Amazing News...

Twitter on Tuesday announced an expansion to its private information policy to include private media, effectively prohibiting the sharing of photos and videos without express permission from the individuals depicted in them with an aim to curb doxxing and harassment. "Beginning today, we will not allow the sharing of private media, such as images or videos of private individuals without their from The Hacker News https://ift.tt/31hl0fd via IFTTT

Ask HN: Has Google search become quantitatively worse? 533 by itchyjunk | 319 comments on Hacker News. I used to have better time googling in the past. I struggle to find things I remember finding in the past using google. I think I might be stuck in some old habits of googling and I've lost touch with modern google. For example, google seems to want full sentences instead of just keywords now. "How do I do X?" seems to get me better(?) results then "X + some relevant keyword". But I can't seem to get past this "most popular responses" google things I need. I do appreciate youtube videos marked at certain times but watching video isn't always what I want to do. Tangentially, has youtube search been integrated to youtube search or something now? I used to be able to search obscure music in youtube. "Sal dulu a" would both recommend "Sal dulu antasma" and list it but now unless i search for that particularly, it doesn't...

One of the harsh realities of cybersecurity today is that malicious actors and attackers don’t distinguish between organizations that have seemingly endless resources and those operating with lean IT security teams. For these lean teams, meeting the challenges in the current security landscape requires constant attention, and sometimes a little support. XDR provider Cynet has built a new from The Hacker News https://ift.tt/3E8ePbz via IFTTT

Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers (MFPs) from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to mount other attacks. The two weaknesses — collectively called Printing Shellz — were discovered and from The Hacker News https://ift.tt/3xEltUB via IFTTT

4x Smaller, 50x Faster 510 by pama | 110 comments on Hacker News.

Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company said in a short statement published on November 26. from The Hacker News https://ift.tt/3d0O5ht via IFTTT

Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems. Tracked as CVE-2021-24084 (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain from The Hacker News https://ift.tt/3rmF1f9 via IFTTT

Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the from The Hacker News https://ift.tt/3ru1KFY via IFTTT

Accepted and ghosted: interviewing for a leadership position at Stripe 459 by danrocks | 222 comments on Hacker News. Recently I interviewed with Stripe for an engineering MoM (Manager of Managers) for one of their teams. I interview regularly, so I am used to many types of processes, feedback mechanisms, and so on. I won't go into details about the questions because there's nothing special about them, but I wanted to share some details of my experience for people thinking of interviewing there. 1) About 35-40% of the interviewers started their questioning by saying "I will only need 20 minutes for this", while emphasizing it is an important leadership position that they are hiring for. So 20 minutes is all needed to identify "important, critical leaders"? What a strange thing to say - also a GREAT way to make candidates feel important and wanted! 2) There is significant shuffling of interviewers and schedules. One almost has to be on-call to be able to r...

Winamp source code leak 439 by svlasov | 298 comments on Hacker News.

Tiny 496 by omarfarooq | 127 comments on Hacker News.

I resigned from Twitter 530 by ryzvonusef | 400 comments on Hacker News.

Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm ThreatFabric said the malware from The Hacker News https://ift.tt/3cZeY5d via IFTTT

Firefox is the alternative to a complete Chrome hegemony 472 by gmemstr | 283 comments on Hacker News.

Fleet, a Lightweight IDE from JetBrains 449 by bmc7505 | 239 comments on Hacker News.

North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as ScarCruft, also known as APT37, Reaper from The Hacker News https://ift.tt/2Zx2DSG via IFTTT

We use Internet-enabled devices in every aspect of our lives today—to find information, shop, bank, do homework, play games, and keep in touch with friends and family. As a result, our devices contain much personal information about us. Also, any great device will get a little clunky and slow over time and the Mac is no exception, and the whole "Macs don't get viruses" claim is a myth. Malware from The Hacker News https://ift.tt/31b9DFB via IFTTT

Threat actors are exploiting improperly-secured Google Cloud Platform (GCP) instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation. "While cloud customers continue to face a variety of threats across applications from The Hacker News https://ift.tt/3cWUH0b via IFTTT

Indian academics throw weight behind Sci-Hub and LibGen in landmark case 489 by ofou | 84 comments on Hacker News.

Tell HN: GitHub is down again 432 by pupdogg | 264 comments on Hacker News. Yet somehow https://ift.tt/2rzqrAY is ALL GREEN! smh

A joint four-month operation coordinated by Interpol, the international criminal police organization, has culminated in the arrests of more than 1,000 cybercriminals and the recovery of $27 million in illicit proceeds. Codenamed "HAECHI-II," the crackdown enabled law enforcement units from across 20 countries, as well as Hong Kong and Macao, close 1,660 cases alongside blocking 2,350 bank from The Hacker News https://ift.tt/3E6fVVj via IFTTT

Books that changed my career as a software engineer 506 by julianogtz | 240 comments on Hacker News.

