Amazing News...

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "vfs_fruit" from The Hacker News https://ift.tt/Lc97Ejk1b via IFTTT

The New York Times buys Wordle 625 by lucis | 417 comments on Hacker News.

Moderna’s HIV vaccine has officially begun human trials 697 by grawprog | 282 comments on Hacker News.

The new hire who showed up is not the same person we interviewed 603 by amadeuspzs | 340 comments on Hacker News.

Adblocking people and non-adblocking people experience a different web 549 by decrypt | 564 comments on Hacker News.

Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of from The Hacker News https://ift.tt/MIpS3TxAZ via IFTTT

An Israeli national was sentenced to 97 months in prison in connection with operating the DeepDotWeb (DDW) clearnet website, nearly a year after the individual pleaded guilty to the charges. Tal Prihar, 37, an Israeli citizen residing in Brazil, is said to have played the role of an administrator of DDW since the website became functional in October 2013. He pleaded guilty to money laundering from The Hacker News https://ift.tt/BUdQCrNhW via IFTTT

A UX designer walks into a Tesla Bar 521 by radley | 314 comments on Hacker News.

Show HN: Web page that parses and explains the label on a bike tire 485 by moasda | 126 comments on Hacker News. History: Last year I had to replace the tire on my bike, and I was surprised how difficult it was to find a suitable new tire. There were a lot of numbers written on the casing, so I googled what they meant. In the end I was successful, but I didn't want to do the same work again for the next bike after I've forgotten the details. So I wrote this website. Technically, the web page is kept very simple, no frameworks, no templates, no website builder. It uses HTML5, CSS and JavaScript, and it privides a responsive layout for mobile usage. I'm happy to receive feedback. If you have tried the label of your bike tire, and it doesn't work, please post it as well. Thanks!

Did I just lose half a million dollars? 566 by olegious | 681 comments on Hacker News.

Black, the uncompromising Python code formatter, is stable 466 by crlees | 278 comments on Hacker News.

Nuanced communication usually doesn't work at scale 559 by tagolli | 225 comments on Hacker News.

Don't you lecture me with your thirty dollar website 586 by TheresNoTime | 145 comments on Hacker News.

Reclaiming the lost art of Linux server administration 549 by prea | 407 comments on Hacker News.

I got an FBI record at age 11 from dabbling in cryptography (2015) 493 by monort | 237 comments on Hacker News.

Apple removes Python 2.7 in macOS 12.3 beta 597 by tosh | 335 comments on Hacker News.

Apple contributes to OBS to support screen capture using ScreenCaptureKit 601 by jiripospisil | 151 comments on Hacker News.

Guess the daily Wordle in one try using the tweet distribution 485 by benhamner | 103 comments on Hacker News.

Ask HN: Hacker claimed ownership and then deleted my Facebook Page of 50k users 478 by metalised | 176 comments on Hacker News. As an update to [0] and [1], the scammers have now completely deleted my page of 50k subscribers. I am devastated. 10+ years of building a heavy metal community, gone like a puff of smoke, just like that. And Facebook still hasn't replied to a single message. I hate to imagine what would have happened if I was an actual business... I am reaching out to the HN community one last time. If anyone has any advice or can help me talk to an actual human being at Facebook and restore my page and ownership, please get in touch! (or if not, at least vote / comment your own frustrations or horror stories below, to help get my story be seen by such a person, if you think this post deserves it...) [0] https://ift.tt/3sHF5qr [1] https://ift.tt/3JWQCIJ

Washington state shuts down Amazon price-fixing program nationwide 604 by ilamont | 281 comments on Hacker News.

There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn’t take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You’d think that this issue no longer from The Hacker News https://ift.tt/3H5ZvxS via IFTTT

A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest from The Hacker News https://ift.tt/3g4crse via IFTTT

Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. " from The Hacker News https://ift.tt/32BWNRz via IFTTT

A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted from The Hacker News https://ift.tt/3r4z7ij via IFTTT

Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to from The Hacker News https://ift.tt/34fq98Z via IFTTT

A Minimum Viable Computer, or Linux for $15 594 by kotaKat | 302 comments on Hacker News.

