Amazing News...

Some Assembly Required: An approachable introduction to assembly 565 by quackduck | 123 comments on Hacker News.

Fresh is a new full stack web framework for Deno 483 by maeln | 224 comments on Hacker News.

Google's Threat Analysis Group (TAG) on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, politicians, and from The Hacker News https://ift.tt/SQvYuN5 via IFTTT

One of the commissioners of the U.S. Federal Communications Commission (FCC) has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently from The Hacker News https://ift.tt/QhW4Xcb via IFTTT

Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively. An old school phenomenon  Shadow IT is not new. There have been countless examples of from The Hacker News https://ift.tt/wOxN4hl via IFTTT

A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate. Sebastien Vachon-Desjardins, who was extradited to the U.S. on March 10, 2022, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to from The Hacker News https://ift.tt/QcaRJ8u via IFTTT

The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week. from The Hacker News https://ift.tt/QtJMHId via IFTTT

Thunderbird 102 705 by moojacob | 384 comments on Hacker News.

Things to know about databases 704 by grech | 240 comments on Hacker News.

Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other from The Hacker News https://ift.tt/bQLa3dY via IFTTT

A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. from The Hacker News https://ift.tt/5w14DQH via IFTTT

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated from The Hacker News https://ift.tt/BQ1n9Zi via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an from The Hacker News https://ift.tt/SZmiWBO via IFTTT

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," from The Hacker News https://ift.tt/W9xvAGF via IFTTT

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.  Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? from The Hacker News https://ift.tt/swfPg8Y via IFTTT

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include from The Hacker News https://ift.tt/3qJigF2 via IFTTT

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. <!--adsense--> Security from The Hacker News https://ift.tt/KpRZn8i via IFTTT

A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware — dubbed Revive by Italian cybersecurity firm Cleafy — was first observed on June 15, 2022 and distributed by means of phishing campaigns. "The name Revive has been chosen since one of the from The Hacker News https://ift.tt/AvoCzyh via IFTTT

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service (DoS) condition, among others.  "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code from The Hacker News https://ift.tt/K5GdV7m via IFTTT

Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool from The Hacker News https://ift.tt/gVmFcG1 via IFTTT

Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that from The Hacker News https://ift.tt/78ojZ5u via IFTTT

A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected from The Hacker News https://ift.tt/BNyHFxp via IFTTT

Life is not short 633 by dbrereton | 373 comments on Hacker News.

Ask HN: GPT-3 reveals my full name – can I do anything? 618 by BoppreH | 287 comments on Hacker News. Alternatively: What's the current status of Personally Identifying Information and language models? I try to hide my real name whenever possible, out of an abundance of caution. You can still find it if you search carefully, but in today's hostile internet I see this kind of soft pseudonymity as my digital personal space, and expect to have it respected. When playing around in GPT-3 I tried making sentences with my username. Imagine my surprise when I see it spitting out my (globally unique, unusual) full name! Looking around, I found a paper that says language models spitting out personal information is a problem[1], a Google blog post that says there's not much that can be done[2], and an article that says OpenAI might automatically replace phone numbers in the future but other types of PII are harder to remove[3]. But nothing on what is actually being done. If I had f...

Enclave: An Unpickable Lock 582 by lisper | 256 comments on Hacker News.

In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework — a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course helps you from The Hacker News https://ift.tt/9CiP56V via IFTTT

SMS phishing is way too easy 496 by ricardbejarano | 253 comments on Hacker News.

What happened to the lab-leak hypothesis? 472 by summoned | 519 comments on Hacker News.

Goodbye Zachtronics 495 by danso | 102 comments on Hacker News.

Tell HN: Brother printers now locking out non-OEM paraphernalia 444 by bbarnett | 258 comments on Hacker News. I recently bought a Brother colour laser printer, with the understanding that OEM toner was not chip-locked. Wanting to update the firmware, and being on Linux, I started to look at ways to do it manually. After finding a few guides to do so manually: https://ift.tt/JBdUav1 https://ift.tt/ZDmO9Fw I decided to poll my printer. I then noticed an OSS/python project to just handle it via a package. However, I noticed this issue: https://ift.tt/ckWAPne Startled, I Googled... and the printer listed is an inkjet. For a second I was relieved, but then started to search for other issues, and found this: https://ift.tt/ajdpfbh Not only is the above, post-sale firwmware update a change of what I understood to be Brother's historical policy, the method is beyond evil. Brother seems to be apparently accepting the ink, but then purposefully making the print quality poorer. I literall...

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as from The Hacker News https://ift.tt/Na9W8xZ via IFTTT

A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, from The Hacker News https://ift.tt/ReXNCvu via IFTTT

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities from The Hacker News https://ift.tt/7i4Xc6p via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, from The Hacker News https://ift.tt/1UuafkW via IFTTT

Italian watchdog bans use of Google Analytics 613 by giuliomagnifico | 354 comments on Hacker News.

Cloudflare had a partial outage 719 by rkwasny | 420 comments on Hacker News.

