Amazing News...

The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The findings from The Hacker News https://ift.tt/E8wfNcD via IFTTT

Google Timer is gone 495 by wuschel | 282 comments on Hacker News.

Tabler: Free and open source dashboard HTML/CSS framework 515 by jakearmitage | 85 comments on Hacker News.

Kitsault, Canada’s $50M 1980s ghost town 517 by annapowellsmith | 171 comments on Hacker News.

US regulators will certify first small nuclear reactor design 548 by papa-whisky | 338 comments on Hacker News.

Image via Keeper Right Now, Get 30% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it’s no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest exploits is cracking a weak password. That’s why using a strong, unique from The Hacker News https://ift.tt/KUdje1h via IFTTT

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via from The Hacker News https://ift.tt/EyrwpJX via IFTTT

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name  from The Hacker News https://ift.tt/CwaORnX via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center from The Hacker News https://ift.tt/Ep2vYgy via IFTTT

How far can you go by train in 5h? 494 by mritzmann | 328 comments on Hacker News.

Twenty years of Valgrind 612 by nnethercote | 112 comments on Hacker News.

Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to from The Hacker News https://ift.tt/kUOLSlx via IFTTT

A little trick to spam the spammers (2021) 424 by sodimel | 221 comments on Hacker News.

A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain from The Hacker News https://ift.tt/TagHlN2 via IFTTT

Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, said. from The Hacker News https://ift.tt/m0YO4DX via IFTTT

With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The Hacker News. In its from The Hacker News https://ift.tt/QH7Vc5O via IFTTT

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the from The Hacker News https://ift.tt/mlCMPSB via IFTTT

MSSPs must find ways to balance the need to please existing customers, add new ones, and deliver high-margin services against their internal budget constraints and the need to maintain high employee morale.In an environment where there are thousands of potential alerts each day and cyberattacks are growing rapidly in frequency and sophistication, this isn’t an easy balance to maintain. Customers from The Hacker News https://ift.tt/LiyQCOY via IFTTT

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity from The Hacker News https://ift.tt/GNJvh1r via IFTTT

The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected systems. Tracked as CVE-2022-26305, the issue has been described as a case of improper certificate validation when checking whether a macro is signed by a trusted author, leading to the execution of from The Hacker News https://ift.tt/6QR4V0u via IFTTT

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or from The Hacker News https://ift.tt/5F6P1bV via IFTTT

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While masquerading as innocuous from The Hacker News https://ift.tt/PaYJcFo via IFTTT

Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation.  "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure from The Hacker News https://ift.tt/UFJK8W0 via IFTTT

Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or from The Hacker News https://ift.tt/iPjcogD via IFTTT

Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target from The Hacker News https://ift.tt/sJUbDAz via IFTTT

Tesla ransoms car owner remotely by cutting 1/3 of their range 769 by noasaservice | 537 comments on Hacker News.

Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what's the very first ransomware bug bounty program, from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/IChm5iJ via IFTTT

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report, for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/efO7mVv via IFTTT

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/yuqeIsd via IFTTT

Emoji Kitchen 680 by liberia | 146 comments on Hacker News.

FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/F1a7uTb via IFTTT

An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Security Emergency Response Center (ASEC) said in a report published last week. Amadey, a from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/nONdV2B via IFTTT

Two weeks in, the Webb Space Telescope is reshaping astronomy 657 by theafh | 393 comments on Hacker News.

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/hwEctAa via IFTTT

Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/y98TsNB via IFTTT

An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today. "This suggests that a common from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/vHX4nAe via IFTTT

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web. "The online ordering platforms MenuDrive and Harbortouch from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/UGrOzM2 via IFTTT

The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/tLaKHjw via IFTTT

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/f1I8bJT via IFTTT

Standard Ebooks 636 by tosh | 107 comments on Hacker News.

Amazon sales of Deep Learning with Python are counterfeit 587 by jmillikin | 179 comments on Hacker News.