The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets from The Hacker News https://ift.tt/3g0qBuo via IFTTT

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a from The Hacker News https://ift.tt/3447lcB via IFTTT

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Thee new framework, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users' browsing history for a given week into a handful of from The Hacker News https://ift.tt/3fYh1bf via IFTTT

Google Is Forcing Me to Dump a Perfectly Good Phone 749 by ciprian_craciun | 580 comments on Hacker News.

A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's from The Hacker News https://ift.tt/3G8RW8o via IFTTT

Nvidia prepares to abandon $40B Arm bid 710 by pseudolus | 402 comments on Hacker News.

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer said in a report. "In most cases, these from The Hacker News https://ift.tt/3H09lBp via IFTTT

The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being detected by security software, Italian cybersecurity firm Cleafy said in from The Hacker News https://ift.tt/3u1xsvF via IFTTT

A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans (RATs) and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks. "The malware uses multiple obfuscation techniques to evade antivirus, sandboxing, and analysis," enterprise security company Proofpoint  from The Hacker News https://ift.tt/3IycTed via IFTTT

Google Drive flags file only containing “1” for copyright infringement 686 by thanatosmin | 278 comments on Hacker News.

IBM’s Watson Health is sold off in parts 646 by alexmorley | 661 comments on Hacker News.

I recently hopped on the Lookout podcast to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, from The Hacker News https://ift.tt/3AGmFIR via IFTTT

I got pwned by my cloud costs 694 by andimm | 372 comments on Hacker News.

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are programs stored on the from The Hacker News https://ift.tt/342yDjw via IFTTT

Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted from The Hacker News https://ift.tt/3nOvpaA via IFTTT

The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete, from The Hacker News https://ift.tt/3AsBY7J via IFTTT

Charm – tools to make the command line glamorous 712 by hillcrestenigma | 131 comments on Hacker News.

Gmail account security is insane 654 by caseyf7 | 314 comments on Hacker News. I have a gmail account that I rarely use, but I know the password. I enter it correctly and get the following message: You’re trying to sign in on a device Google doesn’t recognize, and we don’t have enough information to verify that it’s you. For your protection, you can’t sign in here right now. Try again from a device or location where you’ve signed in before. Even if I get the code from the recovery email account, it won't work. Is this the AI hell Google throws you into if you get a new phone and computer in the same year? Has anyone else on HN run into this and found a solution?

I built a system that takes pictures of all the airplanes that fly over my house 615 by tosh | 146 comments on Hacker News.

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based from The Hacker News https://ift.tt/357axVf via IFTTT

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on from The Hacker News https://ift.tt/3fOIkog via IFTTT

Danish government makes its new economic model open source 531 by HumanReadable | 85 comments on Hacker News.

FalsiScan: Make it look like a PDF has been hand signed and scanned 545 by tercio | 233 comments on Hacker News.

Gitlab Handbook's HN Page 503 by mooreds | 186 comments on Hacker News.

Free Postgres databases for small projects 604 by mikeyhew | 147 comments on Hacker News.

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the from The Hacker News https://ift.tt/32j8PiC via IFTTT

The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to from The Hacker News https://ift.tt/3GR8KSb via IFTTT

Roblox October Outage Postmortem 530 by kbuck | 245 comments on Hacker News.

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled from The Hacker News https://ift.tt/3AipO17 via IFTTT

The internet changed my life 507 by janvdberg | 152 comments on Hacker News.

Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can from The Hacker News https://ift.tt/3tJJ7PM via IFTTT

Google requiring all ‘G Suite legacy free edition’ users to start paying 458 by codyogden | 664 comments on Hacker News.

