Amazing News...

System76 Pangolin Linux-first laptop with AMD internals now in stock 429 by sampling | 298 comments on Hacker News.

Docker Desktop no longer free for large companies 411 by alanwreath | 376 comments on Hacker News.

Surveilance bill rushed through Australian parliament in 24 hours 398 by ghoda | 247 comments on Hacker News.

Apple acquires classical music streaming service Primephonic 413 by todsacerdoti | 293 comments on Hacker News.

Stop Waiting for Godot 354 by polm23 | 124 comments on Hacker News.

Train Wheels Are Cones 395 by trekhleb | 171 comments on Hacker News.

Apple and Google must allow other payment systems, new Korean law declares 504 by commoner | 236 comments on Hacker News.

New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7), from The Hacker News https://ift.tt/3ywY8TB via IFTTT

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity" (aka VIA), the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once from The Hacker News https://ift.tt/3DAYs7s via IFTTT

58% of Hacker News, Reddit and tech-savvy audiences block Google Analytics 467 by robin_reala | 300 comments on Hacker News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. Single-factor authentication is a method of signing in users to websites and remote systems by from The Hacker News https://ift.tt/3BrWFQA via IFTTT

The open calendar, task and note space is a mess 412 by quaintdev | 218 comments on Hacker News.

Details have emerged about a now-patched security vulnerability impacting the Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII). The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined "ProxyToken," was discovered by Le Xuan Tuyen, a researcher at from The Hacker News https://ift.tt/3sY5MoW via IFTTT

MarkMonitor left 60k domains for the taking 402 by agwa | 95 comments on Hacker News.

Show HN: I made a meme creator that makes around $4k a month 411 by par | 209 comments on Hacker News.

I hacked an office telephone to play Doom 434 by joshmanders | 57 comments on Hacker News.

China has forbidden under-18s from playing games for more than three hours/week 501 by extesy | 479 comments on Hacker News.

Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now), and therefore security was not an important consideration.  As a result, in most email systems encryption is still opportunistic, from The Hacker News https://ift.tt/3sW39E0 via IFTTT

Weird Languages 448 by razin | 497 comments on Hacker News.

Show HN: We built an end-to-end encrypted alternative to Google Photos 629 by vishnumohandas | 229 comments on Hacker News. Hello HN, Over the last year we've been building ente[1], a privacy-friendly, easy-to-use alternative to Google Photos. We've so far built Android[2][3], iOS[4], web[5] apps that encrypt your files and back them up in the background. You can access these across your devices, and share them with other ente users, end-to-end encrypted. You can also use our electron app[6] to maintain a local copy of your backed up files. We've built a fault-tolerant data replication layer that replicates your data to two different storage providers in the EU. We will be providing additional replicas as an addon in the future. We're relying on libsodium[7] for performing all cryptographic operations. Under the hood it uses XChaCha20 and XSalsa20 for encryption and Argon2 for key derivation. We have documented our architecture[8] and open-sourced our clients[9]. We ...

FB messenger silently censoring links, claims they were sent 497 by votick | 306 comments on Hacker News.

Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers.  Sounds like an exciting career, right?  If the comic-book comparisons aren’t working for you, perhaps some figures will. According to ZipRecruiter, the average salary of a cybersecurity professional is just over $100,000 a year. The Complete 2021 from The Hacker News https://ift.tt/3sVFT9b via IFTTT

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption." Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only from The Hacker News https://ift.tt/3gFGQO9 via IFTTT

The real OnlyFans scandal is the unaccountable power of platforms and banks 465 by shivbhatt | 252 comments on Hacker News.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 from The Hacker News https://ift.tt/3gCClnh via IFTTT

The Future of discord.py 454 by AngelOnFira | 146 comments on Hacker News.

Show HN: With a 9-5 job and 2 kids I have finally finished my first MVP 478 by mrhichem | 189 comments on Hacker News. Hello HN crowd. I worked on this project on weekends and evenings. I'm excited I made it into a presentable MVP, and it is so satisfying. I would like to get some honest feedback from this great community. I made https://ift.tt/3ykaazF , to scratch a personal itch. I myself trade options as a hobby, and I didn't find a screener that satisfies my need to be able to explore raw options data freely and without preset constraints. So I made this app that allows playing with options market data and extract interesting opportunities. The techs used: - Laravel + Jquery + Mysql - Tradier API for market data - DigitalOcean for hosting - OVH for domain name It costs me 5$/month to run the website. I'll be glade to continue if it proves to be a viable product in the long run and maybe I will take it to the next level and try monetize it. Note: the app is not suitab...

