Code & Design News http://cnd.jdun.co Aggregator of Code, Security and Design news sites. Thu, 09 Feb 2023 08:52:19 +0000 Top Free Productivity Apps for 2023 https://www.designernews.co/stories/129198-top-free-productivity-apps-for-2023 https://dev.to/stephanreynolds/top-free-productivity-apps-for-2023-jlb https://www.designernews.co/stories/129198-top-free-productivity-apps-for-2023 Thu, 09 Feb 2023 08:36:33 +0000 2023-02-09T08:36:33+00:00 Ask HN: Please Review My Metalanguage https://github.com/kstenerud/kbnf/blob/master/kbnf_v1.md <a href="https://news.ycombinator.com/item?id=34720488">Comments</a> https://news.ycombinator.com/item?id=34720488 Thu, 09 Feb 2023 06:40:40 +0000 2023-02-09T06:40:40+00:00 I hate Hackathons https://pgpt.substack.com/p/i-hate-hackathons <a href="https://news.ycombinator.com/item?id=34720265">Comments</a> https://news.ycombinator.com/item?id=34720265 Thu, 09 Feb 2023 05:59:06 +0000 2023-02-09T05:59:06+00:00 Ask HN: Is “prompt injection” going to be a new common vulnerability? https://news.ycombinator.com/item?id=34719586 <a href="https://news.ycombinator.com/item?id=34719586">Comments</a> https://news.ycombinator.com/item?id=34719586 Thu, 09 Feb 2023 03:59:32 +0000 2023-02-09T03:59:32+00:00 Podman vs. Docker: Comparing the two containerization tools https://www.linode.com/docs/guides/podman-vs-docker/ <a href="https://news.ycombinator.com/item?id=34719137">Comments</a> https://news.ycombinator.com/item?id=34719137 Thu, 09 Feb 2023 02:46:38 +0000 2023-02-09T02:46:38+00:00 Ask HN: Burnt out from big tech. What's next? https://news.ycombinator.com/item?id=34719088 <a href="https://news.ycombinator.com/item?id=34719088">Comments</a> https://news.ycombinator.com/item?id=34719088 Thu, 09 Feb 2023 02:39:18 +0000 2023-02-09T02:39:18+00:00 My 2022 self was wrong about meditation, monitors, and sleep https://guzey.com/2022-lessons/ <a href="https://news.ycombinator.com/item?id=34717876">Comments</a> https://news.ycombinator.com/item?id=34717876 Thu, 09 Feb 2023 00:25:31 +0000 2023-02-09T00:25:31+00:00 Covid drug drives viral mutations – and now some want to halt its use https://www.nature.com/articles/d41586-023-00347-z <a href="https://news.ycombinator.com/item?id=34717514">Comments</a> https://news.ycombinator.com/item?id=34717514 Wed, 08 Feb 2023 23:51:19 +0000 2023-02-08T23:51:19+00:00 Photoprism – open-source Google Photos Alternative https://www.photoprism.app/ <a href="https://news.ycombinator.com/item?id=34716924">Comments</a> https://news.ycombinator.com/item?id=34716924 Wed, 08 Feb 2023 23:06:04 +0000 2023-02-08T23:06:04+00:00 Apache Kafka Beyond the Basics: Windowing https://www.confluent.io/blog/windowing-in-kafka-streams/ <a href="https://news.ycombinator.com/item?id=34716797">Comments</a> https://news.ycombinator.com/item?id=34716797 Wed, 08 Feb 2023 22:56:29 +0000 2023-02-08T22:56:29+00:00 Vestas unveils solution to end landfill disposal for wind turbine blades https://www.vestas.com/en/media/company-news/2023/vestas-unveils-circularity-solution-to-end-landfill-for-c3710818 <a href="https://news.ycombinator.com/item?id=34716743">Comments</a> https://news.ycombinator.com/item?id=34716743 Wed, 08 Feb 2023 22:52:20 +0000 2023-02-08T22:52:20+00:00 25 Ideas On How To Use Personas In Product Development https://www.designernews.co/stories/129193-25-ideas-on-how-to-use-personas-in-product-development https://makeiterate.com/25-ideas-on-how-to-use-personas-in-product-development/ https://www.designernews.co/stories/129193-25-ideas-on-how-to-use-personas-in-product-development Wed, 08 Feb 2023 22:17:04 +0000 2023-02-08T22:17:04+00:00 Top byte ignore for fun and memory savings https://www.linaro.org/blog/top-byte-ignore-for-fun-and-memory-savings/ <a href="https://news.ycombinator.com/item?id=34715517">Comments</a> https://news.ycombinator.com/item?id=34715517 Wed, 08 Feb 2023 21:31:49 +0000 2023-02-08T21:31:49+00:00 Microsoft Teams Free data won’t transfer over to Microsoft Teams (free) https://arstechnica.com/?p=1916190 $4-per-user-per-month Essentials tier is the only way to keep your stuff. https://arstechnica.com/?p=1916190 Wed, 08 Feb 2023 21:26:21 +0000 2023-02-08T21:26:21+00:00 Show HN: StackOverflow.gg – AI-generated answers to every coding question https://stackoverflow.gg/ <a href="https://news.ycombinator.com/item?id=34715033">Comments</a> https://news.ycombinator.com/item?id=34715033 Wed, 08 Feb 2023 20:58:47 +0000 2023-02-08T20:58:47+00:00 Is Google’s 20-year search dominance about to end? https://www.economist.com/business/2023/02/08/is-googles-20-year-search-dominance-about-to-end <a href="https://news.ycombinator.com/item?id=34715003">Comments</a> https://news.ycombinator.com/item?id=34715003 Wed, 08 Feb 2023 20:57:27 +0000 2023-02-08T20:57:27+00:00 In Paris demo, Google scrambles to counter ChatGPT but ends up embarrassing itself https://arstechnica.com/?p=1915978 So far, the expected Microsoft-Google AI war has turned into an AI fizzle. https://arstechnica.com/?p=1915978 Wed, 08 Feb 2023 19:33:34 +0000 2023-02-08T19:33:34+00:00 Probiotic blocks staph bacteria from colonizing people https://www.nih.gov/news-events/nih-research-matters/probiotic-blocks-staph-bacteria-colonizing-people <a href="https://news.ycombinator.com/item?id=34713431">Comments</a> https://news.ycombinator.com/item?id=34713431 Wed, 08 Feb 