Proof of stake is a scam and the people promoting it are scammers 469 by alg0rith | 386 comments on Hacker News.

Zillow lost money because they weren't willing to lose money 447 by mjmayank | 317 comments on Hacker News.

Ask HN: What are the best-designed things you've ever used? 433 by whitepoplar | 887 comments on Hacker News. I'll go first. I think the Bialetti Brikka is exceptional: https://ift.tt/3raNZMj...

The fish shell is amazing 434 by RMPR | 283 comments on Hacker News.

OpenLGTV: Legal reverse engineering and research of LG TVs firmware 590 by transpute | 296 comments on Hacker News.

Greening of the Earth Mitigates Surface Warming (2020) 433 by themantra514 | 281 comments on Hacker News.

Apple will notify users about state-sponsored cybersecurity threats 527 by evercast | 148 comments on Hacker News.

Italy's antitrust regulator has fined both Apple and Google €10 million each for what it calls are "aggressive" data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato (AGCM) said "Google and Apple did not provide clear and immediate information on the from The Hacker News https://ift.tt/3CWRzfi via IFTTT

Einstein award going to Paul Ginsparg for creating arXiv.org 608 by endymi0n | 45 comments on Hacker News.

An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade." That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is actively spreading across the sector with the likely goal of from The Hacker News https://ift.tt/3CUwu56 via IFTTT

90% of Black Friday deals were the same price or cheaper six months before 608 by belter | 206 comments on Hacker News.

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks. "[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware, from The Hacker News https://ift.tt/3nUsQEa via IFTTT

Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said from The Hacker News https://ift.tt/3HSqPAh via IFTTT

New German government calls for European ban on biometric mass surveillance 571 by giuliomagnifico | 131 comments on Hacker News.

Israel's Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms in the country are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list. The revised list, details of which were first reported by the Israeli business newspaper Calcalist, now only includes 37 countries, down from the previous 102: from The Hacker News https://ift.tt/313L2Th via IFTTT

Underrated Reasons to Be Thankful 593 by dynm | 201 comments on Hacker News.

Every Product Manager and Software Developer should know that pushing feature updates to production via traditional channels is as archaic as painting on cave walls. The smart are always quick to adapt to new, innovative technologies, and this mindset is exactly what makes normal companies great. The landscape is changing fast, especially in IT. Change isn't just necessary, but more often than from The Hacker News https://ift.tt/3nPFO5X via IFTTT

Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of this new malware from The Hacker News https://ift.tt/3ra1oo8 via IFTTT

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines. "[T]he stealer is a PowerShell script, short with powerful collection capabilities — in only ~150 lines, it provides the from The Hacker News https://ift.tt/30T0BgE via IFTTT

Tell HN: Happy Thanksgiving Everyone 550 by mr_o47 | 106 comments on Hacker News. I have been really thankful for hackernews. This place has been full of great knowledge and people. I really appreciate the efforts of the people who are running this platform. HAPPY THANKSGIVING

Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.  Need help from The Hacker News https://ift.tt/3cNMw6g via IFTTT

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it "detected malware samples in the wild that are attempting to take advantage of this from The Hacker News https://ift.tt/3cSHNA9 via IFTTT

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system, from The Hacker News https://ift.tt/3p2Sm9P via IFTTT

Samsung plans $17B chip plant in Taylor, Texas 514 by kungfudoi | 370 comments on Hacker News.

QOI: Lossless Image Compression in O(n) Time 500 by Ragnarork | 157 comments on Hacker News.

Things I learned from building a production database 475 by dangoldin | 100 comments on Hacker News.

Cocaine Paraphernalia Ads in the 70s 546 by mrzool | 478 comments on Hacker News.

The World's Deadliest Thing 535 by mkeeter | 217 comments on Hacker News.

Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese from The Hacker News https://ift.tt/3xngqrt via IFTTT

A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated new features into their malicious apps that make them more resilient to actions by users, who might try from The Hacker News https://ift.tt/3oWcES7 via IFTTT

Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps. It's important to understand that each from The Hacker News https://ift.tt/3tFsRN0 via IFTTT

At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the from The Hacker News https://ift.tt/3oYs1cK via IFTTT

Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court holding it accountable for illegally targeting users with its Pegasus surveillance tool, marking yet another setback for the Israeli spyware vendor. The Cupertino-based tech giant painted NSO Group as "notorious hackers — amoral 21st century mercenaries who have created highly sophisticated from The Hacker News https://ift.tt/2ZgQMbh via IFTTT

Boards are dangerous to founder/CEOs 574 by tosh | 264 comments on Hacker News.

