Amazing News...

Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon device that will share some of your Internet bandwidth with your neighbors—unless you choose to opt out. Amazon intends to register its family of hardware devices that are operational in the U.S.—including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring from The Hacker News https://ift.tt/2SCuNYJ via IFTTT

Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't. Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory - this means that someone is impersonating you (or confusing some of your recipients) and releasing from The Hacker News https://ift.tt/3wQDEFb via IFTTT

Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail." The memory protection bypass from The Hacker News https://ift.tt/3i2h6gf via IFTTT

It's time for us in the tech world to speak out about cryptocurrency 622 by cratermoon | 685 comments on Hacker News.

Overkill objects for everyday life 581 by mrzool | 399 comments on Hacker News.

Amazon Prime inflates prices, using the false promise of ‘free shipping’ 607 by yarapavan | 257 comments on Hacker News.

Drunk Post: Things I've Learned as a Sr Engineer 558 by tosh | 247 comments on Hacker News.

Why Russians do not smile (2002) 532 by 1experience | 466 comments on Hacker News.

Amazon Refused to Refund $7k After Shipping an Empty Box Instead of a Sony A1 585 by luu | 361 comments on Hacker News.

Trials begin on lozenge that rebuilds tooth enamel 552 by beefman | 202 comments on Hacker News.

Google made it nearly impossible for users to keep their location private 599 by CapitalistCartr | 291 comments on Hacker News.

Booking.com gives €28m in bonuses to three top execs; Took €65m in State aid 602 by jsiepkes | 319 comments on Hacker News.

It's virtually impossible to read old iMessages and they take up tons of storage 585 by spenvo | 247 comments on Hacker News.

Safari tries to fill username 616 by knorthfield | 369 comments on Hacker News.

QUIC is now RFC 9000 544 by blucell | 218 comments on Hacker News.

Show HN: NocoDB – The Open Source Airtable Alternative 547 by nocodb | 155 comments on Hacker News.

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents from The Hacker News https://ift.tt/3wGtOp5 via IFTTT

I quit my job to focus on SerenityOS full time 797 by there | 143 comments on Hacker News.

Ask HN: Favorite Blogs by Individuals? 769 by zffr | 258 comments on Hacker News. What are your favorite blogs run by individual people? For example, some of the ones I like are: - https://jvns.ca/ - https://ift.tt/30HLCmQ - https://ciechanow.ski/

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the from The Hacker News https://ift.tt/2R67XbG via IFTTT

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. "This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," Tom Burt, Microsoft's from The Hacker News https://ift.tt/3hZa4ZH via IFTTT

How I, as someone who is visually impaired, use my iPhone (2020) 764 by eevilspock | 214 comments on Hacker News.

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat from The Hacker News https://ift.tt/3uuGGwU via IFTTT

River Runner: drop a raindrop anywhere in the USA, watch where it ends up 730 by prawn | 110 comments on Hacker News.

Neovim 0.5 is overpowering 723 by imbnwa | 404 comments on Hacker News.

Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have begun as early as April 21, 2021, involves a malicious file that masquerades as a setup executable from The Hacker News https://ift.tt/3vtNL2b via IFTTT

The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creating delivery documents that appear to be originating from the United Nations using up to date related from The Hacker News https://ift.tt/3wtPSmS via IFTTT

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE). The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks. Some from The Hacker News https://ift.tt/3i0emjw via IFTTT

Servers as they should be – shipping early 2022 717 by ykl | 206 comments on Hacker News.

Amazon acquires MGM for $8.5B 661 by helsinkiandrew | 636 comments on Hacker News.

Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions. Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius." "An analysis of what at first from The Hacker News https://ift.tt/34hlGiG via IFTTT

Vietnam War images from the North Vietnamese side 642 by pmoriarty | 473 comments on Hacker News.

WhatsApp on Wednesday fired a legal salvo against the Indian government to block new regulations that would require messaging apps to trace the "first originator" of messages shared on the platform, thus effectively breaking encryption protections. "Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would from The Hacker News https://ift.tt/2RDUIzh via IFTTT

M1racles: An Apple M1 covert channel vulnerability 579 by paulgerhardt | 154 comments on Hacker News.