The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a report from Politico. from The Hacker News https://ift.tt/zsegAvk via IFTTT

When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report.  The survey report, from The Hacker News https://ift.tt/YW79Iq3 via IFTTT

The Grug Brained Developer 807 by huimang | 290 comments on Hacker News.

A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity from The Hacker News https://ift.tt/m2kShnb via IFTTT

QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an from The Hacker News https://ift.tt/ykGMmQi via IFTTT

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a from The Hacker News https://ift.tt/u8rkYDj via IFTTT

The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism from The Hacker News https://ift.tt/XlvPoyR via IFTTT

GitHub Copilot is generally available 791 by sammorrowdrums | 672 comments on Hacker News.

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis from The Hacker News https://ift.tt/fsdAvLz via IFTTT

Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and from The Hacker News https://ift.tt/xOlN8MJ via IFTTT

The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in from The Hacker News https://ift.tt/Xf0TQ6S via IFTTT

Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge for organizations everywhere. 2021 was a case study in ransomware due to the wide variety of attacks, significant financial and economic impact, and diverse ways that organizations responded. These attacks should be seen as a from The Hacker News https://ift.tt/GT6VQYw via IFTTT

A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected from The Hacker News https://ift.tt/zK6qOFW via IFTTT

A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory from The Hacker News https://ift.tt/SYnOqiF via IFTTT

Contra Wirecutter on the IKEA air purifier 710 by Ariarule | 353 comments on Hacker News.

We are removing the option to create new subscriptions 687 by mritzmann | 214 comments on Hacker News.

Webcams aren't good enough 662 by 6581 | 552 comments on Hacker News.

Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current from The Hacker News https://ift.tt/xWPYD5H via IFTTT

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to from The Hacker News https://ift.tt/NxoyuM7 via IFTTT

The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which from The Hacker News https://ift.tt/Brn7dCE via IFTTT

Show HN: A central bank simulator game with a realistic economic model 634 by BenoitEssiambre | 251 comments on Hacker News.

Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution from The Hacker News https://ift.tt/zReBkU7 via IFTTT

In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides services to over 70,000 organizations in 150 from The Hacker News https://ift.tt/DwRMflk via IFTTT

The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things ( from The Hacker News https://ift.tt/WIOJD4p via IFTTT

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner from The Hacker News https://ift.tt/kWgBFvy via IFTTT

A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks from The Hacker News https://ift.tt/EBMUCjk via IFTTT

WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild. The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in 3.0.34.2, 3.1.10, 3.2.28, from The Hacker News https://ift.tt/QbBwMFr via IFTTT

Tell HN: Triplebyte is, yet again, making user profiles public without consent? 558 by teraflop | 114 comments on Hacker News. Triplebyte (YC S15) is a tech recruiting company that operates by getting developers to take skill tests, and then using the results to match them with employers. Back in 2020, they got in a lot of hot water by suddenly announcing that user profiles -- which had been collected with assurances that the data wouldn't be shared without consent -- would be made public, unless you opted out within a week[1]. This provoked a lot of backlash, especially since the CEO seemed totally oblivious to the privacy concerns[2]. After a lot of angry comments, he publicly apologized and reversed course[3]. Then in 2021, some users started once again being notified that their profiles were automatically being made public[4]. This time, it was explained away as an "oversight" related to the fact that previously, opt-outs weren't permanent but had a hidden expi...

Despite best efforts .NET is still not an open platform 547 by exyi | 457 comments on Hacker News.

Tauri 1.0 – Electron Alternative Powered by Rust 603 by Uninen | 187 comments on Hacker News.

Tell HN: Banned from LinkedIn for Reporting Wickr Drug Spam 523 by silent_speech | 159 comments on Hacker News. It made the news recently that Wickr (Amazon owned E2EE chat app) is full of illegal imagery. I read about this on my LinkedIn feed then decided to search for "Wickr" there to see who else was talking about this. The search returned dozens of spam messages offering drugs in Asia and the US with information to contact on Wickr for price. I reported these drug spam posts to LinkedIn - which is supposedly an anonymous report. Next day I got a flood of reports on my own comments (nothing to do with that topic), so many I didn't bother to appeal as I had other things to do. Few hours later my account was down. Seems that for retaliation the drug network decided to find me out and use their accounts to subvert LinkedIn's policy and ensure I can't stop their spam. They have new spam up now while my account is gone. No good deed goes unpunished I guess.

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, carrying out credential theft and lateral movement activities, before harvesting intellectual property and dropping the from The Hacker News https://ift.tt/TPF1pER via IFTTT

A "dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack makes it possible to launch file-encrypting malware to "encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable from The Hacker News https://ift.tt/AdVu8Cg via IFTTT

For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the from The Hacker News https://ift.tt/riVMIsX via IFTTT

Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called "AutoType." It was patched by the project maintainers in  from The Hacker News https://ift.tt/jrH1Ew3 via IFTTT

A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot. The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor from The Hacker News https://ift.tt/1MKRDu4 via IFTTT

Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication. Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper from The Hacker News https://ift.tt/mrjza1y via IFTTT

Breaches don't just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact, 43% of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses (83%), however, don't have the financial resources to recover if they from The Hacker News https://ift.tt/chlSOUG via IFTTT

Firefox rolls out Total Cookie Protection by default to all users 568 by BoumTAC | 236 comments on Hacker News.

