Amazing News...

Namecheap: Russia Service Termination 674 by exizt88 | 754 comments on Hacker News. Just received this email: Dear XXXX, Unfortunately, due to the Russian regime's war crimes and human rights violations in Ukraine, we will no longer be providing services to users registered in Russia. While we sympathize that this war may not affect your own views or opinion on the matter, the fact is, your authoritarian government is committing human rights abuses and engaging in war crimes so this is a policy decision we have made and will stand by. If you hold any top-level domains with us, we ask that you transfer them to another provider by March 6, 2022. Additionally, and with immediate effect, you will no longer be able to use Namecheap Hosting, EasyWP, and Private Email with a domain provided by another registrar in zones .ru, .xn--p1ai (рф), .by, .xn--90ais (бел), and .su. All websites will resolve to 403 Forbidden, however, you can contact us to assist you with your transfer to another...

Hoppscotch: Open-source alternative to Postman 573 by MarcellusDrum | 199 comments on Hacker News.

A group of academics from Tel Aviv University have disclosed details of now-patched "severe" design flaws in Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android's hardware-backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 from The Hacker News https://ift.tt/H9SP1Xb via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system (ICS) advisory related to multiple vulnerabilities impacting Schneider Electric's Easergy medium voltage protection relays. "Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to from The Hacker News https://ift.tt/K3PJ7dw via IFTTT

One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story.  But the malware never ceased to surprise.  November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues from The Hacker News https://ift.tt/FHCwUT3 via IFTTT

Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security's co-founder Fabian Bräunlein said in a deep-dive from The Hacker News https://ift.tt/x0NPgGU via IFTTT

An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an uncategorized cluster it's tracking under the moniker UNC3313, which it assesses with "moderate from The Hacker News https://ift.tt/PFC8D3Q via IFTTT

A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent from The Hacker News https://ift.tt/v2BXT9E via IFTTT

Ukraine's Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country. "Mass phishing emails have recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related from The Hacker News https://ift.tt/Cw0H5yK via IFTTT

How I learned French in 12 months (2020) 542 by elamje | 248 comments on Hacker News.

Moving the Linux Kernel to Modern C 497 by chmaynard | 252 comments on Hacker News.

Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of from The Hacker News https://ift.tt/WKf9tHM via IFTTT

Soybean oil affects hypothalamus, causes genetic changes in mice: study (2020) 472 by whalesalad | 317 comments on Hacker News.

There's something about craftsmanship. It's personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings. The story of data centers is one of going from craftsmanship – where every individual machine is a pet project, maintained with great care – to mass from The Hacker News https://ift.tt/r8NG7Uw via IFTTT

ASUSTOR network-attached storage (NAS) devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. <!--adsense--> In response to the infections, the company has released firmware updates (ADM 4.0.4.RQO2) to "fix related security issues." The company is also urging users to take the following actions to keep data secure – from The Hacker News https://ift.tt/WzelZ2b via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8, from The Hacker News https://ift.tt/Bhet5cR via IFTTT

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) from The Hacker News https://ift.tt/WaxNlC4 via IFTTT

Russian forces invade Ukraine after Putin orders attack 643 by eis | 388 comments on Hacker News.

Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper "HermeticWiper" (aka KillDisk.NCV), with one of the malware samples compiled on December 28, 2021, implying that from The Hacker News https://ift.tt/qaQRiy9 via IFTTT

In our cashless society, we need to take digital jail seriously 696 by busymom0 | 524 comments on Hacker News.

Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further from The Hacker News https://ift.tt/Eqv5LVd via IFTTT

A career ending mistake 663 by ramimac | 257 comments on Hacker News.

Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.js, from The Hacker News https://ift.tt/N34Fgxj via IFTTT

Things you notice when you quit the news (2016) 740 by abhiminator | 457 comments on Hacker News.

Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. NFTs, short for non-fungible tokens, are digital tokens that act like certificates of authenticity for, and in some cases represent ownership of, assets that range from from The Hacker News https://ift.tt/DhgnrbJ via IFTTT

Why I will never buy another Samsung device 651 by farmerbb | 477 comments on Hacker News.

An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a threat actor tracked as APT10, also known as Stone Panda, the MenuPass group, and Bronze Riverside, from The Hacker News https://ift.tt/QvfyRiq via IFTTT

Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers," South Korean from The Hacker News https://ift.tt/lKwWyac via IFTTT

I have no capslock and I must scream 583 by mrzool | 290 comments on Hacker News.

I tested four NVMe SSDs from four vendors – half lose FLUSH’d data on power loss 553 by ahachete | 281 comments on Hacker News.

