Amazing News...

I'm a scam prevention expert and I got scammed 566 by matiskay | 398 comments on Hacker News.

Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously. Tracked as CVE-2022-22675, from The Hacker News https://ift.tt/28d6gio via IFTTT

The smallest and worst HDMI display 536 by todsacerdoti | 94 comments on Hacker News.

Visa's marketing opt-out has been down for over a week. Is this a legal issue? 523 by robertwiblin | 144 comments on Hacker News.

$625M worth of ETH drained on Axie Infinity's Ronin Network 554 by colesantiago | 710 comments on Hacker News.

Hackers gaining power of subpoena via fake “emergency data requests” 537 by todsacerdoti | 361 comments on Hacker News.

A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit (JDK) versions 9 and later and is a bypass for another from The Hacker News https://ift.tt/rjdy3f5 via IFTTT

The Uselessness of Phenylephrine 607 by hprotagonist | 503 comments on Hacker News.

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company said in an advisory published on March 29, 2022. "If exploited, the vulnerability allows from The Hacker News https://ift.tt/M7xSZcA via IFTTT

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as of writing – posting images of extracted data and credentials belonging to the company's DevOps from The Hacker News https://ift.tt/VWatCT9 via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DoE) are jointly warning of attacks against internet-connected uninterruptible power supply (UPS) devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are from The Hacker News https://ift.tt/oWkwDMt via IFTTT

SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as CVE-2022-22274 (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that from The Hacker News https://ift.tt/S2H3Zcz via IFTTT

FTC sues Intuit for its deceptive TurboTax “free” filing campaign 760 by Kesseki | 353 comments on Hacker News.

Difftastic: A diff that understands syntax 703 by tempodox | 170 comments on Hacker News.

Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal from The Hacker News https://ift.tt/sqgO5J2 via IFTTT

I wasted $40k on a fantastic startup idea (2020) 547 by webmaven | 306 comments on Hacker News.

An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," from The Hacker News https://ift.tt/V64Merj via IFTTT

Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar. Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits from The Hacker News https://ift.tt/ArXKeLD via IFTTT

A threat actor dubbed "RED-LILI" has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules. "Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks," Israeli security company Checkmarx said. "As it seems this time, the attacker has fully-automated the process from The Hacker News https://ift.tt/L47B0yJ via IFTTT

An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. In a set of screenshots posted on Twitter, Bill Demirkapi published a two-page "intrusion timeline" allegedly prepared by Mandiant, the cybersecurity firm hired by from The Hacker News https://ift.tt/GVfKkMZ via IFTTT

Applebee’s exec urges using high gas prices to push lower wages, sparks walkout 538 by Geekette | 550 comments on Hacker News.

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with from The Hacker News https://ift.tt/FysmcuG via IFTTT

You don't like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes. Their IP address will never be exposed directly to the target's machine. Cybercriminals will always use third-party IP addresses to deliver their attacks. There are from The Hacker News https://ift.tt/TZu8zRw via IFTTT

Show HN: I'm writing a free book called Computer Networks from Scratch 632 by sarchertech | 118 comments on Hacker News.

The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report published on from The Hacker News https://ift.tt/kyDLxAN via IFTTT

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The from The Hacker News https://ift.tt/uV56ljG via IFTTT

Mourning loss as a remote team 663 by asyncscrum | 207 comments on Hacker News.

The U.S. Federal Communications Commission (FCC) on Friday moved to add Russian cybersecurity company Kaspersky Lab to the "Covered List" of companies that pose an "unacceptable risk to the national security" of the country. The development marks the first time a Russian entity has been added to the list that's been otherwise dominated by Chinese telecommunications firms. Also added alongside from The Hacker News https://ift.tt/2Z1rnvz via IFTTT

A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine from The Hacker News https://ift.tt/d8qK7Tl via IFTTT

Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022. Type confusion errors, from The Hacker News https://ift.tt/48cIhdu via IFTTT

I built a receipt printer for GitHub issues 554 by horsellama | 126 comments on Hacker News.

Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations from The Hacker News https://ift.tt/sFQZk6H via IFTTT

MDN Plus 511 by sendilkumarn | 256 comments on Hacker News.

Nintendo Switch prevents downgrades by irreparably blowing its own fuses (2020) 519 by lord_sudo | 475 comments on Hacker News.

Folding bicycle small enough to fit in hand luggage 522 by bwindels | 405 comments on Hacker News.

Hyper-realistic digital humans in Unity 504 by Naracion | 300 comments on Hacker News.

