Amazing News...

Select * from cloud 609 by kiyanwang | 239 comments on Hacker News.

Why modern software is slow 600 by soheilpro | 740 comments on Hacker News.

A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is from The Hacker News https://ift.tt/Cx5FzRt via IFTTT

Make-A-Video: AI system that generates videos from text 685 by hardmaru | 323 comments on Hacker News.

Google is shutting down Stadia 698 by vyrotek | 794 comments on Hacker News.

A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep from The Hacker News https://ift.tt/gBrTRPt via IFTTT

Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.  While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, the from The Hacker News https://ift.tt/Atog1lq via IFTTT

ButtFish – Transmit Morse Code of chess moves to your butt 619 by qdot76367 | 158 comments on Hacker News.

Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. "Key activities are data leaking and selling, including officials' phone numbers and emails, and maps of sensitive locations," Israeli cybersecurity firm Check Point said in from The Hacker News https://ift.tt/dMlVT8u via IFTTT

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through from The Hacker News https://ift.tt/TjPkNRF via IFTTT

A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for € from The Hacker News https://ift.tt/LcgJRh2 via IFTTT

Organizations struggle to find ways to keep a good security posture. This is because it is difficult to create secure system policies and find the right tools that help achieve a good posture. In many cases, organizations work with tools that do not integrate with each other and are expensive to purchase and maintain. Security posture management is a term used to describe the process of from The Hacker News https://ift.tt/GAUFqVc via IFTTT

The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a from The Hacker News https://ift.tt/WAVOxMo via IFTTT

Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior (CIB) so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic, the Russian network primarily targeted Germany, France, Italy, Ukraine and the U.K. with themes from The Hacker News https://ift.tt/mswDo2z via IFTTT

WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and from The Hacker News https://ift.tt/La3Fwj5 via IFTTT

Workerd: Open-source Cloudflare workers runtime 592 by kentonv | 125 comments on Hacker News.

As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019. The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively. Prior to their removal from the app from The Hacker News https://ift.tt/gStK2sB via IFTTT

The global cybersecurity market is flourishing. Experts at Gartner predict that the end-user spending for the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026.  One big area of spending includes the art of putting cybersecurity defenses under pressure, commonly known as security testing. MarketsandMarkets forecasts the global from The Hacker News https://ift.tt/1n3Cwt0 via IFTTT

Dear Chess World 590 by shreyas-satish | 887 comments on Hacker News.

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto.com. The latest disclosure builds on previous from The Hacker News https://ift.tt/qf1hGeJ via IFTTT

The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP said in a statement. The from The Hacker News https://ift.tt/vyfJNwX via IFTTT

Outdated vs. Complete: In defense of apps that don’t need updates 588 by ingve | 321 comments on Hacker News.

At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn from The Hacker News https://ift.tt/GyJkYSr via IFTTT

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan from The Hacker News https://ift.tt/1YN9k2V via IFTTT

Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, from The Hacker News https://ift.tt/g6rL92y via IFTTT

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software," researchers from Symantec  from The Hacker News https://ift.tt/3w0Is15 via IFTTT

Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is from The Hacker News https://ift.tt/1Um0wQF via IFTTT

58 bytes of CSS to look great nearly everywhere 576 by thunderbong | 194 comments on Hacker News.

Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems from The Hacker News https://ift.tt/fWbPX79 via IFTTT

Mcmaster.com is the best e-commerce site I've ever used 615 by runxel | 234 comments on Hacker News.

Someday aliens will land and all will be fine until we explain our calendar 622 by thunderbong | 469 comments on Hacker News.

Facebook proven to negatively impact mental health 593 by giuliomagnifico | 247 comments on Hacker News.

Google loses EU appeal and is fined a record $4B 602 by april_22 | 434 comments on Hacker News.

Software I’m thankful for (2021) 746 by yarapavan | 473 comments on Hacker News.

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he remains in police custody." The department said the arrest was made as part of an investigation in from The Hacker News https://ift.tt/KaIn8bL via IFTTT

Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it from The Hacker News https://ift.tt/FGcHxRk via IFTTT

Avoiding homework with code and getting caught 675 by aabbccsmith | 147 comments on Hacker News.

GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent messages claim to from The Hacker News https://ift.tt/DpXOaoN via IFTTT

A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security from The Hacker News https://ift.tt/gvJpcV6 via IFTTT

Nightdrive 636 by GeorgeHahn | 122 comments on Hacker News.

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain from The Hacker News https://ift.tt/Klw81h0 via IFTTT

A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of the Android malware, which were from The Hacker News https://ift.tt/o4y3CKd via IFTTT

A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its maintainers as an "easy to use components library for Tailwind CSS and Material Design." "The from The Hacker News https://ift.tt/uvC5Kk1 via IFTTT

Last month Tech Crunch reported that payment terminal manufacturer Wiseasy had been hacked. Although Wiseasy might not be well known in North America, their Android-based payment terminals are widely used in the Asia Pacific region and hackers managed to steal passwords for 140,000 payment terminals. How Did the Wiseasy Hack Happen? Wiseasy employees use a cloud-based dashboard for remotely from The Hacker News https://ift.tt/hCxcJ1p via IFTTT

Ask HN: Why is Microsoft Teams still so bad? 655 by TurkishPoptart | 597 comments on Hacker News. It's buggy, and it crashes more often than any other app I use. God forbid you try to change the audio device from speakers to headphones in the middle of a call. And then if you try to just call back on your phone, and they want to share their screen, and you go back to your PC and try to join the call from your PC so you can see the screenshare (it's not going to work). Seriously, with all the money and resources thrown at this company and this app, you'd think it'd be a little more stable, faster, and reliable. I am literally forced to use this app at work...

Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as from The Hacker News https://ift.tt/w5JozTV via IFTTT

As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming, from The Hacker News https://ift.tt/DksAvRm via IFTTT

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment from The Hacker News https://ift.tt/hTsuZ0r via IFTTT

Whisper – open source speech recognition by OpenAI 653 by _just7_ | 219 comments on Hacker News.

For cybersecurity professionals, it is a huge challenge to separate the “good guys” from the “villains”. In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore. Threats from within organizations – also known as “insider threats” – are increasing and cybersecurity practitioners are feeling the pain.  Traditional from The Hacker News https://ift.tt/TjR2W7v via IFTTT

Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs.  Stellar Cyber delivers an Open XDR solution that allows organizations to use from The Hacker News https://ift.tt/lUj9yiB via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe from The Hacker News https://ift.tt/g3YRryX via IFTTT

React I love you, but you're bringing me down 560 by fzaninotto | 440 comments on Hacker News.

Tell HN: Somebody implemented something I wrote a blog about 560 by rexfuzzle | 152 comments on Hacker News. So a while ago I wrote about how 2FA was missing a key feature: https://ift.tt/lzq0kMK... Having not had any feedback on it in a while and the idea not taking off, today somebody messaged me to say that had implemented it in their product. 1. Obviously I think this is great and more secure 2. Tell people about things you do that they played a part it- it might just make their day.

Poor writing, not specialized concepts, drives difficulty with legal language 547 by rntn | 310 comments on Hacker News.

A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The from The Hacker News https://ift.tt/SKbY4HC via IFTTT

1Hz CPU made in Minecraft running Minecraft at 0.1fps [video] 739 by reimertz | 124 comments on Hacker News.

2-in-1 calculator app adds up to surprise hit for retired engineer 634 by CrankyBear | 212 comments on Hacker News.

Apple’s iPhone 14 Redesign for Repair 614 by walterbell | 384 comments on Hacker News.

American video game publisher Rockstar Games on Monday revealed it was a victim of a "network intrusion" that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI. "At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects," the company said in a notice shared on its from The Hacker News https://ift.tt/J7plBuj via IFTTT

The $300B Google-Meta advertising duopoly is under attack 589 by acconrad | 485 comments on Hacker News.

The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, from The Hacker News https://ift.tt/32szRhM via IFTTT

Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been from The Hacker News https://ift.tt/chd1Hrz via IFTTT

A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zürich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegian aluminum giant Norsk Hydro. It's said to have infected more than 1,800 victims in 71 countries, from The Hacker News https://ift.tt/pQdwg6W via IFTTT

Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's from The Hacker News https://ift.tt/JM93VLf via IFTTT

Show HN: I may have created a new type of puzzle 616 by drcode | 164 comments on Hacker News.

Plasma Bigscreen 607 by sudenmorsian | 261 comments on Hacker News.

Crazy Thin ‘Deep Insert’ ATM Skimmers 558 by todsacerdoti | 452 comments on Hacker News.

Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational." from The Hacker News https://ift.tt/UQ3YKuE via IFTTT

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "there is no evidence that this from The Hacker News https://ift.tt/hWfMkgT via IFTTT

Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI service dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said. The from The Hacker News https://ift.tt/VxGdi3m via IFTTT

Unified threat management is thought to be a universal solution for many reasons. First of all, it is compatible with almost any hardware. As a business or an MSP, you don’t have to bother with leasing or subleasing expensive equipment. There is no need to chase your clients to return your costly hardware. The all-in-one UTM solution will save you money and time & make work routine less from The Hacker News https://ift.tt/XM3JlIa via IFTTT

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as from The Hacker News https://ift.tt/WqJz85n via IFTTT

Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. "The videos advertise cheats and cracks and provide instructions on hacking popular games and software," Kaspersky security researcher Oleg Kupreev said in a new report published today. from The Hacker News https://ift.tt/f08tAcu via IFTTT

Penpot: Open-source design and prototyping platform 752 by wiradikusuma | 56 comments on Hacker News.

Adobe to acquire Figma for $20B 895 by caoxuwen | 531 comments on Hacker News.

An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a from The Hacker News https://ift.tt/6OM8YnW via IFTTT

Companies are in the midst of an employee "turnover tsunami" with no signs of a slowdown. According to Fortune Magazine, 40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation - creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide.  At Davos 2022, from The Hacker News https://ift.tt/Ndv8LAV via IFTTT

A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report from The Hacker News https://ift.tt/93D1yxm via IFTTT

Patagonia founder gives away the company 708 by sharkweek | 330 comments on Hacker News.

