Posts

Showing posts from June, 2021

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Image
Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since from The Hacker News https://ift.tt/2SCnWPi via IFTTT

Hackers Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia

Image
Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu (aka "Virus"), the individual in question, was detained at the El Dorado airport in Bogotá, the Office of the Attorney General of Colombia said. <!--adsense--> Paunescu was previously from The Hacker News https://ift.tt/3Acbgjj via IFTTT

Stepping Back from Speaking

Stepping Back from Speaking 502 by alfredbez | 124 comments on Hacker News.

Bring back menus, QR codes are terrible

Bring back menus, QR codes are terrible 504 by prostoalex | 695 comments on Hacker News.

Intuit sabotages the Child Tax Credit

Intuit sabotages the Child Tax Credit 624 by samizdis | 267 comments on Hacker News.

Note that I wouldn’t pass the listed minimum requirements

Note that I wouldn’t pass the listed minimum requirements 610 by gone35 | 416 comments on Hacker News.

GitHub co-pilot as open source code laundering?

GitHub co-pilot as open source code laundering? 590 by agomez314 | 272 comments on Hacker News.

Authorities Seize DoubleVPN Service Used by Cybercriminals

Image
A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "On 29th of June 2021, law enforcement took down DoubleVPN," the agencies said in a seizure notice splashed on the now-defunct site. "Law enforcement gained access to the servers of DoubleVPN and seized personal from The Hacker News https://ift.tt/3dwsy0O via IFTTT

[Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web

Image
Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems. Today, there are hundreds of groups devoted to infiltrating almost every industry, from The Hacker News https://ift.tt/3xbkfzk via IFTTT

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

Image
A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading from The Hacker News https://ift.tt/3AcWk49 via IFTTT

A foreign seller has hijacked Cliff Stoll's Amazon Klein bottle listing

A foreign seller has hijacked Cliff Stoll's Amazon Klein bottle listing 568 by _Robbie | 156 comments on Hacker News.

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

Image
GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been developed in collaboration with OpenAI, and leverages Codex, a new AI system that's trained on from The Hacker News https://ift.tt/3h2L96L via IFTTT

How to Work Hard

How to Work Hard 706 by razin | 730 comments on Hacker News.

A Docker footgun led to a vandal deleting NewsBlur's MongoDB database

A Docker footgun led to a vandal deleting NewsBlur's MongoDB database 536 by ecliptik | 252 comments on Hacker News.

Dear Google: Public domain compositions exist

Dear Google: Public domain compositions exist 648 by mod50ack | 195 comments on Hacker News.

Mumble: Open-Source, Low Latency, High Quality Voice Chat

Mumble: Open-Source, Low Latency, High Quality Voice Chat 578 by danboarder | 244 comments on Hacker News.

YouTube takes down Xinjiang videos, forcing rights group to seek alternative

YouTube takes down Xinjiang videos, forcing rights group to seek alternative 597 by zdw | 242 comments on Hacker News.

GitHub Copilot: your AI pair programmer

GitHub Copilot: your AI pair programmer 696 by todsacerdoti | 371 comments on Hacker News.

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

Image
An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an analysis published Friday. "By mounting this exploit, the attacker can grant access to themselves from The Hacker News https://ift.tt/2U7OxnO via IFTTT

New API Lets App Developers Authenticate Users via SIM Cards

Image
Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity – username/email and password – has long outlived its usefulness. This is how multi-factor or two-factor from The Hacker News https://ift.tt/3y3FCSX via IFTTT

Google now requires app developers to verify their address and use 2FA

Image
Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and from The Hacker News https://ift.tt/3hghgi9 via IFTTT

The 'Fuck You' Pattern

The 'Fuck You' Pattern 738 by c7DJTLrn | 337 comments on Hacker News.

Sriracha sauce hits $150M+/Y with no sales team, no trademark and $0 in ad spend

Sriracha sauce hits $150M+/Y with no sales team, no trademark and $0 in ad spend 618 by dsr12 | 359 comments on Hacker News.