2023 19:25:51 +0000 2023-02-08T19:25:51+00:00 Show HN: Filmbox, physically accurate film emulation, now on Linux and Windows https://videovillage.co/filmbox/ <a href="https://news.ycombinator.com/item?id=34713202">Comments</a> https://news.ycombinator.com/item?id=34713202 Wed, 08 Feb 2023 19:13:06 +0000 2023-02-08T19:13:06+00:00 Hackers are selling a service that bypasses ChatGPT restrictions on malware https://arstechnica.com/?p=1916125 ChatGPT restrictions on the creation of illicit content are easy to circumvent. https://arstechnica.com/?p=1916125 Wed, 08 Feb 2023 18:54:03 +0000 2023-02-08T18:54:03+00:00 NIST selects ‘lightweight cryptography’ algorithms to protect small devices https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryptography-algorithms-protect-small-devices <a href="https://news.ycombinator.com/item?id=34712729">Comments</a> https://news.ycombinator.com/item?id=34712729 Wed, 08 Feb 2023 18:44:56 +0000 2023-02-08T18:44:56+00:00 Grim Reaper starts coming for fax machines, pagers, landlines https://arstechnica.com/?p=1916054 China will stop giving network-access permits to some legacy communication tech. https://arstechnica.com/?p=1916054 Wed, 08 Feb 2023 18:38:38 +0000 2023-02-08T18:38:38+00:00 OpenSSH Pre-Auth Double Free – Writeup and Proof-of-Concept https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/ <a href="https://news.ycombinator.com/item?id=34711565">Comments</a> https://news.ycombinator.com/item?id=34711565 Wed, 08 Feb 2023 17:34:31 +0000 2023-02-08T17:34:31+00:00 NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices https://thehackernews.com/2023/02/nist-standardizes-ascon-cryptographic.html The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NIST said. https://thehackernews.com/2023/02/nist-standardizes-ascon-cryptographic.html Wed, 08 Feb 2023 17:18:00 +0000 2023-02-08T17:18:00+00:00 Ask HN: How do you deal with information and internet addiction? https://news.ycombinator.com/item?id=34710830 <a href="https://news.ycombinator.com/item?id=34710830">Comments</a> https://news.ycombinator.com/item?id=34710830 Wed, 08 Feb 2023 16:52:44 +0000 2023-02-08T16:52:44+00:00 Fungi and bacteria are binging on burned soil https://news.ucr.edu/articles/2023/02/07/fungi-and-bacteria-are-binging-burned-soil <a href="https://news.ycombinator.com/item?id=34710725">Comments</a> https://news.ycombinator.com/item?id=34710725 Wed, 08 Feb 2023 16:46:26 +0000 2023-02-08T16:46:26+00:00 Hardcoded Folder Icons in macOS https://weblog.antranigv.am/posts/2023/02/hardcoded-folder-icons-in-macos/ <a href="https://news.ycombinator.com/item?id=34709690">Comments</a> https://news.ycombinator.com/item?id=34709690 Wed, 08 Feb 2023 15:48:56 +0000 2023-02-08T15:48:56+00:00 Zrok: Open-source peer to peer https://zrok.io/ <a href="https://news.ycombinator.com/item?id=34709487">Comments</a> https://news.ycombinator.com/item?id=34709487 Wed, 08 Feb 2023 15:36:41 +0000 2023-02-08T15:36:41+00:00 Unpatched Security Flaws Disclosed in Multiple Document Management Systems https://thehackernews.com/2023/02/unpatched-security-flaws-disclosed-in.html Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed https://thehackernews.com/2023/02/unpatched-security-flaws-disclosed-in.html Wed, 08 Feb 2023 15:15:00 +0000 2023-02-08T15:15:00+00:00 Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach https://thehackernews.com/2023/02/sydney-man-sentenced-for-blackmailing.html A Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme. The suspect https://thehackernews.com/2023/02/sydney-man-sentenced-for-blackmailing.html Wed, 08 Feb 2023 15:00:00 +0000 2023-02-08T15:00:00+00:00 ChatGPT is a data privacy nightmare, and we ought to be concerned https://arstechnica.com/?p=1915949 ChatGPT's extensive language model is fueled by our personal data. https://arstechnica.com/?p=1915949 Wed, 08 Feb 2023 14:12:27 +0000 2023-02-08T14:12:27+00:00 Mysterious leak of Booking.com reservation data is being used to scam customers https://arstechnica.com/?p=1915880 Somehow, scammers keep accessing customer reservation details, other private data. https://arstechnica.com/?p=1915880 Wed, 08 Feb 2023 13:20:08 +0000 2023-02-08T13:20:08+00:00 CSS Social Media Icons https://www.designernews.co/stories/129187-css-social-media-icons https://dev.to/w7freedownload/css-social-media-icons-13oh https://www.designernews.co/stories/129187-css-social-media-icons Wed, 08 Feb 2023 12:29:46 +0000 2023-02-08T12:29:46+00:00 New neural network architecture inspired by neural system of a worm https://www.quantamagazine.org/researchers-discover-a-more-flexible-approach-to-machine-learning-20230207/ <a href="https://news.ycombinator.com/item?id=34707055">Comments</a> https://news.ycombinator.com/item?id=34707055 Wed, 08 Feb 2023 12:16:44 +0000 2023-02-08T12:16:44+00:00 Shells Are Two Things https://borretti.me/article/shells-are-two-things <a href="https://news.ycombinator.com/item?id=34706832">Comments</a> https://news.ycombinator.com/item?id=34706832 Wed, 08 Feb 2023 11:42:29 +0000 2023-02-08T11:42:29+00:00 Polynomial interpolation https://cohost.org/tomforsyth/post/982199-polynomial-interpola <a href="https://news.ycombinator.com/item?id=34706577">Comments</a> https://news.ycombinator.com/item?id=34706577 Wed, 08 Feb 2023 11:05:29 +0000 2023-02-08T11:05:29+00:00 Russian Hackers Using Graphiron Malware to Steal Data from Ukraine https://thehackernews.com/2023/02/russian-hackers-using-graphiron-malware.html A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide https://thehackernews.com/2023/02/russian-hackers-using-graphiron-malware.html Wed, 08 Feb 2023 11:04:00 +0000 2023-02-08T11:04:00+00:00 How to Think Like a Hacker and Stay Ahead of Threats https://thehackernews.com/2023/02/how-to-think-like-hacker-and-stay-ahead.html To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks.  