A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the from The Hacker News https://ift.tt/zU3GCiI via IFTTT

An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), in late January 2022 resulted in the deployment of a wiper malware and other custom implants, as the country's national infrastructure continues to face a wave of attacks aimed at inflicting serious damage. "This indicates that the attackers' aim was also to disrupt from The Hacker News https://ift.tt/UCs9r0Z via IFTTT

Be anonymous 559 by kashnote | 211 comments on Hacker News.

For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses.  And unfortunately — the bad guys have the upper hand at the moment. Part of the reason for that is the fallout from the rapid from The Hacker News https://ift.tt/c8YzhGb via IFTTT

Show HN: Test your shape rotation skills 541 by 0xf00ff00f | 167 comments on Hacker News. Hi all, hope someone enjoys (or not) my weekend project. See how many matching pairs you can find in two minutes. This is written in C++ and built to WebAssembly with Emscripten. The code is at https://ift.tt/Y3yTbfC

An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation. SMS PVA services, since gain prevalence in 2018, provide users with alternative mobile numbers that can be used to register for other online services from The Hacker News https://ift.tt/iatNKQP via IFTTT

Google Tag Manager, the new anti-adblock weapon 535 by thyrox | 293 comments on Hacker News.

The fastest GIF does not exist 438 by todsacerdoti | 44 comments on Hacker News.

Amazon sent the FBI to take my family’s bank accounts 662 by mooreds | 182 comments on Hacker News.

Scientist busts myths about how humans burn calories 718 by sohkamyung | 709 comments on Hacker News.

Controlling the nuclear fusion plasma in a tokamak with reinforcement learning 428 by 317070 | 206 comments on Hacker News.

The Unreasonable Math of Type 1 Diabetes 652 by grahar64 | 290 comments on Hacker News.

Apple's custom NVMes are amazingly fast – if you don't care about data integrity 643 by omnibrain | 348 comments on Hacker News.

Building for the 99% Developers 463 by bdburns | 300 comments on Hacker News.

The U.S. Department of Justice (DoJ) earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team (NCET) it established last year. The NCET was created to tackle the criminal misuse of cryptocurrencies and digital assets," with a focus on illegal activities in virtual currency exchanges, mixing and tumbling services, and money from The Hacker News https://ift.tt/CrVvWeJ via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The "Free Cybersecurity Services and Tools" resource hub comprises a mix of services provided by CISA, open-source utilities, and other from The Hacker News https://ift.tt/m6qpUzW via IFTTT

Patches have been issued to contain a "severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, allowing untrusted users from The Hacker News https://ift.tt/Me87Tnj via IFTTT

Happy 15th birthday Hacker News 835 by andrelaszlo | 124 comments on Hacker News.

Microsoft has warned of emerging threats in the Web3 landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick from The Hacker News https://ift.tt/t84Csm6 via IFTTT

Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and is being distributed," South Korean cybersecurity company AhnLab Security Emergency Response Center ( from The Hacker News https://ift.tt/khcvUmg via IFTTT

Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd. <!--adsense--> Tracked from The Hacker News https://ift.tt/1OmXCnf via IFTTT

A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus from The Hacker News https://ift.tt/ViL4RPo via IFTTT

These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're trusting the bulk of their privileged business data to those cloud providers, too. And while most major from The Hacker News https://ift.tt/m5ZxRgA via IFTTT

Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could result in a denial-of-service (DoS) condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 (CVSS score: 7.5), stems from a case of insufficient error handling in DNS name resolution that could from The Hacker News https://ift.tt/H7GYjhf via IFTTT

Adobe on Thursday updated its advisory for an actively exploited zero-day affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. <!--adsense--> Tracked as CVE-2022-24087, the issue – like CVE-2022-24086 – is rated 9.8 on the CVSS vulnerability scoring system and relates to an "Improper Input Validation" bug from The Hacker News https://ift.tt/3Ingcf1 via IFTTT

Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. "Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim's system," threat intelligence firm from The Hacker News https://ift.tt/8DyzBx0 via IFTTT

A new wave of Linux applications 566 by Vinnl | 442 comments on Hacker News.

The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in from The Hacker News https://ift.tt/Mg5nyGD via IFTTT

State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors (CDCs) to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. The sustained espionage campaign is said to have commenced at least two years ago from January 2020, according from The Hacker News https://ift.tt/zyjewIU via IFTTT

Passwordle 529 by snthueoa | 146 comments on Hacker News.

VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition. As of writing, there's no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is as follows – <!--adsense--> from The Hacker News https://ift.tt/fKNQxbe via IFTTT

The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology's "unprecedented level of intrusiveness" that could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very from The Hacker News https://ift.tt/OfPZ1q0 via IFTTT

Lorinda Cherry, author of dc, bc, eqn has died 602 by ggm | 95 comments on Hacker News.