Ask HN: Who operates at scale without containers? 578 by disintegore | 425 comments on Hacker News. In other words, who runs operations at a scale where distributed systems are absolutely necessary, without using any sort of container runtime or container orchestration tool? If so, what does their technology stack look like? Are you aware of any good blog posts? edit : While I do appreciate all the replies, I'd like to know if there are any organizations out there who operate at web scale without relying on the specific practice of shipping software with heaps of dependencies. Whether that be in a container or in a single-use VM. Thank you in advance and sorry for the confusion.

Start Self Hosting 620 by quaintdev | 365 comments on Hacker News.

A one in a million bug in Switch kernel 588 by vedanshbhartia | 72 comments on Hacker News.

Web3 is centralized and inefficient 535 by neelc | 453 comments on Hacker News.

A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021. "Most from The Hacker News https://ift.tt/FdVbWgB via IFTTT

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "feature-rich, multi-platform malware family that uses public cloud from The Hacker News https://ift.tt/FRNhQpX via IFTTT

A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions. XDR has been referred to as the next step in the evolution of Endpoint from The Hacker News https://ift.tt/QZw86sE via IFTTT

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.  According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using the same from The Hacker News https://ift.tt/7k3apAy via IFTTT

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. "No customer code or data was involved in the observed activities," Microsoft's Threat Intelligence Center (MSTIC) said, adding that from The Hacker News https://ift.tt/VNGmpRA via IFTTT

Hackers claim to have breached Okta systems 517 by obi1kenobi | 176 comments on Hacker News.

Please put units in names 748 by todsacerdoti | 391 comments on Hacker News.

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options from The Hacker News https://ift.tt/dzyZI3a via IFTTT

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the victimology patterns from The Hacker News https://ift.tt/8BkK1Eg via IFTTT

Windows needs a change in priorities 719 by dend | 513 comments on Hacker News.

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. Cybersecurity company Sophos, which has named the organized crime campaign "CryptoRom," characterized it as a wide-ranging global scam. "This style of from The Hacker News https://ift.tt/Gf4QXRH via IFTTT

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by  from The Hacker News https://ift.tt/jwEfN4K via IFTTT

H.264 is Magic (2016) 702 by pcr910303 | 215 comments on Hacker News.

First images from James Webb telescope exceed expectations 692 by mooreds | 223 comments on Hacker News.

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker from The Hacker News https://ift.tt/lmkts45 via IFTTT

An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it's typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel from The Hacker News https://ift.tt/zShUtDi via IFTTT

Google's Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) as part of from The Hacker News https://ift.tt/Md1F8ec via IFTTT

The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation," Avast researcher Martin Chlumecký said in a report published Wednesday. "One worm from The Hacker News https://ift.tt/jF2VKnP via IFTTT

As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully from The Hacker News https://ift.tt/nD0vApe via IFTTT

How our free plan stays free 589 by tosh | 168 comments on Hacker News.

Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. "By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds from The Hacker News https://ift.tt/rG3SAgl via IFTTT

The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of from The Hacker News https://ift.tt/bYhzD8g via IFTTT

A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods," CrowdStrike from The Hacker News https://ift.tt/37msekL via IFTTT

Go 1.18 521 by mjlee | 325 comments on Hacker News.

US Senate votes unanimously to make daylight savings time permanent 1110 by enraged_camel | 1539 comments on Hacker News.

DigitalOcean acquires CSS-tricks 541 by nilsandrey | 140 comments on Hacker News.

Cities should not pay for new stadiums 527 by droptablemain | 498 comments on Hacker News.

Microsoft is testing ads in the Windows 11 File Explorer 474 by DemiGuru | 485 comments on Hacker News.

Vanced has been discontinued 484 by nixass | 397 comments on Hacker News.

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the from The Hacker News https://ift.tt/SwVxWBJ via IFTTT

Why is it hard to buy things that work well? 565 by davidmckenna | 339 comments on Hacker News.

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper "CaddyWiper," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (" from The Hacker News https://ift.tt/71saxLJ via IFTTT

Medical student surgically implants Bluetooth into own ear to cheat in final 551 by softwarebeware | 422 comments on Hacker News.

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel National Cyber Directorate (INCD) said in a tweet. "As a result, access to several websites, among them from The Hacker News https://ift.tt/v6q5lHp via IFTTT

Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x," the company from The Hacker News https://ift.tt/FalWtG9 via IFTTT

French video game company Ubisoft on Friday confirmed it was a victim of a "cyber security incident," causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. "Also, we can confirm that all our games and services from The Hacker News https://ift.tt/judGaOF via IFTTT

As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it's not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited resources. For systems administrators finding the time and resources to mitigate against a growing from The Hacker News https://ift.tt/DM7j5rl via IFTTT

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of from The Hacker News https://ift.tt/LqXvmub via IFTTT

A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter from The Hacker News https://ift.tt/jwOLc25 via IFTTT

Veloren is a multiplayer voxel RPG written in Rust 516 by albertzeyer | 102 comments on Hacker News.