Canistilluse.com 543 by sjs382 | 356 comments on Hacker News.

Joe Rogan, confined to Spotify, is losing influence 446 by Tomte | 777 comments on Hacker News.

Arm China Has Gone Rogue 688 by xbmcuser | 358 comments on Hacker News.

Apple agrees to settle potential class action suit by U.S. developers 621 by throwaway888abc | 228 comments on Hacker News.

I switched from macOS to Linux after 15 years of Apple 613 by miles | 688 comments on Hacker News.

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments from The Hacker News https://ift.tt/2WnsTh2 via IFTTT

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure ( from The Hacker News https://ift.tt/3gBZE0J via IFTTT

Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. The flaw, which grants read, write, and delete privileges, has been dubbed "ChaosDB," with Wiz researchers noting that "the from The Hacker News https://ift.tt/2Y1eLue via IFTTT

Yt-dlp – A YouTube-dl fork with additional features and fixes 578 by makeworld | 211 comments on Hacker News.

TSMC hikes chip prices up to 20% amid supply shortage 576 by giuliomagnifico | 523 comments on Hacker News.

OnlyFans drops planned porn ban 662 by uptown | 1052 comments on Hacker News.

Samsung remotely disables TVs looted from South African warehouse 565 by barbacoa | 687 comments on Hacker News.

Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home. In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the from The Hacker News https://ift.tt/3mEs5ij via IFTTT

Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code. Of the 29 bugs addressed, 13 are from The Hacker News https://ift.tt/3DedBM5 via IFTTT

Forget watercooler conspiracies or boardroom battles. There's a new war in the office. As companies nudge their staff to return to communal workspaces, many workers don't actually want to – more than 50 percent of employees would rather quit, according to research by EY.  While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft – from The Hacker News https://ift.tt/3B5okGK via IFTTT

The All-Seeing “i”: Apple Just Declared War on Your Privacy 676 by ttctciyf | 270 comments on Hacker News.

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Foundation (versions 3.x and 4.x), and from The Hacker News https://ift.tt/3gyxF1X via IFTTT

Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system. Tracked as CVE-2021-1577 (CVSS score: 9.1), the issue — which is due to improper access control — could from The Hacker News https://ift.tt/38cBu8v via IFTTT

Burning out and quitting 628 by czottmann | 261 comments on Hacker News.

Prettymaps: Small Python library to draw customized maps from OpenStreetMap data 594 by sebg | 53 comments on Hacker News.

The most underused browser feature: reader mode 592 by frenkel | 252 comments on Hacker News.

I'm sure you would agree that, in today's digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials, or sometimes just referred to as 'Secrets,' are pieces of user or system-level confidential from The Hacker News https://ift.tt/38c1GQt via IFTTT

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian from The Hacker News https://ift.tt/38j0lat via IFTTT

Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun's Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication. McAfee, which discovered and reported the flaws to the German medical and pharmaceutical device company on January 11, 2021,  from The Hacker News https://ift.tt/3mE5Mcq via IFTTT

How Discord Stores Billions of Messages (2017) 581 by ibraheemdev | 306 comments on Hacker News.

A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia. Slovak cybersecurity firm attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin, an from The Hacker News https://ift.tt/3jdFyeM via IFTTT

Googlespeak – How Google limits thought about antitrust 562 by cyrusshepard | 191 comments on Hacker News.

Welcoming our first riders in San Francisco 510 by EvgeniyZh | 534 comments on Hacker News.

Apple’s crackdown on multicast 546 by todsacerdoti | 414 comments on Hacker News.

Gail.com 495 by isomorph | 104 comments on Hacker News.

Twitter starts to require login to view tweets 592 by oenetan | 424 comments on Hacker News.

