Amazing News...

A single line of code made a 24-core server slower than a laptop 478 by Ygg2 | 160 comments on Hacker News.

Linux Kernel RNG is now Blake2 instead of SHA1 and 3x faster 494 by tptacek | 138 comments on Hacker News.

FAA investigating controversial crash video 528 by nostromo | 407 comments on Hacker News.

Emfy: Emacs for You – Quickly set up vanilla Emacs for editing 440 by todsacerdoti | 159 comments on Hacker News.

Facebook said my article was false – now the fact-checkers admit they were wrong 480 by nradov | 664 comments on Hacker News.

Tools to Download Netflix / Disney / Apple TV Content 562 by janekg | 246 comments on Hacker News.

LastPass users warned their master passwords are compromised 543 by markplindsay | 314 comments on Hacker News.

iPhone camera app replaces person’s head with a leaf in photo 583 by davidbarker | 356 comments on Hacker News.

The gift of it's your problem now 570 by Tomte | 230 comments on Hacker News.

Experimental depression treatment is nearly 80% effective in controlled study 565 by carabiner | 284 comments on Hacker News.

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity from The Hacker News https://ift.tt/3qAKyN5 via IFTTT

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at from The Hacker News https://ift.tt/3JvpIYg via IFTTT

Please don't use Discord for FOSS projects 584 by Tomte | 449 comments on Hacker News.

Alexa suggests lethal challenge to child 617 by lwansbrough | 524 comments on Hacker News.

Italian Courts Find Open Source Software Terms Enforceable 622 by em-bee | 151 comments on Hacker News.

Ubisoft deleted account with hundreds of dollars’ worth of games for inactivity 558 by josephcsible | 520 comments on Hacker News.

Ontario bans non-competes and creates right to disconnect from work 564 by smitop | 171 comments on Hacker News.

Anti-mimetic tactics for living a counter-cultural life 616 by Ariarule | 263 comments on Hacker News.

You block ads in your browser, why not in your city? 560 by bearbin | 603 comments on Hacker News.

An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from from The Hacker News https://ift.tt/3eyEA9Z via IFTTT

The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a scale of 10 and from The Hacker News https://ift.tt/3exUcdQ via IFTTT

“Play-to-Earn” and Bullshit Jobs 695 by paulgb | 454 comments on Hacker News.

Prince of Persia in JavaScript 686 by colinprince | 159 comments on Hacker News.

Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among from The Hacker News https://ift.tt/3sAqygl via IFTTT

Ask HN: How did my LastPass master password get leaked? 605 by gregsadetsky | 325 comments on Hacker News. Hi, I've just had a bizarre thing happen and wanted to see if the HN community could come up with some theories as to what happened. LastPass blocked a login attempt from Brazil (it wasn't me). According to an email I received from LastPass, this login was using the LastPass account's master password. The email doesn't look like it's a phishing attempt. What troubles me is that the master password was stored in a local encrypted KeePassX file. I can imagine that someone has my KeePassX file and the (completely different) password to this file. If that's the case, I'm in a world of hurt. But are there any other possibilities? Is the email from LastPass accurate i.e. was the login attempt actually using my master password? Is there some LastPass extension installed on some computer still having a valid auth token allowing them to login as me to LastPas...

A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. "An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been from The Hacker News https://ift.tt/3Jnvye0 via IFTTT

Cybercrime is increasing exponentially and presents devastating risks for most organizations. According to Cybercrime Magazine, global cybercrime damage is predicted to hit $10.5 trillion annually as of 2025. One of the more recent and increasingly popular forms of tackling such issues by identifying is ethical hacking. This method identifies potential security vulnerabilities in its early from The Hacker News https://ift.tt/3JpehBs via IFTTT

Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie.  As perhaps the most talked-about movie for from The Hacker News https://ift.tt/3epp4gw via IFTTT

Researchers have discovered a new Android banking malware that targets Brazil’s Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. “This application has a similar icon and name that could trick users into thinking it is a legitimate app related to Itaú Unibanco,” Cyble researchers said in a from The Hacker News https://ift.tt/3Er8s2p via IFTTT

Researchers have discovered a new Android banking malware that targets Brazil’s Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. “This application has a similar icon and name that could trick users into thinking it is a legitimate app related to Itaú Unibanco,” Cyble researchers said in a from The Hacker News https://ift.tt/32nnPMC via IFTTT

A New Coefficient of Correlation 563 by malshe | 142 comments on Hacker News.