I Will Never Use a Microsoft Account to Log Into My Own PC

I Will Never Use a Microsoft Account to Log Into My Own PC 655 by terseus | 477 comments on Hacker News.

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

Image
Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when automatically from The Hacker News https://ift.tt/3do2wN3 via IFTTT

Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware

Image
Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China. The driver, called "Netfilter," is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting that "the actor's goal from The Hacker News https://ift.tt/3dnwh0r via IFTTT

DMARC: The First Line of Defense Against Ransomware

Image
There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it's making headlines. With businesses across the globe holding their breath, scared they might fall victim to the next major ransomware attack, it is now time to take action. The FBI IC3 report of 2020 classified Ransomware as the most financially damaging cybercrime of the year, with no major from The Hacker News https://ift.tt/3h5Xc3n via IFTTT

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

Image
A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers from The Hacker News https://ift.tt/3dl0zAO via IFTTT

SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers

Image
In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. "This recent activity was mostly unsuccessful, and from The Hacker News https://ift.tt/2UEn5OF via IFTTT

Reviews of Android TV launcher after Google added ads to the homescreen

Reviews of Android TV launcher after Google added ads to the homescreen 687 by pizza | 482 comments on Hacker News.

Sorry, we replaced that old technology, “see-through glass”

Sorry, we replaced that old technology, “see-through glass” 676 by dmart | 370 comments on Hacker News.

I was let go for refusing to deploy a dark pattern

I was let go for refusing to deploy a dark pattern 600 by codingclaws | 510 comments on Hacker News.

Blood test that finds 50 types of cancer is accurate enough to be rolled out

Blood test that finds 50 types of cancer is accurate enough to be rolled out 611 by kieranmaine | 375 comments on Hacker News.

Nvidia Canvas

Nvidia Canvas 604 by forgingahead | 176 comments on Hacker News.

I spent 5 years writing my own operating system

I spent 5 years writing my own operating system 760 by halfer53 | 110 comments on Hacker News.

Reddit’s disrespectful design

Reddit’s disrespectful design 745 by rognjen | 297 comments on Hacker News.

User Inyerface – A worst-practice UI experiment

User Inyerface – A worst-practice UI experiment 701 by andyjih_ | 163 comments on Hacker News.

Google Extends Support for Tracking Party Cookies Until 2023

Image
Google's sweeping proposals to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years. "While there's considerable progress with this initiative, it's become clear that more time is needed across the ecosystem to get this right," Chrome's from The Hacker News https://ift.tt/3wYlO3g via IFTTT

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

Image
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running from The Hacker News https://ift.tt/3qu7tJt via IFTTT

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

Image
A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits. Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin miner package called XMRig from The Hacker News https://ift.tt/3ddf7T6 via IFTTT

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards

Image
A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33, was arrested in Spain on June 28, 2018, and subsequently extradited to the U.S. the following year on from The Hacker News https://ift.tt/3dfc8K5 via IFTTT

WD My Book users wake up to find their data deleted

WD My Book users wake up to find their data deleted 689 by bjelkeman-again | 389 comments on Hacker News.

Clop Gang Partners Laundered $500 Million in Ransomware Payments

Image
The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. "The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a from The Hacker News https://ift.tt/3h2jbXE via IFTTT

Google turned me into a serial killer

Google turned me into a serial killer 634 by Kaizeras | 245 comments on Hacker News.

Django for Startup Founders: A better software architecture for SaaS startups

Django for Startup Founders: A better software architecture for SaaS startups 590 by Alex3917 | 129 comments on Hacker News.

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

Image
Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating from The Hacker News https://ift.tt/3jaLOUX via IFTTT

Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements

Image
Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The cloud gave businesses the agility to respond from The Hacker News https://ift.tt/2TVZyZi via IFTTT

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Image
Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information, from The Hacker News https://ift.tt/3gQ4g3D via IFTTT

Critical Auth Bypass Bug Affects VMware Carbon Black App Control

Image
VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x, from The Hacker News https://ift.tt/3gY5vgh via IFTTT

Antivirus Pioneer John McAfee Found Dead in Spanish Jail

Image
Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to despair," according to McAfee's lawyer Javier Villalba, Reuters reported. Security personnel at the Brians from The Hacker News https://ift.tt/3gYhDO9 via IFTTT

A backlash against gender ideology is starting in universities

A backlash against gender ideology is starting in universities 533 by Tomte | 887 comments on Hacker News.