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, from The Hacker News https://ift.tt/PqrJOod via IFTTT

Meta Platforms has agreed to pay $90 million to settle a lawsuit over the company's use of cookies to allegedly track Facebook users' internet activity even after they had logged off from the platform. In addition, the social media company will be required to delete all of the data it illegally collected from those users. The development was first reported by Variety. <!--adsense--> The from The Hacker News https://ift.tt/YyDvurf via IFTTT

Akamai to Acquire Linode 625 by nycdatasci | 232 comments on Hacker News.

Tell HN: I let my 6-year-old daughter design my website 587 by kbst | 114 comments on Hacker News. We had some free time during the Chinese New Year vacation (we live in Taiwan). So I thought it would be fun to work with my daughter on a little web project. She did all the drawings. I digitized them and added them to the page as inline SVGs. Then I wrote the code. Nothing fancy — it's just one HTML page with a few links. But I like the end result (yes, I'm 100% biased): https://kevin.tw Fun technical facts: the page is entirely self-contained (except the favicon). It doesn't have any JavaScript at all. And it weighs 35Kb total (52Kb if you include the favicon).

A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other from The Hacker News https://ift.tt/3UcWqw8 via IFTTT

Ask HN: How to prepare as soon-to-be blind developer? 510 by MathCodeLove | 105 comments on Hacker News. Disclaimer: Not myself, but a good friend of mine is suffering from rapid vision degradation and will be fully blind within a few months. I want to do what I can to help them prepare. Anything from software and tool suggestions to general workflow and tips would all be very much appreciated, thanks!

Show HN: Free and open-source illustrations for your projects 492 by murtaza_alexa | 109 comments on Hacker News.

Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609, is described as a use-after-free vulnerability in the Animation component that, if successfully exploited, from The Hacker News https://ift.tt/EVYaAlX via IFTTT

City Generator 538 by breck | 29 comments on Hacker News.

A simple system I’m using to stay in touch with hundreds of people 498 by jakobgreenfeld | 338 comments on Hacker News.

Spain's National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring masqueraded as trustworthy representatives of banks and other organizations and used traditional phishing from The Hacker News https://ift.tt/BsFqZAv via IFTTT

Technical details have been disclosed regarding a number of security vulnerabilities affecting Moxa's MXview web-based network management system, some of which could be chained by an unauthenticated adversary to achieve remote code execution on unpatched servers. The five security weaknesses "could allow a remote, unauthenticated attacker to execute code on the hosting machine with the highest from The Hacker News https://ift.tt/HNWxQtl via IFTTT

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. Tracked as CVE-2022-24086, the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring system and has been characterized as an "improper input validation" issue that could be weaponized to from The Hacker News https://ift.tt/1FJUjdP via IFTTT

What does it mean to listen on a port? 486 by paulgb | 128 comments on Hacker News.

White hat hacker awarded $2M for fixing ETH-creation bug 456 by cristiandima | 266 comments on Hacker News.

The Factorio Mindset 452 by Ariarule | 337 comments on Hacker News.

Heart-disease risk soars after Covid, even with a mild case 449 by SquibblesRedux | 489 comments on Hacker News.

Newly declassified documents reveal previously secret CIA bulk collection 535 by sneak | 200 comments on Hacker News.

uBlock Origin 1.41 528 by favourable | 180 comments on Hacker News.

Web hacking techniques of 2021 551 by adrianomartins | 49 comments on Hacker News.

Ask HN: What is your “I don't care if this succeeds” project? 551 by JNRowe | 908 comments on Hacker News. Last February there was, in my opinion, a really uplifting thread with the same title¹. I'd like to see all the cool new things going on, and I'll steal the intro text from as89 to explain: One where you don't care if it makes money or gets a lot of attention, but you are working on it regardless. I don't think I mean private hobbies, exactly, but projects that could or will be shared with others - you just don't care about the outcome. ¹ https://ift.tt/ZTFREmu

Key senators have voted for the anti-encryption EARN IT act 661 by buu700 | 273 comments on Hacker News.

A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as "ModifiedElephant," an elusive threat actor that's been operational since at least 2012, whose from The Hacker News https://ift.tt/RQ0TCYm via IFTTT

France to Build Six New Nuclear Reactors 571 by cyrksoft | 286 comments on Hacker News.

French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not " from The Hacker News https://ift.tt/MoXpj14 via IFTTT

Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. <!--adsense--> Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and from The Hacker News https://ift.tt/x5oYsuf via IFTTT

Show HN: EdgeDB 1.0 495 by colinmcd | 201 comments on Hacker News.

The data are clear: The boys are not all right 540 by paulpauper | 1014 comments on Hacker News.