During a webinar called The Hacker Mindset, a Red Team Researcher shared how you can use some of these tools for your own detection and prevention of breaches. He also demonstrated how an attack takes place using the Follina https://thehackernews.com/2023/02/how-to-think-like-hacker-and-stay-ahead.html Wed, 08 Feb 2023 11:01:00 +0000 2023-02-08T11:01:00+00:00 Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware https://thehackernews.com/2023/02/russian-hacker-pleads-guilty-to-money.html A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. Denis Mihaqlovic Dubnikov, 30, was arrested in Amsterdam in November 2021 before he was extradited from the Netherlands in August 2022. He is awaiting sentencing on April 11, 2023. "Between at least https://thehackernews.com/2023/02/russian-hacker-pleads-guilty-to-money.html Wed, 08 Feb 2023 09:39:00 +0000 2023-02-08T09:39:00+00:00 Mary, Queen of Scots prison letters finally decoded https://www.theguardian.com/uk-news/2023/feb/08/mary-queen-of-scots-prison-letters-finally-decoded <a href="https://news.ycombinator.com/item?id=34705662">Comments</a> https://news.ycombinator.com/item?id=34705662 Wed, 08 Feb 2023 08:40:19 +0000 2023-02-08T08:40:19+00:00 Trustfall: How to Query (Almost) Everything https://github.com/obi1kenobi/trustfall <a href="https://news.ycombinator.com/item?id=34705246">Comments</a> https://news.ycombinator.com/item?id=34705246 Wed, 08 Feb 2023 07:34:12 +0000 2023-02-08T07:34:12+00:00 How to Add Google Analytics to Webflow https://www.designernews.co/stories/129182-how-to-add-google-analytics-to-webflow https://www.linkedin.com/pulse/how-add-google-analytics-webflow-nahid-ahmed https://www.designernews.co/stories/129182-how-to-add-google-analytics-to-webflow Wed, 08 Feb 2023 07:18:51 +0000 2023-02-08T07:18:51+00:00 CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks https://thehackernews.com/2023/02/cert-ua-alerts-ukrainian-state.html The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with the agency describing the activity as likely motivated by espionage given the toolset employed. The https://thehackernews.com/2023/02/cert-ua-alerts-ukrainian-state.html Wed, 08 Feb 2023 06:16:00 +0000 2023-02-08T06:16:00+00:00 Top-ranked Magento Development Companies https://www.designernews.co/stories/129179-topranked-magento-development-companies https://codersnews.info/magento-development-companies/ https://www.designernews.co/stories/129179-topranked-magento-development-companies Wed, 08 Feb 2023 05:34:42 +0000 2023-02-08T05:34:42+00:00 A Limited Interest Article on Employer Value Prop and Hiring https://www.residentcontrarian.com/p/a-limited-interest-article-on-employer <a href="https://news.ycombinator.com/item?id=34704353">Comments</a> https://news.ycombinator.com/item?id=34704353 Wed, 08 Feb 2023 05:05:26 +0000 2023-02-08T05:05:26+00:00 How Prototyping works for Streaming App UI Design https://www.designernews.co/stories/129178-how-prototyping-works-for-streaming-app-ui-design https://www.protopie.io/blog/the-new-era-of-live-streaming-ui?utm_source=designernews&utm_medium=social&utm_campaign=customer-spotlight https://www.designernews.co/stories/129178-how-prototyping-works-for-streaming-app-ui-design Wed, 08 Feb 2023 03:43:12 +0000 2023-02-08T03:43:12+00:00 UX Personas Without User Research: The Harsh Reality https://www.designernews.co/stories/129177-ux-personas-without-user-research-the-harsh-reality https://makeiterate.com/ux-personas-without-user-research-the-harsh-reality/ https://www.designernews.co/stories/129177-ux-personas-without-user-research-the-harsh-reality Wed, 08 Feb 2023 03:15:52 +0000 2023-02-08T03:15:52+00:00 DIY 1,500W solar power electric bike https://electrek.co/2022/07/24/diy-solar-power-electric-bike-1500w/ <a href="https://news.ycombinator.com/item?id=34703182">Comments</a> https://news.ycombinator.com/item?id=34703182 Wed, 08 Feb 2023 02:09:43 +0000 2023-02-08T02:09:43+00:00 Revealing the Risqué Art of Pompeii’s House of the Vettii https://www.atlasobscura.com/articles/art-pompeii-house-of-the-vettii <a href="https://news.ycombinator.com/item?id=34701696">Comments</a> https://news.ycombinator.com/item?id=34701696 Tue, 07 Feb 2023 23:45:57 +0000 2023-02-07T23:45:57+00:00 Microsoft announces AI-powered Bing search and Edge browser https://arstechnica.com/?p=1915710 ChatGPT-style AI tech brings more context to search, available today in a limited preview. https://arstechnica.com/?p=1915710 Tue, 07 Feb 2023 20:19:06 +0000 2023-02-07T20:19:06+00:00 Hot keys, scalability, and the Zipf distribution https://brooker.co.za/blog/2023/02/07/hot-keys.html <a href="https://news.ycombinator.com/item?id=34697703">Comments</a> https://news.ycombinator.com/item?id=34697703 Tue, 07 Feb 2023 19:16:20 +0000 2023-02-07T19:16:20+00:00 8 Most Common Problems in Website Design