Ask HN: What Is the Hype with Docker?
I have used Docker more than almost any other tool, and I have genuinely given it a fair shot. After all of that, I still don't understand the appeal.Docker nearly seems to be an industry standard by now. Some people treat it like an obvious choice, but it's not so...
Payment terminal malware steals $3.3m worth of credit card numbers – so far
With shops leaving VNC and RDP open, quelle surprise Cybercriminals have used two strains of point-of-sale (POS) malware to steal the details of more than 167,000 credit cards from payment terminals. If sold on underground forums, the haul could net the thieves...
Cyber Security Today, Oct. 21, 2022 – Microsoft storage misconfiguation, data tracker leads to another data breach, and more
Cyber Security Today, Oct. 21, 2022 – Microsoft storage misconfiguation, data tracker leads to another data breach, and more Go to Source Microsoft admits a storage misconfiguation, data tracker leads to a data breach at a second US...
Microsoft’s Windows Dev Kit 2023 lets developers tap AI processors on laptops
Microsoft’s Windows Dev Kit 2023 lets developers tap AI processors on laptops Go to Source At its Build conference in May, Microsoft debuted Project Volterra, a device powered by Qualcomm’s Snapdragon platform designed to let...
Adobe Illustrator Vulnerabilities Rated Critical, But Exploitation Not Easy
Updates released by Adobe last week for its Illustrator product patch two vulnerabilities that could lead to arbitrary code execution, but the researcher who found them says exploitation is not easy. read more
SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan
SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk. "The newly discovered WarHawk...
Doomworld – 34,478 breached accounts
In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.
E-Pal – 108,887 breached accounts
In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a...
Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware
The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an...
Battery-draining Android apps with 20 million downloads pulled from the Google Play Store
Cybersecurity researchers at McAfee identity apps which infect users with malware for adware fraud - users are urged to uninstall them as soon as possible.
This Week in Security: Linux WiFi, Fortinet, Text4Shell, and Predictable GUIDs
Up first this week is a quintet of vulnerabilities in the Linux kernel’s wireless code. It started with [Soenke Huster] from TU Darmstadt, who found a buffer overwrite in mac80211 code. The private disclosure to SUSE kernel engineers led to a security once-over of...
Microsoft Finally Unlocks Tabbed Explorer Windows, Other New Features for Windows 11
Microsoft Finally Unlocks Tabbed Explorer Windows, Other New Features for Windows 11 Go to Source You might have noticed a few things were missing in the recent Windows 11 2022 Update, previously known as 22H2. Microsoft held back a...
Your Microsoft Exchange Server Is a Security Liability
Your Microsoft Exchange Server Is a Security Liability Go to Source Endless vulnerabilities. Massive hacking campaigns. Slow and technically tough patching. It's time to say goodbye to on-premise Exchange.
CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a Linux kernel flaw to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address it within three weeks. read more
Good news, URSNIF no longer a banking trojan. Bad news, it’s now a backdoor
And one designed to slip ransomware and data-stealing code onto infected machines URSNIF, the malware also known as Gozi that attempts to steal online banking credentials from victims' Windows PCs, is evolving to support extortionware.…
This old malware has been rebuilt with new features to use in ransomware attacks
A 'significant shift' by malware which has existed for over 15 years demonstrates the changing threat landscape, warn cybersecurity researchers.
Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens
The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app...
These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times
As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit...
Android 13 Go Edition brings the Material You look to entry-level phones
Google's Material You design language has been available since Android 12, but you wouldn't know it if you bought an entry Go Edition phone stuck with the old look. Thankfully, Google is finally bringing that aesthetic to lower-cost handset. The newly announced...
Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters
Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters Go to Source Microsoft recently patched a vulnerability that can allow an attacker to gain full administrator permissions on Azure Service Fabric...
Tear in Microsoft Azure Service Fabric can give attackers full admin privileges
Tear in Microsoft Azure Service Fabric can give attackers full admin privileges Go to Source Orca Security disclosed the bug, and older versions remain vulnerable A proof-of-concept exploit has been published detailing a spoofing...
Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware
An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions...
Tell HN: I asked Signal motivations for SMS removal
Here is their answer:Hi,Thank you for your thoughts on the announced SMS removal. The blog post describes all of the biggest factors in making this decision, but I know this is a change that is difficult to adjust to, so I wanted to chime in with some additional info...
CVE-2017-8529 (edge, internet_explorer)
CVE-2017-8529 (edge, internet_explorer) Go to Source Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files...
The Open 3D Engine adds improved terrain creation and collaboration tools
The Open 3D Engine adds improved terrain creation and collaboration tools Go to Source For a long time, the world of 3D engines — especially for game developers — was all about Unity and Epic’s Unreal Engine. Then, when Amazon started...
Adobe makes selecting and deleting objects and people in Photoshop and Lightroom a lot easier
Photoshop and Lightroom are incredibly powerful tools for manipulating images, but since the beginning of time, the most frustrating part of working with these tools has been selecting specific objects to cut them out of an image, move them elsewhere, etc. Over the...
Chinese ‘Spyder Loader’ Malware Spotted Targeting Organizations in Hong Kong
The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is...
Imagine surviving a wiper attack only for ransomware to scramble your restored files
Then again, imagine being invaded by Russia Organizations hit earlier by the HermeticWiper malware have reportedly been menaced by ransomware unleashed this month against transportation and logistics industries in Ukraine and Poland.…
Zimbra Patches Under-Attack Code Execution Bug
Messaging and collaboration software maker Zimbra has rushed out patches to provide cover for a code execution flaw that has already been exploited to plant malware on target machines. read more
Linux dodges serious Wi-Fi security exploits
What appeared to be one simple Linux Wi-Fi networking security problem was soon revealed to be five different nasty Wi-Fi security problems. Fortunately, the patches are on their way.