A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge. "The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK)," from The Hacker News https://ift.tt/3DbnCcT via IFTTT

A previously undisclosed "zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq from The Hacker News https://ift.tt/3Dh8RW6 via IFTTT

Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. "While the ransomware crisis appears poised to get worse from The Hacker News https://ift.tt/3DcvF9h via IFTTT

A bike parts company ditched Amazon to support indie shops instead 565 by nabilhat | 320 comments on Hacker News.

More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "new vector of data exposure." "The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, from The Hacker News https://ift.tt/3mrhYNE via IFTTT

How I Experience Web Today 550 by mrestko | 211 comments on Hacker News.

The Coronavirus Is Here Forever 471 by prostoalex | 1005 comments on Hacker News.

FDA Approves First Covid-19 Vaccine 508 by PaulAnunda | 715 comments on Hacker News.

My mouse driver is asking for a firewall exemption (2019) 682 by Tijdreiziger | 347 comments on Hacker News.

On the link between great thinking and obsessive walking 448 by prostoalex | 194 comments on Hacker News.

ASML, a $300B Dutch firm, makes the machines that make semiconductors 548 by deegles | 240 comments on Hacker News.

EFF Joins Global Coalition Asking Apple CEO Tim Cook to Stop Phone-Scanning 537 by DiabloD3 | 204 comments on Hacker News.

Patterns in Confusing Explanations 551 by pabs3 | 158 comments on Hacker News.

Manim: An animation engine for explanatory math videos 567 by agmm | 67 comments on Hacker News.

One of the great resources available to businesses today is the large ecosystem of value-added services and solutions. Especially in technology solutions, there is no end to the services of which organizations can avail themselves. In addition, if a business needs a particular solution or service they don't handle in-house, there is most likely a third-party vendor that can take care of that for from The Hacker News https://ift.tt/3goscuq via IFTTT

ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has revealed. "Primarily operating on Raid Forums, the collective's moniker and motivation can partly be from The Hacker News https://ift.tt/3y8IuxB via IFTTT

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top from The Hacker News https://ift.tt/3mqgZxl via IFTTT

PAM Duress – Alternate passwords for panic situations 617 by xanthine | 251 comments on Hacker News.

Google’s ‘Project Hug’ paid out huge sums to keep game devs in the Play Store 570 by davweb | 399 comments on Hacker News.

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL from The Hacker News https://ift.tt/3zkMeNK via IFTTT

Google's Secret Initiative – “Project Hug” 583 by radmuzom | 171 comments on Hacker News.

Facebook hacker beat my 2FA, bricked my Oculus, and hit the company credit card 554 by tosh | 218 comments on Hacker News.

Another free CA as an alternative to Let's Encrypt 546 by mattowen_uk | 168 comments on Hacker News.

Chip shortage: Toyota to cut global production by 40% 552 by midnightcity | 683 comments on Hacker News.

Ask HN: What's the most life-changing blog post you've ever read? 537 by michalu | 350 comments on Hacker News. ... any blog post that had a major impact on your life, workflow, career, understanding, etc. qualifies.

Why wild foxes led you to treasure in Skyrim 592 by aresant | 214 comments on Hacker News.

SEC charges Netflix insider trading ring 543 by hhs | 382 comments on Hacker News.

Apple explicitly asks employees to merge their personal and work accounts 620 by luu | 326 comments on Hacker News.

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million from The Hacker News https://ift.tt/2WdXcqf via IFTTT

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, from The Hacker News https://ift.tt/3mkpQk0 via IFTTT

A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme. "The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the from The Hacker News https://ift.tt/380urQc via IFTTT

Mozi, a peer-to-peer (P2P) botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings. "Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat from The Hacker News https://ift.tt/3D339qA via IFTTT

A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart from The Hacker News https://ift.tt/2WcAGOv via IFTTT

OnlyFans to block sexually explicit videos starting in October 650 by minimaxir | 809 comments on Hacker News.

ImageNet contains naturally occurring Apple NeuralHash collisions 651 by yeldarb | 384 comments on Hacker News.

Show HN: Neural-hash-collider – Find target hash collisions for NeuralHash 581 by anishathalye | 322 comments on Hacker News.

Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer from The Hacker News https://ift.tt/3gdIje8 via IFTTT

Apple is suing smartphone emulation software startup Corellium 571 by webmobdev | 98 comments on Hacker News.