Show HN: iPod.js – An online iPod that connects to Spotify and Apple Music

Show HN: iPod.js – An online iPod that connects to Spotify and Apple Music 512 by tonyhawkins | 96 comments on Hacker News.

John McAfee found dead in Spanish jail after court approves extradition to US

John McAfee found dead in Spanish jail after court approves extradition to US 607 by ews | 271 comments on Hacker News.

Costa Rica Has Run on 100% Renewable Electricity for 299 Days

Costa Rica Has Run on 100% Renewable Electricity for 299 Days 497 by Knajjars | 219 comments on Hacker News.

Ask HN: Feeling guilty for doing the bare minimum at work

Ask HN: Feeling guilty for doing the bare minimum at work 509 by awaythrown1 | 363 comments on Hacker News. For as long as I've been working professionally, I have been slacking around a lot of the time, reading blog posts, HN, often even reading (tech, biz-related) books and just doing the bare minimum for appearances sake but no one seems to notice. In the office I book a booth to work in to have some peace & quiet and have a couple of code commits prepared to not arouse suspicion. In companies with perf reviews I get some useful feedback here and there but most of the time it's positive, people love to work with me, I do get stuff done if I have to, but as soon as I can get away with doing close to nothing, I'll take the chance. I don't think I'm blocking other teams and I don't think I'm preventing my own team from having accomplishments and often people refer to me as being either partially or mostly responsible for shipping something because I m...

Internal Amazon documents shed light on how company pressures out office workers

Internal Amazon documents shed light on how company pressures out office workers 500 by flowerlad | 366 comments on Hacker News.

Pakistan-linked hackers targeted Indian power company with ReverseRat

Image
A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday from The Hacker News https://ift.tt/3d465Ig via IFTTT

[Whitepaper] Automate Your Security with Cynet to Protect from Ransomware

Image
It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked. Ransomware attacks are on the rise, and they've become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks would cost the world over $260 billion. A new whitepaper from XDR provider Cynet demonstrates how from The Hacker News https://ift.tt/3xKJbNT via IFTTT

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Image
Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches from The Hacker News https://ift.tt/3xKSayx via IFTTT

Brave Search beta

Brave Search beta 652 by vmullin | 501 comments on Hacker News.

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

Image
A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as CVE-2021-20019 (CVSS score from The Hacker News https://ift.tt/3d6QCXH via IFTTT

A from-scratch tour of Bitcoin in Python

A from-scratch tour of Bitcoin in Python 640 by yigitdemirag | 201 comments on Hacker News.

What's Inside the EU Green Pass QR Code?

What's Inside the EU Green Pass QR Code? 619 by zaik | 475 comments on Hacker News.

Unpatched Supply-Chain Flaw Affects 'Pling Store' Platforms for Linux Users

Image
Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply chain attacks and achieve remote code execution (RCE). "Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for from The Hacker News https://ift.tt/2SV8bmM via IFTTT

Your CPU may have slowed down on Wednesday

Your CPU may have slowed down on Wednesday 632 by superkuh | 377 comments on Hacker News.

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

Image
Cybersecurity researchers have disclosed a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from Trend Micro said in from The Hacker News https://ift.tt/35FVaQD via IFTTT

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

Image
U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. <!--adsense--> Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series, from The Hacker News https://ift.tt/3d47FcS via IFTTT

Git undo: We can do better

Git undo: We can do better 579 by arxanas | 356 comments on Hacker News.

Ask HN: I was hit with a patent troll lawsuit, how do I deal with it?

Ask HN: I was hit with a patent troll lawsuit, how do I deal with it? 488 by jblake | 193 comments on Hacker News. This particular patent troll has filed lawsuits with at least a dozen of my competitors in the past year. Some were voluntarily dismissed, some ongoing, rest unknown (based on my limited research skills). The patent in question involves downloading a remote database to a mobile device used as a lookup table when scanning a QR code. Yeah... I'm a one person company and have no idea what to do.

