Amazing News...

FTC restores rigorous enforcement of law banning unfair methods of competition 497 by nabilhat | 376 comments on Hacker News.

FTX to file for U.S. bankruptcy, CEO resigns 552 by mfiguiere | 1071 comments on Hacker News.

Bubbles 578 by findhorn | 56 comments on Hacker News.

FTX tapped into customer accounts to fund risky bets, setting up its downfall 504 by mfiguiere | 670 comments on Hacker News.

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's from The Hacker News https://ift.tt/ahlHVmy via IFTTT

When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let's discuss both.  VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides an encrypted server by redirecting your traffic via a server run by a VPN host. It establishes a from The Hacker News https://ift.tt/tYgwr1y via IFTTT

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place from The Hacker News https://ift.tt/nP256DT via IFTTT

Musk’s first email to Twitter staff ends remote work 495 by mfiguiere | 939 comments on Hacker News.

What chroot taught me about containers 495 by mmphosis | 167 comments on Hacker News.

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022. "The issue allowed an attacker with physical access to bypass from The Hacker News https://ift.tt/64hbxl2 via IFTTT

Podman Desktop: A Free OSS Alternative to Docker Desktop 739 by twelvenmonkeys | 176 comments on Hacker News.

Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways:  The public, by taking action to stay safe online. Professionals, by joining the cyber workforce. Cyber industry partners, as part of the cybersecurity solution. CISA outlined four "things from The Hacker News https://ift.tt/O1tJdj9 via IFTTT

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump Strauss Hauer & Feld LLP's law firm clients, for example, reported a three-fold increase in insurance from The Hacker News https://ift.tt/HqW0UJA via IFTTT

Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain root from The Hacker News https://ift.tt/5i6wmcj via IFTTT

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS," Slovak cybersecurity firm ESET explained in a series of tweets. UEFI from The Hacker News https://ift.tt/qlNhmU4 via IFTTT

My full statement regarding DOOM Eternal 693 by bangonkeyboard | 201 comments on Hacker News.

A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. from The Hacker News https://ift.tt/t6YNSIG via IFTTT

Meta lays off 11,000 people 649 by technics256 | 547 comments on Hacker News.

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately  from The Hacker News https://ift.tt/ALPHi8Q via IFTTT

Binance to acquire FTX 564 by jmsflknr | 601 comments on Hacker News.

Building a BitTorrent client from the ground up in Go (2020) 568 by stargrave | 47 comments on Hacker News.

Ntfy.sh – Send push notifications to your phone via PUT/POST 814 by tambourine_man | 225 comments on Hacker News.

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a from The Hacker News https://ift.tt/xL1pFuS via IFTTT

Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble. Observed in from The Hacker News https://ift.tt/N9G0YlL via IFTTT

The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing.  A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending heading into 2023, while Gartner recently projected that 2022 IT spending will only grow by 3%, from The Hacker News https://ift.tt/hbp6nef via IFTTT

The most unethical thing I was asked to build while working at Twitter in 2015 736 by sgk284 | 317 comments on Hacker News.

Delaware judge discovers hidden entity recruiting people to be patent trolls 708 by Andrew_Russell | 237 comments on Hacker News.

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not from The Hacker News https://ift.tt/YufTciJ via IFTTT

Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool, which is buried inside a Help Center page about "Friending," was first reported by Business Insider last week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws." from The Hacker News https://ift.tt/bY1ln07 via IFTTT

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022. The from The Hacker News https://ift.tt/Xt6DrGd via IFTTT

A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet. Robin Banks was  from The Hacker News https://ift.tt/4UZvGF6 via IFTTT

Ask HN: Comment here about whatever you're passionate about at the moment 638 by mckirk | 354 comments on Hacker News. Hello stranger. It has occurred to me that one of the crucial elements of the early internet was the feeling that there was somebody out there, _somewhere_ on the globe, that was actually responding to that particular thing you were putting out there. It was a special feeling, because it was a sense of connection. Just being online and being part of the few select communities that existed back then was a commitment, and I believe that's in part what made it feel special. With all the world gaining access to the internet, I think we've gained a lot, but lost this sense of wonder: Since online interactions have now become commonplace to the point of para-social meaninglessness, any single post or message doesn't really feel all that _real_. HN is still the closest thing I know to that primordial kind of internet, and so I'm putting this post out th...