A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts. Dubbed FritzFrog, "the decentralized botnet targets any device that exposes an SSH server — cloud instances, data center servers, routers, etc. — and is capable of running from The Hacker News https://ift.tt/GeUo2Iz via IFTTT

"…well, of course!" is what you might think. It's a biological threat, so how could it affect digital assets? But hang on. Among other effects, this pandemic has brought about a massive shift in several technological areas. Not only did it force numerous organizations - that up to now were reluctant - to gear up in cyber to go digital, all at once, oftentimes with hastily pieced together from The Hacker News https://ift.tt/jXDHNES via IFTTT

Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, healthcare, financial from The Hacker News https://ift.tt/xaMklJu via IFTTT

A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump's Dumps, from The Hacker News https://ift.tt/X0nutIS via IFTTT

Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that's used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems. PHP Everywhere is used to flip the switch on PHP code across WordPress installations, enabling users to insert and execute PHP-based code in the content management from The Hacker News https://ift.tt/9e3vfq7 via IFTTT

Major breakthrough on nuclear fusion energy 607 by playpause | 540 comments on Hacker News.

Apple unveils contactless payments via Tap to Pay on iPhone 616 by todsacerdoti | 504 comments on Hacker News.

SoftBank's Sale of Arm to Nvidia Collapses, Arm to IPO 462 by gaius_baltar | 206 comments on Hacker News.

My seatbelt rule for judgment 468 by dguo | 184 comments on Hacker News.

Gut microbe linked to depression in large health study 438 by pella | 281 comments on Hacker News.

Files – Single-file photo gallery and file manager 510 by john-doe | 175 comments on Hacker News.

J&J tried to get federal judge to block publication of Reuters story 421 by danboarder | 219 comments on Hacker News.

A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time. Dubbed Roaming Mantis, the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android from The Hacker News https://ift.tt/FCNvwKA via IFTTT

You can change your number 582 by feross | 335 comments on Hacker News.

Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric. The ongoing side-by-side infections, facilitated through the same smishing (SMS phishing) infrastructure, involved the overlapping usage of "app names, package names, and similar icons," the Dutch mobile from The Hacker News https://ift.tt/wsuRFgG via IFTTT

The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations' networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations' attack surface and led to a growing number of blind spots in connected architectures. The unforeseen results of this expanded and attack surface with fragmented monitoring from The Hacker News https://ift.tt/aV1vn9E via IFTTT

Microsoft on Monday said it's taking steps to disable Visual Basic for Applications (VBA) macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. "Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, from The Hacker News https://ift.tt/xLmUDQC via IFTTT

Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal Windows from The Hacker News https://ift.tt/oKLxuyM via IFTTT

A politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high "degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth from The Hacker News https://ift.tt/uN5Mz4b via IFTTT

Systems hosting content pertaining to the National Games of China were successfully breached last year by an unnamed Chinese-language-speaking hacking group. Cybersecurity firm Avast, which dissected the intrusion, said that the attackers gained access to a web server 12 days prior to the start of the event on September 3 to drop multiple reverse web shells for remote access and achieve from The Hacker News https://ift.tt/ljRcFsQ via IFTTT

Today's enterprise networks are complex environments with different types of wired and wireless devices being connected and disconnected. The current device discovery solutions have been mainly focused on identifying and monitoring servers, workstation PCs, laptops and infrastructure devices such as network firewalls, switches and routers, because the most valuable information assets of from The Hacker News https://ift.tt/EUVLQ8D via IFTTT

A Chinese advanced persistent threat (APT) group has been targeting Taiwanese financial institutions as part of a "persistent campaign" that lasted for at least 18 months. The intrusions, whose primary intent was espionage, resulted in the deployment of a backdoor called xPack, granting the adversary extensive control over compromised machines, Broadcom-owned Symantec said in a report published from The Hacker News https://ift.tt/RqCoPJT via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882 (CVSS score: 7.0) to the Known Exploited Vulnerabilities Catalog, necessitating that Federal from The Hacker News https://ift.tt/Gp2UBJl via IFTTT

Apple will charge 27% commission for alternative payment systems in Netherlands 521 by walterbell | 868 comments on Hacker News.

Unlearning perfectionism 535 by akprasad | 92 comments on Hacker News.

Ask HN: How do you deal with getting old and feeling lost? 570 by trendingwaifu | 447 comments on Hacker News. I am turning 35 years soon and I feel like I haven't achieved much, both personally and professionally. I have held jobs in small and big companies for mostly for 1-2 years each, traveled and lived in different countries, had 2 failed startups, and have about $500k in savings. I am single and haven't had a serious relationship for many years now. As time went on, I started feeling less excited about everything, personal or work related. I used to be excited about new technologies, but not these days. I feel like I've seen most things before, and it's all just different iterations of the same. I increasingly wish I could go back to my 20s. Now I feel too old to go to festivals, bars and clubs and make new friends that way. This has been a recent change for me. When I was ~30 I still considered myself young and able to do anything I could do when I was in my 2...