All the giant companies used ffmpeg (2020) 545 by tosh | 180 comments on Hacker News.

25-Dec. Shout-out to everyone else at work 592 by sandworm101 | 127 comments on Hacker News. I made a similar post last year at this time and, again, I am in my office on Christmas morning. There are a few days every year that really show which jobs are vital and which can be left aside for a day. I started my car this morning (-32, -40 with wind chill). On my way to work I drove past a hospital and a care home, both were manned. The dairy farm had its lights on. A cop with his flashers drove past me on the way to some emergency. The macdonalds drive-through was open too. I had to be at work by 0600, but I was relieving someone who had been sitting in another office since 1800. On my computer were the same dozen emails I get every morning, each from someone else who drew the short straw. There aren't many of us on HN that work weekends let alone Christmas morning, but If you too are sitting in a dark office remember that all across the world are millions of other people working ...

Tell HN: Microsoft forks MIT licensed repo, and changes the copyright to them 652 by mkdirp | 244 comments on Hacker News.

Tell HN: You are not alone this Christmas 533 by mattowen_uk | 154 comments on Hacker News. Hi, my Christmas is solitary this year, no family or friends. I'm not even having a Christmas dinner. I'm not sad about this, though. It's just the way it is. What I wanted to say is, if you are in the same situation, you are not alone. So have a virtual hug from me.

Running your own email is increasingly an artisanal choice, not a practical one 505 by throw0101a | 404 comments on Hacker News.

Street Fighter II paper trails – allocating sprite space by hand 529 by krajzeg | 74 comments on Hacker News.

Buying Influence: How China manipulates Facebook and Twitter 507 by bale | 389 comments on Hacker News.

Ask HN: Those making $500/month on side projects in 2021 – Show and tell 574 by folli | 610 comments on Hacker News. It seems this question hasn't been asked for some time, so I'd be interested hear what new (and old) ideas have come up.

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the issue relates from The Hacker News https://ift.tt/3Jih6Eg via IFTTT

Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. "Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] from The Hacker News https://ift.tt/3ErswSv via IFTTT

Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed "Blister" by researchers from Elastic Security, with the malware samples having  from The Hacker News https://ift.tt/3ErRaSK via IFTTT

Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "These vulnerabilities, especially Log4Shell, are severe," the intelligence agencies said in the new guidance. "Sophisticated cyber threat actors from The Hacker News https://ift.tt/3yRdxzS via IFTTT

By the end of 2021, there will be 12 billion connected IoT devices, and by 2025, that number will rise to 27 billion. All these devices will be connected to the internet and will send useful data that will make industries, medicine, and cars more intelligent and more efficient. However, will all these devices be safe? It's worth asking what you can do to prevent (or at least reduce) becoming a from The Hacker News https://ift.tt/3pm0Z0o via IFTTT

How to draw S-curved arrows between boxes 543 by alex_stoddard | 48 comments on Hacker News.

A security flaw has been unearthed in Microsoft's Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. The vulnerability, codenamed "NotLegit," was reported to the tech giant by Wiz researchers on October 7, 2021, following which mitigations have been undertaken to fix from The Hacker News https://ift.tt/3sse5uZ via IFTTT

Regulators Shut Down Lending Platform (YC Alum) LendUp 532 by boeingUH60 | 460 comments on Hacker News.