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal from The Hacker News https://ift.tt/XDQGKu6 via IFTTT

In 2017, The Australian Cyber Security Center (ACSC) published a set of mitigation strategies that were designed to help organizations to protect themselves against cyber security incidents. These strategies, which became known as the Essential Eight, are designed specifically for use on Windows networks, although variations of these strategies are commonly applied to other platforms. What is from The Hacker News https://ift.tt/LSr5Bm4 via IFTTT

Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client from The Hacker News https://ift.tt/HmhnovO via IFTTT

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other from The Hacker News https://ift.tt/g9L06su via IFTTT

A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet. "The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect," Avast security from The Hacker News https://ift.tt/lpM4IbJ via IFTTT

Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products," Zscaler's Romain Dumont from The Hacker News https://ift.tt/bxhYKNj via IFTTT

A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, the cluster of activity "hint[s] to a strong relationship with a Chinese-speaking entity yet to be from The Hacker News https://ift.tt/DoMRUC6 via IFTTT

A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications, from The Hacker News https://ift.tt/cL16Ta0 via IFTTT

Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May from The Hacker News https://ift.tt/tJA4C9z via IFTTT

BPFDoor isn't new to the cyberattack game — in fact, it's gone undetected for years — but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented. What's BPFDoor? BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit from The Hacker News https://ift.tt/TpFcar9 via IFTTT

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based from The Hacker News https://ift.tt/fDWoqKh via IFTTT

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. " from The Hacker News https://ift.tt/YnBAQKa via IFTTT

DNS Toys 715 by edent | 74 comments on Hacker News.

MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips 671 by markus_zhang | 166 comments on Hacker News.

If OpenSSL were a GUI 645 by soheilpro | 210 comments on Hacker News.

A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT from The Hacker News https://ift.tt/0v53zWT via IFTTT

Microsoft will include pay ranges in all U.S. job postings 600 by blue_box | 288 comments on Hacker News.

“Code” 2nd Edition 620 by emme | 129 comments on Hacker News.

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer from The Hacker News https://ift.tt/mrKY5ER via IFTTT

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. "As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim from The Hacker News https://ift.tt/TLB075I via IFTTT

As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security from The Hacker News https://ift.tt/TFRrSk5 via IFTTT

Find a good available .com domain 573 by Tomte | 244 comments on Hacker News.

Welcome to the M1 Windows project 575 by giuliomagnifico | 246 comments on Hacker News.

I've locked myself out of my digital life 702 by edent | 480 comments on Hacker News.

EU reaches deal to make USB-C a common charger for most electronic devices 574 by geox | 956 comments on Hacker News.

Deepfake Offensive Toolkit (real-time deepfakes for virtual cameras) 530 by draugadrotten | 316 comments on Hacker News.

Tools for Better Thinking 778 by andsoitis | 67 comments on Hacker News.

Apple Unveils M2 588 by yottabyte47 | 740 comments on Hacker News.

An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. The issue — referenced as DogWalk — relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a potential target opens a from The Hacker News https://ift.tt/YCnvILA via IFTTT

U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) from The Hacker News https://ift.tt/e69nE48 via IFTTT

An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue. The action from The Hacker News https://ift.tt/H4WjGn1 via IFTTT

Apple Passkey 760 by samwillis | 358 comments on Hacker News.

The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019. "These actors have shifted away from using exclusive ransomware variants to LockBit — a well-known ransomware as a service (RaaS) — from The Hacker News https://ift.tt/lsvnV6r via IFTTT

Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year.  May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January. Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for from The Hacker News https://ift.tt/9wK3Bq8 via IFTTT

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up. SVCReady is said to be in its early stage of development, with the from The Hacker News https://ift.tt/zckBaxh via IFTTT

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a from The Hacker News https://ift.tt/kqras6u via IFTTT

10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf - Mon Compte, Postepay, and BBVA México. These apps alone from The Hacker News https://ift.tt/GLZjbRJ via IFTTT

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as from The Hacker News https://ift.tt/ygdsOIx via IFTTT

Microsoft's Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India. <!--adsense--> "Bohrium actors create fake from The Hacker News https://ift.tt/LFsCkoT via IFTTT

"Shifting (security)" left approach in Software Development Life Cycle (SDLC) means starting security earlier in the process. As organizations realized that software never comes out perfectly and are riddled with many exploitable holes, bugs, and business logic vulnerabilities that require going back to fix and patch, they understood that building secure software requires incorporating and from The Hacker News https://ift.tt/PtxXq7M via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing (NGS) software. Three of the flaws are rated 10 out of 10 for severity on the Common Vulnerability Scoring System (CVSS), with two others having severity ratings of 9.1 and 7.4. The issues from The Hacker News https://ift.tt/nVK5hxj via IFTTT

A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190 (CVSS score: 7.8). No less than 1,000 phishing messages from The Hacker News https://ift.tt/JyCiv4f via IFTTT