Ask HN: Those making $500/month on side projects in 2022 – Show and tell 442 by deadcoder0904 | 486 comments on Hacker News. Previously asked on 2020 → https://ift.tt/3oJEwb5

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the from The Hacker News https://ift.tt/3rAItRH via IFTTT

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that from The Hacker News https://ift.tt/3fG4f1a via IFTTT

I automated my job over a year ago and haven't told anyone 454 by TriNetra | 364 comments on Hacker News.

1Password Has Raised $620M 541 by andrewdutton | 543 comments on Hacker News.

The story behind OS X’s Unix compliant certification 422 by azinman2 | 148 comments on Hacker News.

Do svidaniya, Igor, and thank you for Nginx 544 by nrvn | 159 comments on Hacker News.

No Place to Hide – U.K. campaign against end-to-encryption encryption 402 by intunderflow | 266 comments on Hacker News.

Effortless personal productivity (or how I learned to love my monkey mind) 392 by jakobgreenfeld | 95 comments on Hacker News.

hiccupFX.js 451 by rvieira | 78 comments on Hacker News.

Microsoft to Acquire Activision Blizzard 863 by totablebanjo | 530 comments on Hacker News.

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said from The Hacker News https://ift.tt/3qzvIaR via IFTTT

VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the from The Hacker News https://ift.tt/3qzfEWB via IFTTT

Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. I like the fact that I do not have to worry about accessing the Internet while I am away, or spending a lot of money on an international connection, or just staying offline while I am away. With public Wi-Fi, modern life has become a constant connection to the Internet, from The Hacker News https://ift.tt/3AbUrW8 via IFTTT

An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, from The Hacker News https://ift.tt/3nzDOyp via IFTTT

Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip from The Hacker News https://ift.tt/3IhjdXk via IFTTT

The curious case of the Raspberry Pi in the network closet (2019) 616 by BayAreaEscapee | 197 comments on Hacker News.

Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases as part of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called from The Hacker News https://ift.tt/3GDGjqO via IFTTT

UniCC, the biggest dark web marketplace of stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to from The Hacker News https://ift.tt/33kJdCG via IFTTT

Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a from The Hacker News https://ift.tt/3tuIb1z via IFTTT

The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation said in a statement. "Moscow continues to wage a hybrid war and is actively building forces in the from The Hacker News https://ift.tt/3qBdghW via IFTTT

A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021. IndexedDB from The Hacker News https://ift.tt/3GCxKwG via IFTTT

Essence: Desktop operating system built from scratch 629 by nbaksalyar | 144 comments on Hacker News.

Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," from The Hacker News https://ift.tt/3txu1Na via IFTTT

You can't go far in professional IT without being asked for some key certifications. In particular, most large companies today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many opportunities — including six-figure roles. There is just a small matter of some exams to pass. To help from The Hacker News https://ift.tt/3FvfLXq via IFTTT

In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses from The Hacker News https://ift.tt/3I21fYS via IFTTT

Multiple Sclerosis Causality 515 by nabla9 | 180 comments on Hacker News.

No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson, tweeted. The Security from The Hacker News https://ift.tt/3InQKj1 via IFTTT

Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking the intrusions from The Hacker News https://ift.tt/3zWIkvI via IFTTT

A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have purchased an arsenal of cyber crime tools in 2019, including crypters and remote administration tools (RATs from The Hacker News https://ift.tt/3KdXGAH via IFTTT

Ukrainian police authorities have nabbed five members of a gang that's believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million. The special operation, which was carried out in assistance with law enforcement officials from the U.K. and U.S., saw the arrest of an unnamed 36-year-old individual from from The Hacker News https://ift.tt/3trWofB via IFTTT

Engine cooling – why rocket engines don’t melt 451 by wolfram74 | 122 comments on Hacker News.

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and from The Hacker News https://ift.tt/3rkD1lQ via IFTTT

Music industry is suing youtube-dl hosters 456 by 2pEXgD0fZ5cF | 281 comments on Hacker News.