A team of security researchers from Google has demonstrated yet another variant of the Rowhammer attack that bypasses all current defenses to tamper with data stored in memory. Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed.  "Unlike TRRespass, which exploits the blind spots from The Hacker News https://ift.tt/3bUb79n via IFTTT

Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016. The "blistering growth" in annual transaction volumes marks a staggering 624% year-over-year jump over a three-year period from 2018 to 2020. "Further buoying Hydra's growth is its ability—or its good from The Hacker News https://ift.tt/3wAhmHk via IFTTT

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. Tracked as CVE-2021-21985 (CVSS score 9.8), the issue stems from a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in the vCenter Server. "A malicious actor with network from The Hacker News https://ift.tt/3vr6GuK via IFTTT

It's probably time to stop recommending Clean Code (2020) 560 by avinassh | 490 comments on Hacker News.

YouTube approves ad by Belarusian gov with journalist from hijackd Ryanair plane 630 by notimetocry | 167 comments on Hacker News.

Stripe Payment Links 555 by joeyespo | 216 comments on Hacker News.

EU bans Belarusian airlines from European skies 580 by xendo | 365 comments on Hacker News.

Use native context menus on Mac OS 504 by reid | 238 comments on Hacker News.

DOOM Captcha 623 by jukkakoskinen | 160 comments on Hacker News.

Temptation of the Apple: Dolphin on macOS M1 511 by svenpeter | 357 comments on Hacker News.

Baltic airlines reroute flights to avoid Belarus airspace 557 by underscore_ku | 305 comments on Hacker News.

A Japanese company cut 80% of the time needed to manually count pearls 558 by morsanu | 219 comments on Hacker News.

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO. This person is the from The Hacker News https://ift.tt/2Nrn0HJ via IFTTT

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. "Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user," from The Hacker News https://ift.tt/3bR1KYd via IFTTT

Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. "Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during from The Hacker News https://ift.tt/2Sqh476 via IFTTT

Apple on Monday rolled out security updates for iOS, macOS, tvOS, watchOS, and Safari web browser to fix multiple vulnerabilities, including an actively exploited zero-day flaw in macOS Big Sur and expand patches for two previously disclosed zero-day flaws.  Tracked as CVE-2021-30713, the zero-day concerns a permissions issue in Apple's Transparency, Consent, and Control (TCC) framework in macOS from The Hacker News https://ift.tt/2SmnjJe via IFTTT

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "medium-high" likelihood to the Lazarus Group (aka APT38 or Hidden Cobra), researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in from The Hacker News https://ift.tt/3yvrNOt via IFTTT

As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful. These include phishing emails to harvest credentials and gain easy access to business-critical environments. Hackers are also using ransomware to hold your data hostage, demanding a ransom from The Hacker News https://ift.tt/3vbhr45 via IFTTT

Why I prefer making useless stuff 594 by azhenley | 202 comments on Hacker News.

Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. "In a telco setting, where a telco is monitoring thousands of sites, if a customer site is fully compromised, an attacker can use the vulnerabilities to compromise the telco, and then from The Hacker News https://ift.tt/3fh154y via IFTTT

Belarus 'diverts Ryanair flight to arrest journalist', opposition says 631 by cjnicholls | 554 comments on Hacker News.

Belarus diverts Ryanair flight to arrest journalist 597 by kensai | 161 comments on Hacker News.

One man’s fight for the right to repair broken MacBooks 536 by anandaverma18 | 250 comments on Hacker News.

Freesound just reached 500K Creative Commons sounds 489 by diibv | 50 comments on Hacker News.

Working at a startup is overrated, both financially and emotionally 473 by dshipper | 314 comments on Hacker News.

A new replication crisis: Research that is less likely to be true is cited more 458 by hhs | 209 comments on Hacker News.

Voice2json: Offline speech and intent recognition on Linux 440 by easrng | 94 comments on Hacker News.