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked from The Hacker News https://ift.tt/WtOFUbu via IFTTT

The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting on the network perimeter," researchers from cybersecurity firm Arctic Wolf said in a report from The Hacker News https://ift.tt/mBpNKng via IFTTT

According to the 2022 Malwarebytes Threat review, 40M Windows business computers' threats were detected in 2021. And malware analysis is necessary to combat and avoid this kind of attack. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox.  What is malware analysis?  Malware analysis is a process of studying a malicious from The Hacker News https://ift.tt/KBTJeZI via IFTTT

The last person standing in the floppy disk business 652 by fortran77 | 329 comments on Hacker News.

Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan (RAT) known as Agent Tesla. A .NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted from The Hacker News https://ift.tt/mNyFWSY via IFTTT

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence from The Hacker News https://ift.tt/gLKWQZX via IFTTT

Factorio is coming to Nintendo Switch 614 by MForster | 293 comments on Hacker News.

FB feed is 98% suggested pages and barely any friends' posts 608 by Erikun | 347 comments on Hacker News.

Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a challenge, from The Hacker News https://ift.tt/lOSgGC8 via IFTTT

Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. "A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as  from The Hacker News https://ift.tt/efqy1vc via IFTTT

Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security and genome research as part of a new social engineering campaign designed to hunt for sensitive information. Enterprise security firm attributed the targeted attacks to a threat actor named TA453, which broadly overlaps with cyber activities monitored under the monikers from The Hacker News https://ift.tt/uDvAbm5 via IFTTT

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. "Apple is aware of a report that this issue may from The Hacker News https://ift.tt/K3zfwxy via IFTTT

China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO) at the USA's from The Hacker News https://ift.tt/TZgstor via IFTTT

A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a "Free Palestine" campaign. Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were from The Hacker News https://ift.tt/xpvUSGf via IFTTT

SOC 2 may be a voluntary standard, but for today's security-conscious business, it's a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box. Security is critical for all organisations, including those that outsource key business operation to third parties like from The Hacker News https://ift.tt/lMOWh0o via IFTTT

Diffusion Bee: Stable Diffusion GUI App for M1 Mac 543 by divamgupta | 144 comments on Hacker News.

A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted from The Hacker News https://ift.tt/Ac53FZh via IFTTT

Ask HN: What are some of the best documentaries you've seen? 451 by rasulkireev | 454 comments on Hacker News. This questions has been asked before [0][1][2], but I'm thinking that in the last 4 years something new and exciting has been created or discovered. If you could describe in a couple of words why you mentioned what you mentioned, that would be fantastic. [0]: https://ift.tt/FzQyTX6 [1]: https://ift.tt/YBgHVL4 [2]: https://ift.tt/tTHRfGZ

Atkinson Hyperlegible Font 480 by zdw | 155 comments on Hacker News.

San Francisco decriminalizes psychedelics 603 by O__________O | 445 comments on Hacker News.

Visual effects for the Indian blockbuster “RRR” 691 by rrampage | 250 comments on Hacker News.

A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran's Islamic Revolutionary Guard Corps ( from The Hacker News https://ift.tt/BKA7zTd via IFTTT

The U.S. Treasury Department on Friday announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. "Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector from The Hacker News https://ift.tt/PAjkDNM via IFTTT

What's SAP, and why's it worth $163B? (2020) 699 by antonyl | 592 comments on Hacker News.

More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and from The Hacker News https://ift.tt/BpFSrEs via IFTTT

Excuse me but why are you eating so many frogs 590 by irajdeep | 270 comments on Hacker News.

Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in from The Hacker News https://ift.tt/0bLcuWG via IFTTT

Queen Elizabeth II has died 1069 by xd | 401 comments on Hacker News.

A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan. “The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary’s nation-state,” Cisco Talos said in a report shared from The Hacker News https://ift.tt/FLi16Pz via IFTTT

WikiHouse – Open source, modular, wood based, zero carbon housing 476 by xor99 | 263 comments on Hacker News.

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is from The Hacker News https://ift.tt/dQCNz4l via IFTTT

A recent report revealed that ecommerce provider, Shopify uses particularly weak password policies on the customer-facing portion of its Website. According to the report, Shopify's requires its customers to use a password that is at least five characters in length and that does not begin or end with a space.  According to the report, Specops researchers analyzed a list of a billion passwords from The Hacker News https://ift.tt/Q7fBCyw via IFTTT

Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker DEV-0270 (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd and from The Hacker News https://ift.tt/lCjVKqi via IFTTT

Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service ( from The Hacker News https://ift.tt/zpUKBhV via IFTTT

Difftastic, the fantastic diff 579 by pcr910303 | 76 comments on Hacker News.

Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google's Threat Analysis Group (TAG), builds upon a prior report published in July 2022, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian war. "UAC-0098 is a threat from The Hacker News https://ift.tt/jCgkYy0 via IFTTT

TIL: You can access a user’s camera with just HTML 528 by feross | 222 comments on Hacker News.