I think I know why you can't hire engineers right now 731 by cushychicken | 780 comments on Hacker News.

Ask HN: Firefox connection problems after enabling DoH? 602 by killdozer | 348 comments on Hacker News. The latest version of Firefox (96.0 and 95.02) seems to have a problem where as soon as you enable DOH (DNS over HTTPS) the browser is unable to establish any connections. Disabling this feature once enabled doesn't resolve the issue, closing the browser leaves processes hanging in the background consuming resources. Several of my friends have reported (Windows/Linux) seeing the same issue but we haven't been able to find a solution.

In MySQL, use “utf8mb4” instead of “utf8” (2016) 570 by pcr910303 | 309 comments on Hacker News.

An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed "CharmPower" for follow-on post-exploitation. "The actor's attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations from The Hacker News https://ift.tt/3rc0tSp via IFTTT

Cybersecurity teams have many demands competing for limited resources. Restricted budgets are a problem, and restricted staff resources are also a bottleneck. There is also the need to maintain business continuity at all times. It's a frustrating mix of challenges – with resources behind tasks such as patching rarely sufficient to meet security prerogatives or compliance deadlines. The multitude from The Hacker News https://ift.tt/3Go6OR5 via IFTTT

The U.S. Cyber Command (USCYBERCOM) on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's Cyber National Mission Force (CNMF)  from The Hacker News https://ift.tt/3tvUEBQ via IFTTT

Apple execs: Let's take a 30% cut of Uber and Lyft's membership programs (2018) 569 by mdoms | 606 comments on Hacker News.

Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service (DoS) issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes for iOS and iPadOS 15.2.1, termed it as a "resource exhaustion issue" that could be triggered when from The Hacker News https://ift.tt/3zRsrqy via IFTTT

Firefox 96 489 by NiekvdMaas | 336 comments on Hacker News.

CSS Gradients that avoid the “gray dead zone” 559 by joshwcomeau | 88 comments on Hacker News.

Show HN: I bought and tested the filtration of every mask on Amazon 505 by lloydarmbrust | 225 comments on Hacker News.

Who wrote this shit? 504 by rhazn | 272 comments on Hacker News.

With the last month of 2021 dominated by the log4J vulnerabilities discovery, publication, and patches popping up in rapid succession, odds are you have patched your system against Log4J exploitation attempts. At least some systems, if not all. You might even have installed the latest patch – at the time of writing, that is 2.17.1, but, if the last rapid patching cycle persists, it might have from The Hacker News https://ift.tt/3Firzwd via IFTTT

Student photographs people with hidden spy cam in the 1890s (2018) 548 by jakobdabo | 191 comments on Hacker News.

New Year, New CEO 492 by 0xedb | 149 comments on Hacker News.

YC’s $500k Standard Deal 442 by langitbiru | 231 comments on Hacker News.

UCLA Study Finds Laughter in 65 Species, from Rats to Cows 428 by cdepman | 175 comments on Hacker News.

See how DMARC, SPF, and DKIM work interactively 440 by anderspitman | 98 comments on Hacker News.

A study of 16 different Uniform Resource Locator (URL) parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty  and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C, from The Hacker News https://ift.tt/34DBT5l via IFTTT

I am a New York City public high school student. The situation is beyond control 517 by prawn | 729 comments on Hacker News.

New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. Attacks involving Abcbot, first disclosed by Qihoo 360's Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such from The Hacker News https://ift.tt/3r3Vp2j via IFTTT

Oh, 2022 517 by elkos | 377 comments on Hacker News.

Dev corrupts NPM libs 'colors' and 'faker', breaking thousands of apps 586 by curling_grad | 731 comments on Hacker News.

A routine gem update ended up creating $73k worth of subscriptions 516 by hartator | 317 comments on Hacker News.

Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science. "Ironically, all the information we gathered was possible thanks to the from The Hacker News https://ift.tt/3JXXR2Y via IFTTT