The U.S. Department of Justice (DoJ) indicted an employee of the Federal Bureau of Investigation (FBI) for illegally removing numerous national security documents and willfully retaining them at her personal residence during a 13-year period from June 2004 to December 2017.  The federal indictment charged Kendra Kingsbury, 48, with two counts of having unauthorized possession of documents from The Hacker News https://ift.tt/3vnU9I8 via IFTTT

The adversary behind Conti ransomware targeted no fewer than 16 healthcare and first responder networks in the U.S. within the past year, totally victimizing over 400 organizations worldwide, 290 of which are situated in the country. That's according to a new flash alert issued by the U.S. Federal Bureau of Investigation (FBI) on Thursday. "The FBI identified at least 16 Conti ransomware attacks from The Hacker News https://ift.tt/3vaD9Fp via IFTTT

India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact from The Hacker News https://ift.tt/3vau3sf via IFTTT

2022 Ford F-150 Lightning 448 by awb | 1038 comments on Hacker News.

Learn CSS 661 by markodenic | 162 comments on Hacker News.

Animated GIF uses over 35GB RAM in Acorn on M1 Mac, likely due to memory leak 571 by zdw | 285 comments on Hacker News.

Spintronics: Build Mechanical Circuits 453 by mcp_ | 104 comments on Hacker News.

Before the iPhone, I worked on a few games for what were called "feature phones" 658 by tosh | 384 comments on Hacker News.

Ask HN: Favorite purchases of last two years? 411 by wyldfire | 1129 comments on Hacker News. I've abandoned all faith in reviews online. But the HN crew can give good advice and are extremely unlikely to shill garbage. Consumer Reports is great for finding which manufacturer/model to buy. But what product or service did you buy that you found really useful/entertaining? I'll start: I caved and bought a robovac. Wow, unlike many techno-gadgets, this one really delivers. Real utility, not just taking up space. Low maintenance, runs while I sleep, and the floor is just cleaner.

Improving Firefox stability on Linux 625 by TangerineDream | 226 comments on Hacker News.

U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date. The development was first reported by Bloomberg, citing "people with knowledge of the attack." The adversary that staged the intrusion is said to have allegedly demanded $60 million a week after from The Hacker News https://ift.tt/3uhFywV via IFTTT

Extreme HTTP Performance Tuning 730 by talawahtech | 106 comments on Hacker News.

Sublime Text 4 731 by ascom | 310 comments on Hacker News.

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team said in a from The Hacker News https://ift.tt/2TbW30F via IFTTT

Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. "By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users' private data was exposed," Check Point researchers said in an analysis published today and shared with from The Hacker News https://ift.tt/2T00CuB via IFTTT

Internet Explorer 11 (IE11) to be retired on June 15, 2022 647 by smukherjee19 | 255 comments on Hacker News.

If there's one thing all great SaaS platforms share in common, it's their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on (SSO) providers. With SSO at the helm, users don't have to remember separate passwords for each app or hide the digital copies of the credentials in plain sight. SSO also frees up the IT's bandwidth from The Hacker News https://ift.tt/3wqOZLX via IFTTT

An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack. "This malicious code seemingly targeted water utilities, particularly in Florida, and more importantly, was visited by a browser from the city of from The Hacker News https://ift.tt/3bHlT2H via IFTTT

Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days. "There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," the search giant said in an from The Hacker News https://ift.tt/33WYoi7 via IFTTT

Poor in Tech 592 by tosh | 597 comments on Hacker News.

Welcome to Libera Chat 627 by smitop | 234 comments on Hacker News.

A teenager's guide to avoiding work 594 by mad_ned | 95 comments on Hacker News.

DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. "In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. " from The Hacker News https://ift.tt/3oC9WRd via IFTTT

Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites. Called "Site Isolation," the implementation loads each website separately in its own operating system process and, as a result, prevents untrusted code from a rogue website from accessing from The Hacker News https://ift.tt/34061UV via IFTTT

AMP pages no longer get preferential treatment in Google search 536 by ColinWright | 129 comments on Hacker News.

Google on Tuesday announced a new feature to its password manager that could be used to change a stolen password automatically with a single tap. Automated password changes build on the tool's ability to check the safety of saved passwords. Thus when Chrome finds a password that may have been compromised as part of a data breach, it will prompt users with an alert containing a "Change Password" from The Hacker News https://ift.tt/2RmxVb7 via IFTTT

Nvidia cripples cryptocurrency mining on RTX 3080 and 3070 cards 532 by wglb | 694 comments on Hacker News.