Asking nicely for root command execution and getting it 553 by TangerineDream | 130 comments on Hacker News.

A shot to prevent Lyme disease could be on its way 577 by Kaibeezy | 397 comments on Hacker News.

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw from The Hacker News https://ift.tt/3sudXcz via IFTTT

Ask HN: Google is confusing me with others in a harmful way – what can I do? 678 by AndreaVass | 202 comments on Hacker News. Hi Hacker News, I’m Andrea and I have a strange problem with Google that I’m wondering if any of you here can advise about. It’s affecting several people with the same name as me, whose lives are being impacted. In January 2021, I published a non-fiction book about a difficult, traumatic topic: my victimization and sex crimes that I witnessed toward other women. Because I am a victim, I chose not to put a photo of myself online. In fact, I have never ever taken a selfie nor had a photo of myself online. Four months after I published my book, Google created a knowledge panel for me and, because I didn’t have a photo online, they just grabbed a photo of another Andrea Vassell who lives in Canada and displayed it alongside my book and claimed this woman was the author. After spending weeks sending feedback and trying to get help from Google support, they finally...

A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by from The Hacker News https://ift.tt/3CZUogQ via IFTTT

Hash collision in Apple NeuralHash model 644 by sohkamyung | 236 comments on Hacker News.

IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients. The attacks, which occurred in two waves in May and July 2021, have been linked from The Hacker News https://ift.tt/3mdycKo via IFTTT

A virtual private network (VPN) is the perfect solution for a lot of issues you might experience online- accessing blocked sites, hiding your browsing activity, getting rid of internet throttling, finding better deals, and much more.  But does a VPN protect you from hackers? Is your private information and files safer on the internet with a VPN? How much of a difference does it make in terms of from The Hacker News https://ift.tt/2UuZLU0 via IFTTT

A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper. Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the from The Hacker News https://ift.tt/2UqTmcj via IFTTT

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands from The Hacker News https://ift.tt/3CUl8zj via IFTTT

Moderna Is About to Begin Trials for HIV Vaccine 590 by Saint_Genet | 265 comments on Hacker News.

Show HN: Imba – I have spent 7 years creating a programming language for the web 619 by somebee | 180 comments on Hacker News. Hey all My name is Sindre, and I am the CTO of Scrimba (YC S20). For the last 7 years, I have written all my web apps in a full-stack programming language called Imba. It compiles to JavaScript and its main goal is to make web developers more productive. I just launched a major overhaul of Imba, so I wanted to share it here on HN, in case anyone are interested in learning more about it. It is very opinionated, so some of you might not like it, but I would love to hear anyones feedback regardless. Constructive criticism appreciated! The backstory: Imba initially started in 2012 as an effort to bring the elegance and conciseness of Ruby into the browser, and also because I felt that JavaScript and the DOM should be more tightly coupled together. Over the years, I have taken inspiration from React/JSX, and also Tailwind. Since 2013, I have built several busines...

A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts. The application masquerades as an animated porn game, a reward points application, or a video streaming application, Trend Micro researchers Jaromir from The Hacker News https://ift.tt/3sogBQQ via IFTTT

The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house. Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security from The Hacker News https://ift.tt/2ZKCoq2 via IFTTT

Psst: Fast Spotify client with native GUI, without Electron, built in Rust 629 by tim-- | 248 comments on Hacker News.

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek "Luna" SDK up to version 1.3.2, could be abused by attackers to from The Hacker News https://ift.tt/3CTwW56 via IFTTT

The US federal government has spent $6.4T dollars on the post-9/11 wars 505 by hncurious | 432 comments on Hacker News.

Widelands is a free, open-source real-time strategy game 461 by doener | 100 comments on Hacker News.

Weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure could be weaponized as a vector to stage reflected denial of service (DoS) amplification attacks, surpassing many of the existing UDP-based amplification factors to date. Detailed by a group of academics from the University of Maryland and the University of Colorado Boulder at the USENIX Security from The Hacker News https://ift.tt/3ANSy0C via IFTTT

Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were detailed by a group of from The Hacker News https://ift.tt/37QQ8BS via IFTTT