Tell HN: A hacker's life is in danger, your awareness may be life saving 632 by michaeltimo | 62 comments on Hacker News. It's been a month that Jadi (real name: Amir Emad Mirmirani), an Iranian geek, has been imprisoned in Iran's most notorious prison called Evin in Tehran. In Iran, he is one of the most famous people active in the field of programming and computer education. In his personal blog[0], he has been writing about technology and society for years. He has also a YouTube channel[1][2] to teach and encourage Iranians to programming and Linux, and a podcast[3] that has been explaining technology and science news along with his comments for several years. All this in a country with a dictatorial government where standing in the right place has a heavy price. His arrest occurred on October 5, a few days after the recent nationwide protests[4] began in Iran. Arrest at home with beating. The reason for this is not yet clear, but it is probably due to his efforts to ...

Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," software supply chain from The Hacker News https://ift.tt/CUk9sch via IFTTT

Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that from The Hacker News https://ift.tt/xAoy10N via IFTTT

Blip: A tool for seeing your internet latency 580 by tosh | 151 comments on Hacker News.

Not too long ago, there was a clear separation between the operational technology (OT) that drives the physical functions of a company – on the factory floor, for example – and the information technology (IT) that manages a company's data to enable management and planning.  As IT assets became increasingly connected to the outside world via the internet, OT remained isolated from IT – and the from The Hacker News https://ift.tt/aPTwHuD via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and from The Hacker News https://ift.tt/VlXbo4I via IFTTT

We've filed a lawsuit against GitHub Copilot 604 by iworshipfaangs2 | 606 comments on Hacker News.

Ex-Reddit CEO on Twitter moderation 630 by kenferry | 675 comments on Hacker News.

Stripe laying off around 14% of workforce 596 by infrawhispers | 867 comments on Hacker News.

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News. Black from The Hacker News https://ift.tt/5YFUXKl via IFTTT

A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as from The Hacker News https://ift.tt/eAnNFYm via IFTTT

The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. "Given the geography of the targets and the current geopolitical situation, it's unlikely that from The Hacker News https://ift.tt/kNgPAHi via IFTTT

Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China. The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee from The Hacker News https://ift.tt/lFRMdvD via IFTTT

American society is so focused on race that it is blind to class 540 by jdkee | 455 comments on Hacker News.

Dozens of malicious PyPI packages discovered targeting developers 473 by louislang | 228 comments on Hacker News.

TomTom’s new mapping platform and ecosystem 474 by gru | 353 comments on Hacker News.

An unwilling illustrator found herself turned into an AI model 429 by ghuntley | 500 comments on Hacker News.

NASA finds super-emitters of methane 422 by walterbell | 244 comments on Hacker News.

OpenSSL 3.0.7 fixes X.509 email address buffer overflows 415 by petecooper | 183 comments on Hacker News.

Leaked documents outline DHS’s plans to police disinformation 415 by amadeuspagel | 679 comments on Hacker News.

How I survived a year in ‘the hole’ without losing my mind 421 by ysjodha | 509 comments on Hacker News.

Nobody wants touch-screen glove box latches 416 by devy | 374 comments on Hacker News.

The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email from The Hacker News https://ift.tt/dO6Dw0S via IFTTT

The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a from The Hacker News https://ift.tt/gJywESt via IFTTT

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The issue, characterized as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to result in the execution of remote code or disclosure of sensitive information. ConnectWise's from The Hacker News https://ift.tt/cygEGV0 via IFTTT