Apple sues NSO Group to curb the abuse of state-sponsored spyware 559 by todsacerdoti | 208 comments on Hacker News.

Full key extraction of Nvidia TSEC 536 by vitplister | 130 comments on Hacker News.

Remix – A framework focused on web fundamentals and modern UX 526 by canyonero | 254 comments on Hacker News.

Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals.If we choose to go with this fun analogy, is there anything useful we can learn from those movies? World-ending baddies from The Hacker News https://ift.tt/3xhtz5f via IFTTT

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory reads. "Successful attacks of from The Hacker News https://ift.tt/3r3hQq3 via IFTTT

Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan (RAT) that's capable of carrying out financial fraud attacks by stealing two-factor authentication (2FA) codes and initiating rogue transactions from infected devices to transfer money from victims' accounts to an account operated by the threat actor. IBM X-Force dubbed the from The Hacker News https://ift.tt/30T0eCA via IFTTT

In the business world, mergers and acquisitions are commonplace as businesses combine, acquire, and enter various partnerships. Mergers and Acquisitions (M&A) are filled with often very complicated and complex processes to merge business processes, management, and a whole slew of other aspects of combining two businesses into a single logical entity. In the modern business world before and after from The Hacker News https://ift.tt/3nEKZWp via IFTTT

Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange Commission (SEC), the world's largest domain registrar said that a malicious third-party managed to gain from The Hacker News https://ift.tt/3cHQTzT via IFTTT

Fingerprints can be hacked 521 by SerCe | 218 comments on Hacker News.

The Stroad 504 by PaulHoule | 311 comments on Hacker News.

Rust Moderation Team Resigns 609 by hasheddan | 543 comments on Hacker News.

Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. "After a day and a from The Hacker News https://ift.tt/3oQ0hHd via IFTTT

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an investigation into a number of intrusions in the Middle East that culminated in the distribution of a from The Hacker News https://ift.tt/3oOsoGH via IFTTT

Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services from The Hacker News https://ift.tt/3czCQfs via IFTTT

Only 90s web developers remember this (2014) 518 by Fiveplus | 295 comments on Hacker News.

Advent of Code 2021 499 by amenghra | 108 comments on Hacker News.

Microsoft Edge’s new ‘Buy now, pay later’ feature is the definition of bloatware 477 by JCWasmx86 | 314 comments on Hacker News.

Ask HN: I feel so shallow and dumb when I see what other smart people are doing 465 by cdahmedeh | 318 comments on Hacker News. I was watching a video game documentary about the history of the RollerCoaster Tycoon franchise, a theme park management game that had both an easy learning curve but with incredibly sophisticated dynamics. What really impressed me however was the origins of the first two titles: written by one man in assembly language. At that point, I realized how mediocre and untalented I was. Nothing I’m doing in my life are anything that people will remember me for. Throughout my life, I’ve seen many awe inspiring projects done by extremely talented people, way more intelligent than I am, come to fruition. Over the years, I realized how shallow and dumb I really am. I’m uninteresting. Most of my career revolved around software development, something that I’ve done since I was 17 (now I'm 30) until a few years ago. I found myself writing entreprise software usually ...

A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass from The Hacker News https://ift.tt/3kU6VLu via IFTTT

A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as TA406, and by the from The Hacker News https://ift.tt/3nzYhTY via IFTTT

Vertiwalk Vertical Walking 460 by hliyan | 82 comments on Hacker News.

Tldraw – a tiny little drawing app 446 by ChrisArchitect | 111 comments on Hacker News.

Crypto Wash Trading 541 by paulpauper | 291 comments on Hacker News.

Show HN: Pony – a messenger for mindful correspondence 575 by dmitryminkovsky | 202 comments on Hacker News.

Elfshaker: Version control system fine-tuned for binaries 518 by jim90 | 107 comments on Hacker News.

Tasking developers with creating detailed estimates is a waste of time (2020) 453 by lauriswtf | 251 comments on Hacker News.

Twitter rolls back AMP support, no longer sends users to AMP pages 544 by twapi | 101 comments on Hacker News.

10 years of whatever this has been 462 by zdw | 680 comments on Hacker News.

Stacked changes: how FB and Google engineers stay unblocked and ship faster 461 by tomasreimers | 278 comments on Hacker News.

SerenityOS demo at Handmade Seattle 2021 [video] 661 by akling | 144 comments on Hacker News.