The tools and tech I use to run a one-woman hardware company 528 by todsacerdoti | 71 comments on Hacker News.

Project Starline: Feel like you're there, together 553 by ra7 | 207 comments on Hacker News.

Terms and Conditions Game 500 by Clewza313 | 102 comments on Hacker News.

A police dog who cried drugs at every traffic stop 499 by pessimizer | 360 comments on Hacker News.

How M1 Macs feel faster than Intel models: it’s about QoS 496 by giuliomagnifico | 402 comments on Hacker News.

Ethereum will use around 99.95% less energy post merge 703 by vishnu_ks | 625 comments on Hacker News.

In July 2018, when Guizhou-Cloud Big Data (GCBD) agreed to a deal with state-owned telco China Telecom to move users' iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a deep-dive report from The New York Times, Apple's privacy and security concessions have "made from The Hacker News https://ift.tt/3wk2JYP via IFTTT

Leaders in the InfoSec field face a strange dilemma. On the one hand, there are hundreds of thousands of resources available to find online to read (or watch) if they have questions – that's a benefit of a digital-first field. On the other hand, most leaders face challenges that – while not entirely unique each time – tend to require a specific touch or solution. For most, it would be great to from The Hacker News https://ift.tt/3fv87RS via IFTTT

A total of 158 privacy and security issues have been identified in 58 Android stalkware apps from various vendors that could enable a malicious actor to take control of a victim's device, hijack a stalker's account, intercept data, achieve remote code execution, and even frame the victim by uploading fabricated evidence. The new findings, which come from an analysis of 86 stalkerware apps for from The Hacker News https://ift.tt/2RsQ86z via IFTTT

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. Dubbed "Bizarro" by Kaspersky researchers, the Windows malware is "using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping [sic] with from The Hacker News https://ift.tt/2SUJqqp via IFTTT

Why is the Gaza Strip blurry on Google Maps? 460 by vanusa | 201 comments on Hacker News.

Try This One Weird Trick Russian Hackers Hate 442 by todsacerdoti | 200 comments on Hacker News.

Apple Music Announces Spatial Audio and Lossless Audio 549 by todsacerdoti | 518 comments on Hacker News.

Cosmopolitan Libc 1.0 501 by Orochikaku | 104 comments on Hacker News.

CEO behind Japan’s best-performing stock says his secret is raising salaries 515 by dgudkov | 241 comments on Hacker News.

Building a personal website in 2021 494 by mkosmul | 189 comments on Hacker News.

China lands rover on Mars 572 by rococode | 311 comments on Hacker News.

The Return of Fancy Tools 442 by typeofnandev | 210 comments on Hacker News.

Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My Bluetooth" broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices that then upload the data for from The Hacker News https://ift.tt/3bxonR4 via IFTTT

In today's digital world, password security is more important than ever. While biometrics, one-time passwords (OTP), and other emerging forms of authentication are often touted as replacements to the traditional password, today, this concept is more marketing hype than anything else. But just because passwords aren't going anywhere anytime soon doesn't mean that organizations don’t need to from The Hacker News https://ift.tt/3wcQQUw via IFTTT

Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey (AHK) scripting language to deliver multiple remote access trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems. At least four different versions of the campaign have been spotted starting February 2021, according to researchers from Morphisec Labs from The Hacker News https://ift.tt/2S16DHa via IFTTT

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark websites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content from The Hacker News https://ift.tt/3tX90Ia via IFTTT

Observing my cellphone switch towers 581 by ingve | 103 comments on Hacker News.

Modern Javascript: Everything you missed over the last 10 years (2020) 622 by EntICOnc | 359 comments on Hacker News.

DarkSide ransomware gang quits after servers, Bitcoin stash seized 547 by feross | 444 comments on Hacker News.

Show HN: A URL Lengthener 563 by ykdojo | 160 comments on Hacker News.

I am resigning along with most other Freenode staff 519 by ilkkao | 218 comments on Hacker News.

Scala 3.0 532 by jupblb | 174 comments on Hacker News.