https://www.designernews.co/stories/129176-8-most-common-problems-in-website-design https://www.uxpin.com/studio/blog/what-are-the-most-common-problems-in-website-design/ https://www.designernews.co/stories/129176-8-most-common-problems-in-website-design Tue, 07 Feb 2023 19:06:04 +0000 2023-02-07T19:06:04+00:00 Website Design Ideas for Practicing Design https://www.designernews.co/stories/129175-website-design-ideas-for-practicing-design https://www.uxpin.com/studio/blog/website-design-ideas/ https://www.designernews.co/stories/129175-website-design-ideas-for-practicing-design Tue, 07 Feb 2023 19:05:38 +0000 2023-02-07T19:05:38+00:00 Design System Maintenance — How to Keep Design System Up to Date? https://www.designernews.co/stories/129174-design-system-maintenance--how-to-keep-design-system-up-to-date https://www.uxpin.com/studio/blog/design-system-maintenance/ https://www.designernews.co/stories/129174-design-system-maintenance--how-to-keep-design-system-up-to-date Tue, 07 Feb 2023 19:04:46 +0000 2023-02-07T19:04:46+00:00 Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement https://thehackernews.com/2023/02/encrypted-messaging-app-exclu-used-by.html A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups. Eurojust, in a press statement, said the February 3 exercise resulted in the arrests of 45 individuals across Belgium and the Netherlands, some of whom include users as well as the administrators and owners of the https://thehackernews.com/2023/02/encrypted-messaging-app-exclu-used-by.html Tue, 07 Feb 2023 17:35:00 +0000 2023-02-07T17:35:00+00:00 Google and Mozilla are working on iOS browsers that break current App Store rules https://arstechnica.com/?p=1915588 Currently, all iOS and iPadOS browsers need to use the same engine as Safari. https://arstechnica.com/?p=1915588 Tue, 07 Feb 2023 17:12:39 +0000 2023-02-07T17:12:39+00:00 Best StatusCake Alternatives in 2023 https://www.designernews.co/stories/129170-best-statuscake-alternatives-in-2023 https://designmodo.com/statuscake-alternatives/ https://www.designernews.co/stories/129170-best-statuscake-alternatives-in-2023 Tue, 07 Feb 2023 16:28:05 +0000 2023-02-07T16:28:05+00:00 Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework https://thehackernews.com/2023/02/hackers-exploit-vulnerabilities-in.html Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center (ASEC), which found that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads. "Not https://thehackernews.com/2023/02/hackers-exploit-vulnerabilities-in.html Tue, 07 Feb 2023 12:58:00 +0000 2023-02-07T12:58:00+00:00 Tackling the New Cyber Insurance Requirements: Can Your Organization Comply? https://thehackernews.com/2023/02/tackling-new-cyber-insurance.html With cyberattacks around the world escalating rapidly, insurance companies are ramping up the requirements to qualify for a cyber insurance policy. Ransomware attacks were up 80% last year, prompting underwriters to put in place a number of new provisions designed to prevent ransomware and stem the record number of claims. Among these are a mandate to enforce multi-factor authentication (MFA) https://thehackernews.com/2023/02/tackling-new-cyber-insurance.html Tue, 07 Feb 2023 12:47:00 +0000 2023-02-07T12:47:00+00:00 Designing for Color Blindness in UI Design: Best Practices & Tips https://www.designernews.co/stories/129164-designing-for-color-blindness-in-ui-design-best-practices--tips https://atmos.style/blog/color-blindness-in-ui-design https://www.designernews.co/stories/129164-designing-for-color-blindness-in-ui-design-best-practices--tips Tue, 07 Feb 2023 12:06:17 +0000 2023-02-07T12:06:17+00:00 Baby Tech Mobile App Design https://www.designernews.co/stories/129161-baby-tech-mobile-app-design https://in.pinterest.com/pin/730568370822899100/ https://www.designernews.co/stories/129161-baby-tech-mobile-app-design Tue, 07 Feb 2023 11:08:00 +0000 2023-02-07T11:08:00+00:00 Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm https://thehackernews.com/2023/02/linux-variant-of-clop-ransomware.html The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News. https://thehackernews.com/2023/02/linux-variant-of-clop-ransomware.html Tue, 07 Feb 2023 11:02:00 +0000 2023-02-07T11:02:00+00:00 What is the Conversion Rate Formula? https://www.designernews.co/stories/129159-what-is-the-conversion-rate-formula https://dev.to/alyciakyla/what-is-the-conversion-rate-formula-1np https://www.designernews.co/stories/129159-what-is-the-conversion-rate-formula Tue, 07 Feb 2023 10:35:44 +0000 2023-02-07T10:35:44+00:00 VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree https://thehackernews.com/2023/02/vmware-finds-no-evidence-of-0-day-flaw.html VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware https://thehackernews.com/2023/02/vmware-finds-no-evidence-of-0-day-flaw.html Tue, 07 Feb 2023 10:21:00 +0000 2023-02-07T10:21:00+00:00 Best Webflow Resources To Design Your Website Effortlessly https://www.designernews.co/stories/129158-best-webflow-resources-to-design-your-website-effortlessly https://l.besnik.net/tajul-flowgiri https://www.designernews.co/stories/129158-best-webflow-resources-to-design-your-website-effortlessly Tue, 07 Feb 2023 10:06:17 +0000 2023-02-07T10:06:17+00:00 Newsletter for Designers & Makers. 