More invested in nuclear fusion in last 12 months than past decade 579 by bilsbie | 453 comments on Hacker News.

We're going to need a lot of solar panels 746 by lionheart | 744 comments on Hacker News.

Hertz paid Accenture $32M for a website that never went live (2019) 598 by sogen | 392 comments on Hacker News.

Potential fabrication in research threatens the amyloid theory of Alzheimer’s 573 by panabee | 234 comments on Hacker News.

Why we ignore thousands of daily car crashes 776 by oftenwrong | 965 comments on Hacker News.

Former Coinbase PM charged in cryptocurrency insider trading tipping scheme 686 by tempsy | 417 comments on Hacker News.

Cheap junk flooding Amazon has brand names like MOFFBUZW 828 by rafaelm | 390 comments on Hacker News.

Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/4ftpcSI via IFTTT

Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/7uJ1RXg via IFTTT

Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/En7P0B1 via IFTTT

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/0MOcoYE via IFTTT

Ask HN: What are some cool but obscure data structures you know about? 733 by Uptrenda | 350 comments on Hacker News. I'm very interested in what types of interesting data structures are out there HN. Totally your preference. I'll start: bloom filters. Lets you test if a value is definitely NOT in a list of pre-stored values (or POSSIBLY in a list - with adjustable probability that influences storage of the values.) Good use-case: routing. Say you have a list of 1 million IPs that are black listed. A trivial algorithm would be to compare every element of the set with a given IP. The time complexity grows with the number of elements. Not so with a bloom filter! A bloom filter is one of the few data structures whose time complexity does not grow with the number of elements due to the 'keys' not needing to be stored ('search' and 'insert' is based on the number of hash functions.) Bonus section: Golomb Coded Sets are similar to bloom filters but the stor...

Tell HN: You can't hire because you don't post salary ranges 713 by Carrok | 377 comments on Hacker News. At the start of this year, Colorado has changed to require every job posted to list a salary range. Other states are also beginning to follow suit. I am currently job hunting. I started looking locally, everything lists salary ranges, perfect. I can know which positions to skip and which ones might be a good match right away. No need to waste time with 7 rounds of interviewing only to find out the salary is 50% of what I currently make. Now I've begun widening my search to remote work, as the idea of commuting to an office in 2022 is completely insane to me. Most jobs on nation-wide job boards do not post a salary range. I will not even click on those job postings. It's simply not worth it. Further, after seeing so many positions listed _with_ salary ranges, when I see one without a salary range it makes me feel like you have something to hide and are trying to t...

I Regret my Website Redesign 753 by mtlynch | 341 comments on Hacker News.

Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/7j50I38 via IFTTT

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/Khj54uk via IFTTT

Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems. Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity.  The most severe of the issues are CVE-2022-20857, CVE-2022-20858, from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/4RvUszg via IFTTT

Google on Tuesday officially announced support for DNS-over-HTTP/3 (DoH3) for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS (DoT), which was incorporated into the mobile operating system with Android 9.0. DoH3 is also an alternative to from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/LTAlbI5 via IFTTT

Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it's called, is "fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption. "Both the Linux and ESXi from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/gwYIdJH via IFTTT

The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne  from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/ZJl7Cnb via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/5jA9nxG via IFTTT

The Great Resignation – or the Great Reshuffle as some are calling it – and the growing skills gap have been dominating headlines lately. But these issues aren't new to the cybersecurity industry. While many are just now hearing about employee burnout, security teams have faced reality and serious consequences of burnout for years.  One of the biggest culprits? Alert overload.  The average from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/DaHoVpN via IFTTT

Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/a37IQb4 via IFTTT

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022," Palo Alto Networks Unit 42 said in a Tuesday from The Hacker News - Most Trusted Cyber Security and Computer Security Analysis https://ift.tt/Z8brD3h via IFTTT

Soft deletion probably isn't worth it 510 by lfittl | 373 comments on Hacker News.

New documents reveal scale of US Government’s cell phone location data tracking 442 by DamnInteresting | 205 comments on Hacker News.