New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline," Pablo Rincón Crespo of Cylera Labs said. "If Kwampirs is from The Hacker News https://ift.tt/9Gn2Dhv via IFTTT

Finland starts much-delayed nuclear plant, brings respite to power market 493 by hhs | 266 comments on Hacker News.

Teaching is a slow process of becoming everything you hate 559 by dynm | 352 comments on Hacker News.

Inspecting Web Views in macOS 492 by ansh_nanda | 133 comments on Hacker News.

Apple AirTags draining battery of devices close by 484 by dewey | 263 comments on Hacker News.

Tradle 463 by tantalor | 89 comments on Hacker News.

f.lux 471 by graderjs | 195 comments on Hacker News.

Israel passes law denying naturalization to Palestinian spouses 543 by croes | 575 comments on Hacker News.

uBlock Origin becomes top addon on Firefox 581 by nixcraft | 263 comments on Hacker News.

Twitter is now available on Tor 492 by pcaversaccio | 3 comments on Hacker News.

China's state media buys Meta ads pushing Russia's line on war 430 by sofixa | 391 comments on Hacker News.

Bugs in Hello World 511 by sizediterable | 246 comments on Hacker News.

Static torrent website with peer-to-peer queries over BitTorrent on 2M records 557 by voigt | 97 comments on Hacker News.

The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive from The Hacker News https://ift.tt/7oqsMRf via IFTTT

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique  from The Hacker News https://ift.tt/Xmqg048 via IFTTT

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence with a total of approximately 130,000 unique bots from The Hacker News https://ift.tt/k4F9pGC via IFTTT

Some tiny personal programs I've written 609 by atg_abhishek | 250 comments on Hacker News.

The day Steve Jobs dissed me in a keynote (2010) 586 by graderjs | 382 comments on Hacker News.

The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.  Just as it wasn’t raining when Noah built the ark, companies must face the fact from The Hacker News https://ift.tt/UIERN5f via IFTTT

APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application (CVE-2021-44207) as well as the now infamous zero-day in from The Hacker News https://ift.tt/xdDwsgZ via IFTTT

Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu said the shortcomings, when chained together, can lead to "an unauthenticated attacker gaining root on these devices." Pascom Cloud Phone System is an from The Hacker News https://ift.tt/v6mBUQw via IFTTT

Microsoft's Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as actively exploited, three of them are publicly known from The Hacker News https://ift.tt/7s0ELHD via IFTTT

The new silent majority: People who don't tweet 551 by laurex | 567 comments on Hacker News.

Apple Mac Studio 525 by 0xedb | 523 comments on Hacker News.

Apple M1 Ultra 520 by davidbarker | 402 comments on Hacker News.

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware. The variety of devices affected includes HP's laptops, desktops, point-of-sale from The Hacker News https://ift.tt/xuJrUS0 via IFTTT

Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. "This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer," Orca Security researcher Yanir from The Hacker News https://ift.tt/HVXQTlh via IFTTT

Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by knowing the IP from The Hacker News https://ift.tt/JVXdhfO via IFTTT

Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target's attack surface for gaps that can be used as entry points. So, the first line from The Hacker News https://ift.tt/Mt9vox5 via IFTTT

The campaign to shut down YouTube-dl continues 541 by DiabloD3 | 167 comments on Hacker News.

Ukraine's Computer Emergency Response Team (CERT-UA) warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. The agency cautioned that the emails arrive with the subject line "Увага" (meaning "Attention") and claim to be from a from The Hacker News https://ift.tt/7nvAUCZ via IFTTT

My lizard brain is no match for infinite scroll 527 by otras | 295 comments on Hacker News.

The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app. SharkBot, like its malware counterparts TeaBot, FluBot, and Oscorp (UBEL), belongs to a category of financial trojans capable of siphoning credentials to initiate money transfers from compromised devices by circumventing from The Hacker News https://ift.tt/XdZIiFP via IFTTT

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the from The Hacker News https://ift.tt/bsjR2Hi via IFTTT

Moscow police officers stop people, request their phones to read their messages 487 by mudro_zboris | 242 comments on Hacker News.

Modern smartphone lenses are crazy 459 by luu | 151 comments on Hacker News.

Native Matrix VoIP with Element Call 438 by Sami_Lehtinen | 106 comments on Hacker News.