100% Free. Discover the Latest Industry Trends, News & Resources. https://www.designernews.co/stories/129157-newsletter-for-designers--makers-100-free-discover-the-latest-industry-trends-news--resources https://dailydevlinks.com/ https://www.designernews.co/stories/129157-newsletter-for-designers--makers-100-free-discover-the-latest-industry-trends-news--resources Tue, 07 Feb 2023 09:41:58 +0000 2023-02-07T09:41:58+00:00 I connected Stable Diffusion with my smartphone camera. And here's what I learned. https://www.designernews.co/stories/129150-i-connected-stable-diffusion-with-my-smartphone-camera-and-heres-what-i-learned https://prototypr.io/post/i-connected-stable-diffusion-with-my-smartphone-camera-and-heres-what-i-learned https://www.designernews.co/stories/129150-i-connected-stable-diffusion-with-my-smartphone-camera-and-heres-what-i-learned Tue, 07 Feb 2023 07:34:00 +0000 2023-02-07T07:34:00+00:00 Hackers are mass infecting servers worldwide by exploiting a patched hole https://arstechnica.com/?p=1915481 Servers running unpatched versions of ESXi are sitting ducks for ESXiArgs attacks. https://arstechnica.com/?p=1915481 Mon, 06 Feb 2023 21:32:41 +0000 2023-02-06T21:32:41+00:00 Universal Icon Set – 1,950+ High-Quality Vector Icons https://www.designernews.co/stories/129133-universal-icon-set--1950-highquality-vector-icons https://www.pixsellz.io/universal-icon-set https://www.designernews.co/stories/129133-universal-icon-set--1950-highquality-vector-icons Mon, 06 Feb 2023 17:56:52 +0000 2023-02-06T17:56:52+00:00 Endless Seinfeld episode grinds to a halt after AI comic violates Twitch guidelines https://arstechnica.com/?p=1915257 Unintended transphobic act by AI-powered Jerry Seinfeld clone leads to 14-day ban. https://arstechnica.com/?p=1915257 Mon, 06 Feb 2023 17:10:25 +0000 2023-02-06T17:10:25+00:00 How To Hire A Web Designer That Will Be A Match For Your Project? https://www.designernews.co/stories/129132-how-to-hire-a-web-designer-that-will-be-a-match-for-your-project https://medium.com/@radhika.majithiya/how-to-hire-a-web-developer-that-will-be-a-match-for-your-project-7ec6a594854c https://www.designernews.co/stories/129132-how-to-hire-a-web-designer-that-will-be-a-match-for-your-project Mon, 06 Feb 2023 15:51:18 +0000 2023-02-06T15:51:18+00:00 Ars Archivum: Top cloud backup services worth your money https://arstechnica.com/?p=1867838 We tested five consumer-friendly cloud backup services and found a clear winner. https://arstechnica.com/?p=1867838 Mon, 06 Feb 2023 14:49:54 +0000 2023-02-06T14:49:54+00:00 Big Tech companies use cloud computing arms to pursue alliances with AI groups https://arstechnica.com/?p=1915235 Deals between Big Tech and "generative AI" startups raise competition concerns. https://arstechnica.com/?p=1915235 Mon, 06 Feb 2023 14:25:42 +0000 2023-02-06T14:25:42+00:00 GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry https://thehackernews.com/2023/02/guloader-malware-using-malicious-nsis.html E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. Other countries targeted as part of the campaign include Germany, Saudi Arabia, https://thehackernews.com/2023/02/guloader-malware-using-malicious-nsis.html Mon, 06 Feb 2023 12:36:00 +0000 2023-02-06T12:36:00+00:00 Microsoft: Iranian Nation-State Group Sanctioned by U.S. Behind Charlie Hebdo Hack https://thehackernews.com/2023/02/microsoft-iranian-nation-state-group.html An Iranian nation-state group sanctioned by the U.S. government has been attributed to the hack of the French satirical magazine Charlie Hebdo in early January 2023. Microsoft, which disclosed details of the incident, is tracking the activity cluster under its chemical element-themed moniker NEPTUNIUM, which is an Iran-based company known as Emennet Pasargad. In January 2022, the U.S. Federal https://thehackernews.com/2023/02/microsoft-iranian-nation-state-group.html Mon, 06 Feb 2023 12:09:00 +0000 2023-02-06T12:09:00+00:00 SaaS in the Real World: Who's Responsible to Secure this Data? https://thehackernews.com/2023/02/saas-in-real-world-whos-responsible-to.html When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible for securing their data.  What’s far murkier, however, is where the data responsibility lies on the https://thehackernews.com/2023/02/saas-in-real-world-whos-responsible-to.html Mon, 06 Feb 2023 10:00:00 +0000 2023-02-06T10:00:00+00:00 OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability https://thehackernews.com/2023/02/openssh-releases-patch-for-new-pre-auth.html The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1. "This is not believed to be exploitable, and it occurs in the unprivileged pre-auth https://thehackernews.com/2023/02/openssh-releases-patch-for-new-pre-auth.html Mon, 06 Feb 2023 09:55:00 +0000 2023-02-06T09:55:00+00:00 What is it like to have an extremely high IQ? https://www.designernews.co/stories/129122-what-is-it-like-to-have-an-extremely-high-iq https://realiqtests.com/what-is-it-like-to-have-an-extremely-high-iq https://www.designernews.co/stories/129122-what-is-it-like-to-have-an-extremely-high-iq Mon, 06 Feb 2023 09:11:34 +0000 2023-02-06T09:11:34+00:00 FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection https://thehackernews.com/2023/02/formbook-malware-spreads-via.html An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a https://thehackernews.com/2023/02/formbook-malware-spreads-via.html Mon, 06 Feb 2023 08:11:00 +0000 