker News https://ift.tt/3bS2Q6F via IFTTT

Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are from The Hacker News https://ift.tt/39Nrtib via IFTTT

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in Linux devices to co-opt the systems into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency. The attacks involve a new malware variant called "FreakOut" that leverages newly patched flaws in TerraMaster, Laminas Project (formerly Zend Framework), and from The Hacker News https://ift.tt/3ipqqsX via IFTTT

I wasted $40k on a fantastic startup idea 631 by swyx | 299 comments on Hacker News.

Software effort estimation is mostly fake research 630 by walterclifford | 240 comments on Hacker News.

GPT-Neo – Building a GPT-3-sized model, open source and free 594 by sieste | 226 comments on Hacker News.

HR is not your friend, and other things I think you should know 578 by atg_abhishek | 344 comments on Hacker News.

Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network from The Hacker News https://ift.tt/35QSLmH via IFTTT

Google Safe Browsing can kill a startup 634 by gomox | 229 comments on Hacker News.

WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of from The Hacker News https://ift.tt/2NcdATl via IFTTT

The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by from The Hacker News https://ift.tt/39DSLI0 via IFTTT

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name "JokerStash" — said "it's time for us to leave forever" and that "we will never ever open again," from The Hacker News https://ift.tt/3iglNkV via IFTTT

Signal is having technical difficulties 496 by tonymet | 440 comments on Hacker News.

Thanks HN: You helped save a company that now helps thousands make a living 545 by callmevlad | 64 comments on Hacker News. Dear HN, I’m feeling a deep sense of gratitude this morning, and wanted to share it with you all. On this day in 2013, the Webflow co-founders were huddled around our usual desk that we claimed every early morning at the Hacker Dojo (a co-working space) in Mountain View, working like hell into the evenings to get something off the ground. We had quit our jobs about 6 months prior, and totally underestimated how long it would take to build even a beta. I had personally convinced my wife that we’d only have to be income-less for 3 months – the amount of savings we had in the bank – but that time had now doubled, and those savings were long gone. The Kickstarter campaign we had poured all of our savings into producing had fallen through, never even making it live because we hadn’t read the Terms of Service to learn that they didn’t allow SaaS subscriptions to be f...

Tell HN: Dropbox now requires access to contacts for Google login 549 by poxobloc | 346 comments on Hacker News. I remember I was using Google login to login to my Dropbox and in the last year or so Dropbox started asking me to access my contacts in Google. I would always deny access and still manage to successfully login. Yesterday I tried the same but with no luck. I contacted Dropbox support and this is their reply: > I'm afraid that is not possible at the time. I apologize for any inconvenience this may cause. Interesting that they chose this route when users are getting more and more privacy-aware.

Aquafaba 520 by david-given | 263 comments on Hacker News.