Glassdoor not so anonymous 511 by Mandatum | 243 comments on Hacker News.

Blue Zones, where people reach age 100 at 10 times greater rates 418 by ivanvas | 248 comments on Hacker News.

The U.S. Federal Bureau of Investigation (FBI) has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals from The Hacker News - Cybersecurity News and Analysis https://ift.tt/dVglnLI via IFTTT

Iceland’s forest and bush cover has increased sixfold since 1990 397 by toto444 | 255 comments on Hacker News.

Ask HN: I love programming but hate the industry. Can anyone relate? 385 by DanUKs | 293 comments on Hacker News. I love building and working - always have, always will. I've been programming for nearly 10 years, 5 of those professionally but the industry is literally destroying my soul and it has recently become crippling. I've been in all kinds of jobs, from start-ups to massive corporate companies. I'm forever building my own side projects as I love it, as well as love the idea of making my own living but as you all know, side hustles don't make money over night. I'm currently in a great job. By great job I mean, the money is really good, there's room to grow and the opportunities are endless... Yet I can't bare it. I can't bare the devs that go out of their way to work weekends without being asked, I can't bare the endless meetings, constant micromanagement, bringing the stress home to my family. I don't know where or who to turn to. Can a...

Tell HN: Internet Archive is facing a Big 4 Publishers lawsuit 438 by antiverse | 122 comments on Hacker News. Not sure why this isn't more prominently highlighted, but this is a very culturally significant project and a custodian of a tremendous amount of Internet and WWW-oriented history. I would imagine HN would put this at the forefront of the discussions happening here. I'm not affiliated, but I am a concerned netizen. All of us here have benefited from The IA. Please help raise awareness as to what is happening. Read more here, and elsewhere - https://ift.tt/8lxbaIA > In June 2020, four major publishers—John Wiley & Sons and three of the big five US publishers, Hachette Book Group, HarperCollins and Penguin Random House—filed a lawsuit against the Internet Archive, claiming the non-profit organization, “is engaged in willful mass copyright infringement.” > The lawsuit stems from the corporate publishers response to an innovative temporary initiative launched ...

Killbutmakeitlooklikeanaccident.sh 367 by app4soft | 147 comments on Hacker News.

FCC proposes to increase minimum broadband speeds to 100 Mbps 366 by happyopossum | 285 comments on Hacker News.

10% of the top million sites are dead 370 by Soupy | 136 comments on Hacker News.

Show HN: tere – A Faster Alternative to cd+ls 366 by mgunyho | 194 comments on Hacker News. Hi HN! I wrote a small program to browse folders in the terminal. The main inspiration was type-ahead search in GUI file managers. There exist several programs that are similar (see the listing in the README), but none of them do it quite the way I like, and often they have a very complex UI and a ton of features. I tried to make something that is obvious how to use and gets out of your way. (I also wanted an excuse to learn Rust.) Let me know what you think!

George Orwell’s 1940 Review of Mein Kampf 404 by Edmond | 452 comments on Hacker News.

It’s time to make that indie C# game in Godot 424 by proxybop | 220 comments on Hacker News.

Unity is acquiring a company who made a malware installer 434 by doener | 123 comments on Hacker News.

Show HN: I built an app for when I talk too much in online meetings 433 by interleave | 189 comments on Hacker News. Hey HN! Alexis here, I’m a product manager and software developer in Berlin by way of New York. I want to show you this app I made – It’s like a "buddy" for those, like myself, who inadvertedly talk too much in meetings. The app gives me feedback and a little more in control of what I have influence over by: * Keeping track of how long I’ve been speaking * Catching myself before I talk too much * Developing a better sense of timing I truly love having conversations with people in real-life. But online meetings, especially group calls, tend to make me nervous. I can't read body language. The tone of voice, micro-experessions and social cues get lost. If you, too, accidentally talk too much too often, check it out "Unblah". Watch the quick 2-minute demo and download the macOS app over at https://unblah.me/ . Cheers! Alexis PS: There’s a whole FAQ...