2023-02-06T08:11:00+00:00 Unveiling The Best Online Animation Software of 2023: Which One Is Right For You? https://www.designernews.co/stories/129118-unveiling-the-best-online-animation-software-of-2023-which-one-is-right-for-you https://en.eagle.cool/blog/post/online-animation-software https://www.designernews.co/stories/129118-unveiling-the-best-online-animation-software-of-2023-which-one-is-right-for-you Mon, 06 Feb 2023 05:29:56 +0000 2023-02-06T05:29:56+00:00 8 Product Design Principles For Better Work And Collaboration https://www.designernews.co/stories/129116-8-product-design-principles-for-better-work-and-collaboration https://makeiterate.com/8-product-design-principles-for-better-work-and-collaboration/ https://www.designernews.co/stories/129116-8-product-design-principles-for-better-work-and-collaboration Mon, 06 Feb 2023 02:04:46 +0000 2023-02-06T02:04:46+00:00 Metalmorphism (metallic UI elements) https://www.designernews.co/stories/129115-metalmorphism-metallic-ui-elements https://www.metalmorphism.com https://www.designernews.co/stories/129115-metalmorphism-metallic-ui-elements Sun, 05 Feb 2023 22:46:01 +0000 2023-02-05T22:46:01+00:00 Why Webflow is Better Than Wordpress? https://www.designernews.co/stories/129111-why-webflow-is-better-than-wordpress https://www.linkedin.com/pulse/why-webflow-better-than-wordpress-saleh-ahmed https://www.designernews.co/stories/129111-why-webflow-is-better-than-wordpress Sun, 05 Feb 2023 07:05:37 +0000 2023-02-05T07:05:37+00:00 PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions https://thehackernews.com/2023/02/pixpirate-new-android-banking-trojan.html A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. "PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS ( https://thehackernews.com/2023/02/pixpirate-new-android-banking-trojan.html Sat, 04 Feb 2023 13:39:00 +0000 2023-02-04T13:39:00+00:00 Top Free Photo & Video Editing Apps for 2023 https://www.designernews.co/stories/129104-top-free-photo--video-editing-apps-for-2023 https://dev.to/stephanreynolds/top-free-photo-video-editing-apps-for-2023-naj https://www.designernews.co/stories/129104-top-free-photo--video-editing-apps-for-2023 Sat, 04 Feb 2023 10:47:39 +0000 2023-02-04T10:47:39+00:00 New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers https://thehackernews.com/2023/02/new-wave-of-ransomware-attacks.html VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on Friday. VMware, in its own alert released at the time, described the issue as an  https://thehackernews.com/2023/02/new-wave-of-ransomware-attacks.html Sat, 04 Feb 2023 05:30:00 +0000 2023-02-04T05:30:00+00:00 Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT https://thehackernews.com/2023/02/warning-hackers-actively-exploiting.html A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is a case of remote code injection that requires access to the administrative console of the application https://thehackernews.com/2023/02/warning-hackers-actively-exploiting.html Sat, 04 Feb 2023 04:41:00 +0000 2023-02-04T04:41:00+00:00 Microsoft alleges attacks on French magazine came from Iranian-backed group https://arstechnica.com/?p=1915010 Leaked personal data of Charlie Hebdo customers puts them at risk from extremists. https://arstechnica.com/?p=1915010 Fri, 03 Feb 2023 21:10:23 +0000 2023-02-03T21:10:23+00:00 The newest feature in the Microsoft Store is more ads https://arstechnica.com/?p=1914756 App store ads on other platforms may offer benefits to devs—but few for users. https://arstechnica.com/?p=1914756 Fri, 03 Feb 2023 16:29:44 +0000 2023-02-03T16:29:44+00:00 Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered https://thehackernews.com/2023/02/is-your-ev-charging-station-safe-new.html Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure. The issues have been identified in version 1.6J of the Open Charge https://thehackernews.com/2023/02/is-your-ev-charging-station-safe-new.html Fri, 03 Feb 2023 15:36:00 +0000 2023-02-03T15:36:00+00:00 Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware https://thehackernews.com/2023/02/post-macro-world-sees-rise-in-microsoft.html In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook. https://thehackernews.com/2023/02/post-macro-world-sees-rise-in-microsoft.html Fri, 03 Feb 2023 15:03:00 +0000 2023-02-03T15:03:00+00:00 Until further notice, think twice before using Google to download software https://arstechnica.com/?p=1914704 Over the past month, Google has been outgunned by malvertisers with new tricks. https://arstechnica.com/?p=1914704 Fri, 03 Feb 2023 13:29:28 +0000 2023-02-03T13:29:28+00:00 Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations https://thehackernews.com/2023/02/iranian-oilrig-hackers-using-new.html The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif https://thehackernews.com/2023/02/iranian-oilrig-hackers-using-new.html Fri, 03 Feb 2023 12:12:00 +0000 2023-02-03T12:12:00+00:00 The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunity https://thehackernews.com/2023/02/the-pivot-how-msps-can-turn-challenge.html Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs). That's the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a huge opportunity to expand their business and win new customers by developing their cybersecurity https://thehackernews.com/2023/02/the-pivot-how-msps-can-turn-challenge.html