Microsoft said it won't be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March. The disclosure comes from Berlin-based cybersecurity firm Positive Security, which found that the implementation of the link preview feature was susceptible to a number of issues that could "allow accessing from The Hacker News https://ift.tt/30Vjfo0 via IFTTT

AWS appears to be down again 523 by riknox | 372 comments on Hacker News. Console is flickering between "website is unavailable" and being up for my team. This is happening very frequently just now, reliability seems to have taken a hit.

China's internet regulator, the Ministry of Industry and Information Technology (MIIT), has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report a critical security vulnerability affecting the broadly used Log4j logging library. The development was reported by Reuters and South China Morning from The Hacker News https://ift.tt/32wKgyE via IFTTT

Hidden Networks in TP-Link Routers 543 by ignitionmonkey | 192 comments on Hacker News.

A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always from The Hacker News https://ift.tt/3pjhnik via IFTTT

Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept (PoC) tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw affecting the from The Hacker News https://ift.tt/32rVYu1 via IFTTT

Facebook's parent company Meta Platforms on Monday said it has filed a federal lawsuit in the U.S. state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials. The social engineering scheme involved the creation of rogue webpages that masqueraded as the login from The Hacker News https://ift.tt/3pf6q11 via IFTTT

Against 3x Speed 485 by Ariarule | 328 comments on Hacker News.

The Big DevOps Misunderstanding 503 by WolfOliver | 303 comments on Hacker News.

An iframe from googlesyndication.com tries to access the camera and microphone 541 by authed | 269 comments on Hacker News.

Test your product on a crappy laptop 515 by dredmorbius | 302 comments on Hacker News.

CCPA Scam – Human subject research study conducted by Princeton University 476 by ColinWright | 328 comments on Hacker News.

Stealth bomber in flight on Google Maps 966 by edge17 | 207 comments on Hacker News.

The last several years have seen an ever-increasing number of cyber-attacks, and while the frequency of such attacks has increased, so too has the resulting damage. One needs only to look at CISA's list of significant cyber incidents to appreciate the magnitude of the problem. In May of 2021, for example, a ransomware attack brought down the Colonial Pipeline, causing a serious fuel disruption from The Hacker News https://ift.tt/3Ec0ASw via IFTTT

A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a "classic APT-type operation."  "This attack could have given total visibility of the network and complete control of a system and thus could be used as the first step in a multi-stage attack to penetrate from The Hacker News https://ift.tt/3EcxGBE via IFTTT

Bottles: GUI front end to run Windows software on Linux 559 by 1_player | 179 comments on Hacker News.

A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest Joker malware was found in a messaging-focused app named Color Message ("com.guo.smscolor.amessage"), from The Hacker News https://ift.tt/3p9nqWA via IFTTT

Lithuania evacuates its embassy in China 536 by baylearn | 571 comments on Hacker News.

Apple Helps Asahi Linux 536 by CraigJPerry | 172 comments on Hacker News.

Worker pay isn’t keeping up with inflation 607 by paulpauper | 804 comments on Hacker News.

Internet addiction and the habit of book reading 606 by shankarro | 327 comments on Hacker News.

Tokio Console 711 by hasheddan | 101 comments on Hacker News.

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability," from The Hacker News https://ift.tt/33zvbMZ via IFTTT

The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of the tool from 2.0-beta9 to 2.16.0, which from The Hacker News https://ift.tt/3e1N355 via IFTTT

TikTok streaming software is an illegal fork of OBS 651 by cwaffles | 203 comments on Hacker News.

Tqdm (Python) 682 by manjana | 150 comments on Hacker News.

Pelosi defends stock trading by lawmakers. ‘We are a free-market economy’ 581 by tiahura | 491 comments on Hacker News.

Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out "indiscriminate" targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies. To that end, the company said it alerted 50,000 users of from The Hacker News https://ift.tt/3p6awbY via IFTTT

Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group's attack toolset, Kaspersky from The Hacker News https://ift.tt/3GUAuVA via IFTTT

It's no secret that the internet isn't a very safe place. And it's not hard to understand why. It's a medium that connects billions of people around the world that affords bad actors enough anonymity to wreak havoc without getting caught. It's almost as if the internet's tailor-made to enable scams and fraud. And that's just what it does. Right now, the world's on track to lose $10.5 trillion from The Hacker News https://ift.tt/3sfaUXC via IFTTT

Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year. Israeli security firm Check Point Research, which detailed the attacks, said the latest evolutionary version "enables the botnet to operate from The Hacker News https://ift.tt/3GQwIfZ via IFTTT

Windows 11 Officially Shuts Down Firefox’s Default Browser Workaround 618 by beezle | 464 comments on Hacker News.

Ask HN: Are most of us developers lying about how much work we do? 740 by ConfessionTime | 496 comments on Hacker News. I have been working as a software developer for almost two decades. I have received multiple promotions. I make decent money, 3x - 4x my area's median salary, so I live a comfortable life. I have never been fired or unemployed for more than a few months total over my entire career. Through most of that time I have averaged roughly 5 - 10 hours of actual work a week. I'm not even discounting job related but non-coding time as not work. There are literally days in which the only time I spend on my job is the few minutes it takes to attend the morning stand-up. Then I successfully bullshit my way through our next stand-up to hide my lack of production. No one has ever called me out on this and my performance reviews range from mediocre to great. I'm generally a smart person. I went to a top 30 university, but it's not like I'm a genius or I'm c...

From Node to Ruby on Rails 596 by mokkol | 407 comments on Hacker News.

Don't start with microservices – monoliths are your friend 637 by galovics | 254 comments on Hacker News.

Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device's Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip. The novel attacks work against the so-called "combo chips," which are specialized chips that are equipped to handle different types of radio wave-based wireless communications, such as from The Hacker News https://ift.tt/3IWCWgo via IFTTT

Cyber threats used to be less threatening. While nobody wants their customers' credit card numbers stolen in a data breach, or to see a deranged manifesto plastered over their company website, such incidents can almost seem quaint compared to ransomware attacks that bring all of your critical information systems to a dead halt. The frequency of these attacks increased more than 150% in the U.S. from The Hacker News https://ift.tt/3q4jghJ via IFTTT

A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify from The Hacker News https://ift.tt/3oZjesj via IFTTT

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware. "This vulnerability is actively being exploited and from The Hacker News https://ift.tt/3s7hE9F via IFTTT

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution 583 by arkadiyt | 230 comments on Hacker News.

Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated activity designed to scrape people's public and private data targets every website or service," said from The Hacker News https://ift.tt/3m7uSzx via IFTTT

Today's cyber attackers are constantly looking for ways to exploit vulnerabilities and infiltrate organizations. To keep up with this evolving threat landscape, security teams must be on the lookout for potential risks around the clock. Since most organizations simply cannot afford to have 24x7 security teams, managed detection and response (MDR) services have become a critical aspect of any from The Hacker News https://ift.tt/30tT1J3 via IFTTT

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes from The Hacker News https://ift.tt/3IL7uSd via IFTTT

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to from The Hacker News https://ift.tt/3DVUQw6 via IFTTT

Plans you're not supposed to talk about 553 by dynm | 419 comments on Hacker News.

Go Replaces Interface{} with 'Any' 567 by brosciencecode | 299 comments on Hacker News.