A dwarf planet coming within 11 AU of the sun over the next 10 years

A dwarf planet coming within 11 AU of the sun over the next 10 years 585 by MKais | 292 comments on Hacker News.

5 Critical Steps to Recovering From a Ransomware Attack

Image
Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities. A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021. Businesses must prepare for the possibility of a ransomware attack affecting their from The Hacker News https://ift.tt/3gJwCMW via IFTTT

DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps

Image
A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. "Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by from The Hacker News https://ift.tt/3qaZHEk via IFTTT

Japan's government plans to encourage 4-day workweek, but experts split

Japan's government plans to encourage 4-day workweek, but experts split 625 by m3at | 300 comments on Hacker News.

Nixos-unstable’s ISO_minimal.x86_64-Linux is 100% reproducible

Nixos-unstable’s ISO_minimal.x86_64-Linux is 100% reproducible 565 by todsacerdoti | 168 comments on Hacker News.

Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature

Image
A wireless network naming bug has been discovered in Apple's iOS operating system that effectively disables an iPhone's ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou, who found that the phone's Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name "%p%s%s%s%s%n" even after rebooting the phone or changing from The Hacker News https://ift.tt/3xH60C9 via IFTTT

Internet in a Box

Internet in a Box 488 by thunderbong | 115 comments on Hacker News.

Hire-to-fire at Amazon India?

Hire-to-fire at Amazon India? 497 by bobjones334 | 299 comments on Hacker News.

Life as a public school teacher in the San Francisco Bay Area in 2021

Life as a public school teacher in the San Francisco Bay Area in 2021 522 by rossvor | 656 comments on Hacker News.

State of the Windows: How many layers of UI inconsistencies are in Windows 10?

State of the Windows: How many layers of UI inconsistencies are in Windows 10? 478 by spideymans | 306 comments on Hacker News.

HBO Max accidentally sent an integration email test to users

HBO Max accidentally sent an integration email test to users 555 by minimaxir | 329 comments on Hacker News.

The Document Culture of Amazon

The Document Culture of Amazon 483 by ecliptik | 200 comments on Hacker News.

Massachusetts health notifications app installed without users’ knowledge

Massachusetts health notifications app installed without users’ knowledge 593 by ulucs | 297 comments on Hacker News.

Brave, the false sensation of privacy

Brave, the false sensation of privacy 581 by Santosh83 | 432 comments on Hacker News.

North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute

Image
South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which — "27.102.114[.]89 from The Hacker News https://ift.tt/3wEJTfm via IFTTT

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

Image
A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as " from The Hacker News https://ift.tt/3zNMYMi via IFTTT

80% of orgs that paid the ransom were hit again

80% of orgs that paid the ransom were hit again 588 by prostoalex | 312 comments on Hacker News.

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

Image
Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and from The Hacker News https://ift.tt/2SANpsD via IFTTT

Google Releases New Framework to Prevent Software Supply Chain Attacks

Image
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.  Called "Supply chain Levels for Software Artifacts" (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and from The Hacker News https://ift.tt/35B4o0y via IFTTT

[eBook] 7 Signs You Might Need a New Detection and Response Tool

Image
It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight. This combination usually results in one of two things – organizations from The Hacker News https://ift.tt/3iPZ1lX via IFTTT

Start Your Own ISP

Start Your Own ISP 496 by maxwell | 137 comments on Hacker News.

Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild

Image
Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser. from The Hacker News https://ift.tt/3q3RCkR via IFTTT

I wrote a children's book / illustrated guide to Apache Kafka

I wrote a children's book / illustrated guide to Apache Kafka 551 by mitchum_ | 108 comments on Hacker News.

Ohio Republicans close to imposing near-total ban on municipal broadband

Ohio Republicans close to imposing near-total ban on municipal broadband 452 by samizdis | 300 comments on Hacker News.