Fri, 03 Feb 2023 11:37:00 +0000 2023-02-03T11:37:00+00:00 Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability https://thehackernews.com/2023/02/atlassians-jira-software-found.html Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An https://thehackernews.com/2023/02/atlassians-jira-software-found.html Fri, 03 Feb 2023 07:55:00 +0000 2023-02-03T07:55:00+00:00 New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products https://thehackernews.com/2023/02/new-high-severity-vulnerabilities.html F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP https://thehackernews.com/2023/02/new-high-severity-vulnerabilities.html Fri, 03 Feb 2023 07:26:00 +0000 2023-02-03T07:26:00+00:00 CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack https://thehackernews.com/2023/02/cisa-alert-oracle-e-business-suite-and.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2 added two security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product. "Oracle https://thehackernews.com/2023/02/cisa-alert-oracle-e-business-suite-and.html Fri, 03 Feb 2023 05:23:00 +0000 2023-02-03T05:23:00+00:00 New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities https://thehackernews.com/2023/02/new-russian-backed-gamaredons-spyware.html The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track record of  https://thehackernews.com/2023/02/new-russian-backed-gamaredons-spyware.html Thu, 02 Feb 2023 12:43:00 +0000 2023-02-02T12:43:00+00:00 Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down? https://thehackernews.com/2023/02/cybersecurity-budgets-are-going-up-so.html Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it’s no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only become https://thehackernews.com/2023/02/cybersecurity-budgets-are-going-up-so.html Thu, 02 Feb 2023 10:04:00 +0000 2023-02-02T10:04:00+00:00 North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign https://thehackernews.com/2023/02/north-korean-hackers-exploit-unpatched.html A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple in reference to an error message that's used in one of the backdoors. Targets of https://thehackernews.com/2023/02/north-korean-hackers-exploit-unpatched.html Thu, 02 Feb 2023 09:45:00 +0000 2023-02-02T09:45:00+00:00 New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers https://thehackernews.com/2023/02/new-threat-stealthy-headcrab-malware.html At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani  https://thehackernews.com/2023/02/new-threat-stealthy-headcrab-malware.html Thu, 02 Feb 2023 06:47:00 +0000 2023-02-02T06:47:00+00:00 ChatGPT sets record for fastest-growing user base in history, report says https://arstechnica.com/?p=1914265 Intense demand for AI chatbot breaks records and inspires new $20/mo subscription plan. https://arstechnica.com/?p=1914265 Wed, 01 Feb 2023 22:57:52 +0000 2023-02-01T22:57:52+00:00 Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware https://arstechnica.com/?p=1914239 QNAP storage devices are a frequent target of criminal hackers. https://arstechnica.com/?p=1914239 Wed, 01 Feb 2023 21:08:59 +0000 2023-02-01T21:08:59+00:00 Netflix stirs fears by using AI-assisted background art in short anime film https://arstechnica.com/?p=1914185 Netflix cites labor shortage, kicks hornets nest with AI-assisted 3-minute short. https://arstechnica.com/?p=1914185 Wed, 01 Feb 2023 21:00:01 +0000 2023-02-01T21:00:01+00:00 Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility https://thehackernews.com/2023/02/researchers-uncover-new-bugs-in-popular.html Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022. A https://thehackernews.com/2023/02/researchers-uncover-new-bugs-in-popular.html Wed, 01 Feb 2023 19:59:00 +0000 2023-02-01T19:59:00+00:00 New data illustrates time’s effect on hard drive failure rates https://arstechnica.com/?p=1914056 Backblaze examines 230,921 HDDs across 29 models from Seagate, Toshiba, and more. https://arstechnica.com/?p=1914056 Wed, 01 Feb 2023 18:48:03 +0000 2023-02-01T18:48:03+00:00 Paper: Stable Diffusion “memorizes” some images, sparking privacy concerns https://arstechnica.com/?p=1913780 But out of 300,000 high-probability images tested, researchers found a 0.03% memorization rate. https://arstechnica.com/?p=1913780 Wed, 01 Feb 2023 18:37:40 +0000 2023-02-01T18:37:40+00:00 Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry https://thehackernews.com/2023/02/experts-warn-of-ice-breaker.html A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript https://thehackernews.com/2023/02/experts-warn-of-ice-breaker.html Wed, 01 Feb 2023 13:56:00 +0000 2023-02-01T13:56:00+00:00 New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices https://thehackernews.com/2023/02/new-sh1mmer-exploit-for-chromebook.html A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," Google  https://thehackernews.com/2023/02/new-sh1mmer-exploit-for-chromebook.html Wed, 01 Feb 2023 10:46:00 +0000 2023-02-01T10:46:00+00:00 Auditing Kubernetes with Open Source SIEM and XDR https://thehackernews.com/2023/02/auditing-kubernetes-with-open-source.html Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in https://thehackernews.com/2023/02/auditing-kubernetes-with-open-source.html Wed, 01 Feb 2023 10:26:00 +0000 2023-02-01T10:26:00+00:00 Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards https://thehackernews.com/2023/02/prilex-pos-malware-evolves-to-block.html The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its https://thehackernews.com/2023/02/prilex-pos-malware-evolves-to-block.html Wed, 01 Feb 2023 10:25:00 +0000 2023-02-01T10:25:00+00:00 Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts https://thehackernews.com/2023/02/hackers-abused-microsofts-verified.html Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting https://thehackernews.com/2023/02/hackers-abused-microsofts-verified.html Wed, 01 Feb 2023 05:30:00 +0000 2023-02-01T05:30:00+00:00 Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software https://thehackernews.com/2023/02/additional-supply-chain-vulnerabilities.html Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, collectively https://thehackernews.com/2023/02/additional-supply-chain-vulnerabilities.html Wed, 01 Feb 2023 03:14:00 +0000 2023-02-01T03:14:00+00:00 You Don't Know Where Your Secrets Are https://thehackernews.com/2023/01/you-dont-know-where-your-secrets-are.html Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases. It might sound ridiculous at first: keeping secrets is an obvious first thought when https://thehackernews.com/2023/01/you-dont-know-where-your-secrets-are.html Tue, 31 Jan 2023 12:46:00 +0000 2023-01-31T12:46:00+00:00 New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html Tue, 31 Jan 2023 11:08:00 +0000 2023-01-31T11:08:00+00:00 Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years https://thehackernews.com/2023/01/researchers-uncover-packer-that-helped.html A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically https://thehackernews.com/2023/01/researchers-uncover-packer-that-helped.html Tue, 31 Jan 2023 10:39:00 +0000 2023-01-31T10:39:00+00:00 QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates https://thehackernews.com/2023/01/qnap-fixes-critical-vulnerability-in.html Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS hero h5.0.1. "If exploited, this vulnerability allows remote attackers to inject https://thehackernews.com/2023/01/qnap-fixes-critical-vulnerability-in.html Tue, 31 Jan 2023 04:06:00 +0000 2023-01-31T04:06:00+00:00 GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom https://thehackernews.com/2023/01/github-breach-hackers-stole-code.html GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, https://thehackernews.com/2023/01/github-breach-hackers-stole-code.html Tue, 31 Jan 2023 03:37:00 +0000 2023-01-31T03:37:00+00:00 Titan Stealer: A New Golang-Based Information Stealer Malware Emerges https://thehackernews.com/2023/01/titan-stealer-new-golang-based.html A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers https://thehackernews.com/2023/01/titan-stealer-new-golang-based.html Mon, 30 Jan 2023 11:26:00 +0000 2023-01-30T11:26:00+00:00 Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices https://thehackernews.com/2023/01/realtek-vulnerability-under-attack-134.html Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the https://thehackernews.com/2023/01/realtek-vulnerability-under-attack-134.html Mon, 30 Jan 2023 09:30:00 +0000 2023-01-30T09:30:00+00:00 Gootkit Malware Continues to Evolve with New Components and Obfuscations https://thehackernews.com/2023/01/gootkit-malware-continues-to-evolve.html The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is "exclusive to this group." Gootkit, also called Gootloader, is spread through compromised websites that https://thehackernews.com/2023/01/gootkit-malware-continues-to-evolve.html Sun, 29 Jan 2023 05:47:00 +0000 2023-01-29T05:47:00+00:00 Microsoft Urges Customers to Secure On-Premises Exchange Servers https://thehackernews.com/2023/01/microsoft-urges-customers-to-secure-on.html Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange servers are not going to go away," the tech giant's Exchange Team said in a post. "There are too many https://thehackernews.com/2023/01/microsoft-urges-customers-to-secure-on.html Sat, 28 Jan 2023 10:42:00 +0000 2023-01-28T10:42:00+00:00 ISC Releases Security Patches for New BIND DNS Software Vulnerabilities https://thehackernews.com/2023/01/isc-releases-security-patches-for-new.html The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S. Cybersecurity https://thehackernews.com/2023/01/isc-releases-security-patches-for-new.html Sat, 28 Jan 2023 07:55:00 +0000 2023-01-28T07:55:00+00:00 Ukraine Hit with New Golang-based 'SwiftSlicer' Wiper Malware in Latest Cyber Attack https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "Once executed it deletes shadow https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html Sat, 28 Jan 2023 05:49:00 +0000 2023-01-28T05:49:00+00:00 Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Charge https://thehackernews.com/2023/01/eliminating-saas-shadow-it-is-now.html The use of software as a service (SaaS) is experiencing rapid growth and shows no signs of slowing down. Its decentralized and easy-to-use nature is beneficial for increasing employee productivity, but it also poses many security and IT challenges. Keeping track of all the SaaS applications that have been granted access to an organization's data is a difficult task. Understanding the risks that https://thehackernews.com/2023/01/eliminating-saas-shadow-it-is-now.html Fri, 27 Jan 2023 22:30:00 +0000 2023-01-27T22:30:00+00:00