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible from The Hacker News https://ift.tt/3csxvqe via IFTTT

The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website. The two defendants in question — Seyyed Mohammad Hosein Musa Kazemi, 24, and from The Hacker News https://ift.tt/3DxzMMQ via IFTTT

The U.S. Federal Bureau of Investigation (FBI) has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had from The Hacker News https://ift.tt/3qSkqio via IFTTT

Today's businesses run on data. They collect it from customers at every interaction, and they use it to improve efficiency, increase their agility, and provide higher levels of service. But it's becoming painfully obvious that all of that data businesses collect has also made them an enticing target for cybercriminals. With each passing day, the evidence of that grows. In the last few months, from The Hacker News https://ift.tt/3DCBKM0 via IFTTT

Spy camera detection using smartphone time-of-flight sensors 639 by Nirali_Feige | 185 comments on Hacker News.

The clearnet and dark web payment portals operated by the Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public. According to MalwareHunterTeam, "while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their from The Hacker News https://ift.tt/30J8wN6 via IFTTT

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers from The Hacker News https://ift.tt/3cqtSRN via IFTTT

Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead from The Hacker News https://ift.tt/3oCLI9P via IFTTT

Organizations have been worrying about cyber security since the advent of the technological age. Today, digital transformation coupled with the rise of remote work has made the need for security awareness all the more critical. Cyber security professionals are continuously thinking about how to prevent cyber security breaches from happening, with employees and contractors often proving to be the from The Hacker News https://ift.tt/30Gt5tM via IFTTT

Show HN: I made a Chrome extension that can automate any website 558 by dkthehuman | 174 comments on Hacker News.

Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks. No less than six threat actors affiliated with the West Asian country have been discovered deploying ransomware to achieve their from The Hacker News https://ift.tt/3wWfwSy via IFTTT

How to grow sodium chloride crystals at home 575 by kdavis | 100 comments on Hacker News.

Ivermectin: Much More Than You Wanted to Know 559 by 4monthsaway | 518 comments on Hacker News.

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple from The Hacker News https://ift.tt/2YTjn6i via IFTTT

Apple announces Self Service Repair 572 by todsacerdoti | 197 comments on Hacker News.

Microsoft Calls Firefox’s Browser Workaround “Improper,” Will Block It 528 by Vinnl | 294 comments on Hacker News.

A malicious campaign has been found leveraging a technique called domain fronting to hide command-and-control traffic by leveraging a legitimate domain owned by the Myanmar government to route communications to an attacker-controlled server with the goal of evading detection. The threat, which was observed in September 2021, deployed Cobalt Strike payloads as a stepping stone for launching from The Hacker News https://ift.tt/3qHR5r3 via IFTTT

“Click to subscribe, call to cancel” is illegal, FTC says 513 by spzx | 178 comments on Hacker News.

Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. "The victimized websites belong to media outlets in the U.K., Yemen, and Saudi Arabia, as well as to Hezbollah; to government institutions in Iran ( from The Hacker News https://ift.tt/3wU0LQc via IFTTT

In the span of a few years, cryptocurrencies have gone from laughingstock and novelty to a serious financial instrument, and a major sector in high-tech. The price of Bitcoin and Ethereum has gone from single dollars to thousands, and they’re increasingly in the mainstream.  This is undoubtedly a positive development, as it opens new avenues for finance, transactions, tech developments, and more from The Hacker News https://ift.tt/3cpGlVG via IFTTT

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country. The Pakistani threat actor, dubbed SideCopy, is said to have used the platform to from The Hacker News https://ift.tt/3DkbnKF via IFTTT

Security issue related to the NPM registry 477 by ManuelKiessling | 171 comments on Hacker News.

I hate password rules 451 by CapitalistCartr | 363 comments on Hacker News.

There is currently no way to drive between Vancouver and the rest of Canada 423 by actually_a_dog | 259 comments on Hacker News.

Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique — dubbed "Blacksmith" (CVE-2021-42114, CVSS score: 9.0) — is designed to trigger bit flips on target refresh rate-enabled DRAM from The Hacker News https://ift.tt/3DmGVzn via IFTTT

Space debris forces astronauts on space station to take shelter in return ships 457 by tosh | 373 comments on Hacker News.

No fewer than 1,220 Man-in-the-Middle (MitM) phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users' credentials and carrying out further follow-on attacks. The findings come from a new study undertaken by a group of researchers from Stony Brook University and Palo Alto Networks, from The Hacker News https://ift.tt/3oyyhHZ via IFTTT

The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously from The Hacker News https://ift.tt/3DqBgIM via IFTTT

Individuals Matter 448 by benfrederickson | 207 comments on Hacker News.

A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom. "The group openly states that their motivation in attacking Israeli companies is to from The Hacker News https://ift.tt/3CkuGCc via IFTTT

Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed "SharkBot" by Cleafy, the malware is designed to strike a total of 27 targets — counting 22 unnamed international banks in Italy and the U.K. as well as five from The Hacker News https://ift.tt/30qEcHf via IFTTT