4-day workweek boosted workers' productivity by 40%, Microsoft Japan says

4-day workweek boosted workers' productivity by 40%, Microsoft Japan says 546 by evo_9 | 186 comments on Hacker News.

Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness

Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness 466 by anonymfus | 103 comments on Hacker News.

Amazon is blocking Google’s FLoC

Amazon is blocking Google’s FLoC 484 by estas | 226 comments on Hacker News.

The most copied StackOverflow snippet of all time is flawed (2019)

The most copied StackOverflow snippet of all time is flawed (2019) 607 by vinnyglennon | 278 comments on Hacker News.

Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments

Image
A Middle Eastern advanced persistent threat (APT) group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month. Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it from The Hacker News https://ift.tt/3zz4C6b via IFTTT

Wayfinder – a relaxing 'art game' in the browser

Wayfinder – a relaxing 'art game' in the browser 593 by vnglst | 115 comments on Hacker News.

A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran

Image
Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT) from The Hacker News https://ift.tt/3xkzky6 via IFTTT

Strengthen Your Password Policy With GDPR Compliance

Image
A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory requirements. Companies in the EU must have password policies that are compliant with the General Data from The Hacker News https://ift.tt/3xt7Y8Z via IFTTT

Researchers Uncover 'Process Ghosting' — A New Malware Evasion Technique

Image
Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. "With this technique, an attacker can write a piece of malware to disk in such a way that it's difficult to scan or delete it — and where it then executes the from The Hacker News https://ift.tt/3q0IBsy via IFTTT

Apple's iCloud+ “VPN”

Apple's iCloud+ “VPN” 597 by n1000 | 264 comments on Hacker News.

GitHub – nushell/nushell: A new type of shell

GitHub – nushell/nushell: A new type of shell 569 by axiomdata316 | 300 comments on Hacker News.

Ukraine Police Arrest Cyber Criminals Behind Clop Ransomware Attacks

Image
Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019. As part of a joint operation between the National Police of Ukraine and authorities from the Republic of Korea and the U.S., six defendants have been accused of running a double extortion from The Hacker News https://ift.tt/3cLnmWs via IFTTT

Malware Attack on South Korean Entities Was Work of Andariel Group

Image
A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development. "The way Windows commands and their options were used in this campaign is almost identical to previous Andariel from The Hacker News https://ift.tt/3cNTlFl via IFTTT

Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets

Image
As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets. "Ransomware operators often buy access from independent cybercriminal groups who infiltrate major from The Hacker News https://ift.tt/3gAuxBL via IFTTT

Utopia, a visual design tool for React, with code as the source of truth

Utopia, a visual design tool for React, with code as the source of truth 521 by rheeseyb | 116 comments on Hacker News.

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping

Image
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams. "Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such from The Hacker News https://ift.tt/3wtzjru via IFTTT

The rise of E Ink Tablets and Note Takers: reMarkable 2 vs Onyx Boox Note Air

The rise of E Ink Tablets and Note Takers: reMarkable 2 vs Onyx Boox Note Air 481 by GordonS | 424 comments on Hacker News.

The Elephant at WWDC

The Elephant at WWDC 467 by ingve | 201 comments on Hacker News.

Survey shows people no longer believe working hard will lead to a better life

Survey shows people no longer believe working hard will lead to a better life 542 by jason0597 | 546 comments on Hacker News.

Universities have formed a company that looks a lot like a patent troll

Universities have formed a company that looks a lot like a patent troll 549 by polm23 | 171 comments on Hacker News.

Experts Shed Light On Distinctive Tactics Used by Hades Ransomware

Image
Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER. "In many ways, the GOLD WINTER threat group is a typical post-intrusion ransomware threat group that pursues high-value targets to from The Hacker News https://ift.tt/3iGQIZE via IFTTT

Instagram‌ ‌Bug Allowed Anyone to View Private Accounts Without Following Them

Image
Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. "This bug could have allowed a malicious user to view targeted media on Instagram," Mayur Fartade said in a Medium post today. "An attacker could have been able to see details of private/archived posts, stories, reels, IGTV without following the user from The Hacker News https://ift.tt/3zsLxmk via IFTTT