The Apache Software Foundation (ASF) has pushed out a new fix for the Log4j logging utility after the previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations." The second vulnerability — tracked as CVE-2021-45046 — is rated 3.7 out of a maximum of 10 on the CVSS rating system and affects all versions of Log4j from 2.0-beta9 from The Hacker News https://ift.tt/3IT5WFC via IFTTT

Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago. Tracked as CVE-2021-30955, the issue could have enabled a malicious application to from The Hacker News https://ift.tt/3226kAU via IFTTT

Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. Tracked as CVE-2021-4102, the flaw relates to a use-after-free bug in the V8 JavaScript and WebAssembly engine, which could have severe consequences ranging from from The Hacker News https://ift.tt/3DTSuOf via IFTTT

Ask HN: Best Way to Contact YouTube 469 by S_A_P | 136 comments on Hacker News. I woke up this morning to an email from YouTube stating that my channel is banned for repeated violations. They didn’t specify what I violated but it could be anything from copyright to hate speech. Let me explain the content of all 5 videos on my 11 year + old channel. 1) a video of a squirrel that carried half a loaf of French bread along a fence and jumped into a tree. He dropped the bread during the jump but somehow managed to one hand/paw catch the bread and save it. 2) a friend of mine who was unable to ride a spring horse on a playground. 3)my son reacting to a scene from the movie hot rod(cool beans) this was a private video. 4) music video of my own music. No samples or other copyrighted material contained. 5) another music video also with no copyrighted material. I submitted a request to the YouTube forum but I suspect that is a black hole where support requests go to die. I’m not really all th...

Toyota owners have to pay $8/mo to keep using their key fob for remote start 504 by slobotron | 434 comments on Hacker News.

The Matrix Is Unreal 469 by vblanco | 224 comments on Hacker News.

Putty maintainer on his attitude towards security and open source 517 by AndrewDucker | 129 comments on Hacker News.

Japanese scientists develop vaccine to eliminate cells behind aging 461 by olalonde | 345 comments on Hacker News.

Log4j: Between a rock and a hard place 534 by todsacerdoti | 385 comments on Hacker News.

A previously undocumented, financially motivated threat group has been connected to a string of data theft and extortion attacks on over 40 entities between September and November 2021. The hacker collective, which goes by the self-proclaimed name Karakurt and was first identified in June 2021, is capable of modifying its tactics and techniques to adapt to the targeted environment, Accenture's from The Hacker News https://ift.tt/3yod0oN via IFTTT

With 2021 drawing to a close and many closing their plans and budgets for 2022, the time has come to do a brief wrap-up of the SaaS Security challenges on the horizon. Here are the top 3 SaaS security posture challenges as we see them.  1 — The Mess of Misconfiguration Management The good news is that more businesses than ever are using SaaS apps such as GitHub, Microsoft 365, Salesforce, Slack, from The Hacker News https://ift.tt/3DQAYKz via IFTTT

Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize from The Hacker News https://ift.tt/3oR6NyR via IFTTT

Threat actors are actively weaponizing unpatched servers affected by the newly disclosed "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo 360, disclosed  from The Hacker News https://ift.tt/3DNrgZC via IFTTT

This website has 81% battery power remaining 598 by behnamoh | 166 comments on Hacker News.

Professional maintainers: a wake-up call 485 by FiloSottile | 370 comments on Hacker News.

PSA: uBlock/AdBlocks on Chrome to lose function thanks to Manifestv3 492 by diplodocusaur | 288 comments on Hacker News.

Dracula Theme – A dark theme for many different apps 482 by vmbrasseur | 221 comments on Hacker News.

Summary of the AWS Service Event in the Northern Virginia (US-East-1) Region 521 by eigen-vector | 306 comments on Hacker News.

Sleep technique used by Salvador Dalí works 501 by ohiovr | 188 comments on Hacker News.

Turning a MacBook into a touchscreen with $1 of hardware (2018) 478 by hidden-spyder | 85 comments on Hacker News.

Julian Assange can be extradited to the US, court rules 579 by goodcanadian | 579 comments on Hacker News.

Groups never admit failure 475 by todsacerdoti | 341 comments on Hacker News.

Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting malware. "Also from The Hacker News https://ift.tt/3ycgdI0 via IFTTT

As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the plugins and themes in a from The Hacker News https://ift.tt/3oIg8c5 via IFTTT