Woman ‘dehumanised’ by viral TikTok filmed without her consent 692 by phs318u | 601 comments on Hacker News.

DNS Esoterica – Why you can't dig Switzerland 690 by edent | 111 comments on Hacker News.

Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition from The Hacker News https://ift.tt/7xRGUvg via IFTTT

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo from The Hacker News https://ift.tt/LOdhxsp via IFTTT

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.  "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an from The Hacker News https://ift.tt/J08XzYt via IFTTT

New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy (however “normal” may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021. from The Hacker News https://ift.tt/XjwrtM9 via IFTTT

A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers said. "The attacker knows this from The Hacker News https://ift.tt/7UXxbju via IFTTT

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a from The Hacker News https://ift.tt/zpMqiAa via IFTTT

Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also faces a separate trial on charges related to from The Hacker News https://ift.tt/LbUT1se via IFTTT

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated from The Hacker News https://ift.tt/nq0bIuv via IFTTT

Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the situation may not be hopeless. There are some things that IT pros can do to improve the chances of from The Hacker News https://ift.tt/vFoNisE via IFTTT

Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional from The Hacker News https://ift.tt/BukEpol via IFTTT

Amazon admits giving police Ring camera footage without consent 772 by Pakdef | 457 comments on Hacker News.

The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. from The Hacker News https://ift.tt/PIY1bys via IFTTT

Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter from The Hacker News https://ift.tt/zXTHQPr via IFTTT

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz from The Hacker News https://ift.tt/IjOqPfa via IFTTT

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one from The Hacker News https://ift.tt/BKiE4Ff via IFTTT

Compare Webb's Images to Hubble 734 by hexomancer | 127 comments on Hacker News.

James Webb first images – complete set of high resolution shots now live 706 by crhulls | 292 comments on Hacker News.

Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch, comes a day after the Italian data protection authority — the Garante per la Protezione dei Dati Personali — warned the from The Hacker News https://ift.tt/W6GFPZv via IFTTT

Businesses know they need to secure their client-side scripts. Content security policies (CSPs) are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours (or days) in manual code reviews through thousands of lines of script on your web applications. Automated content security from The Hacker News https://ift.tt/xzhDUBQ via IFTTT

Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses. It, however, doesn't support Windows Education from The Hacker News https://ift.tt/mpZ5J0t via IFTTT

Deepest infrared image of universe 650 by potiuper | 223 comments on Hacker News.

GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency from The Hacker News https://ift.tt/I6Pp8TF via IFTTT

SSD will fail at 40k power-on hours (2021) 608 by dredmorbius | 219 comments on Hacker News.

It's not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc., are amazing for enabling the hybrid workforce and hyper-productivity in businesses today. However, there are three main challenges that have arisen stemming from this evolution: (1) While SaaS apps include a host of native security settings, they need to be hardened by the security team of the organization from The Hacker News https://ift.tt/4KWp0NV via IFTTT

The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged.  According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing from The Hacker News https://ift.tt/qDjJp7T via IFTTT

The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index (PyPI) said in a tweet last week. "Any maintainer of a from The Hacker News https://ift.tt/xqd578C via IFTTT

Uber broke laws, duped police and built lobbying operation, leak reveals 617 by colin_jack | 305 comments on Hacker News.

The dark side of Shopify 579 by danpalmer | 160 comments on Hacker News.

I should have loved biology 577 by h2odragon | 179 comments on Hacker News.

Rogers network outage across Canada hits banks, businesses and consumers 547 by cupofpython | 318 comments on Hacker News.

A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190, the from The Hacker News https://ift.tt/g1RKvX9 via IFTTT

HN Is Up Again 567 by tpmx | 164 comments on Hacker News.

Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities.  Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable USB devices containing from The Hacker News https://ift.tt/INd1EHK via IFTTT

A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security from The Hacker News https://ift.tt/XFRMJ8r via IFTTT