Bug in std:shared_mutex on Windows
Bug in std:shared_mutex on Windows Go to Source Article URL: https://old.reddit.com/r/cpp/comments/1b55686/maybe_possible_bug_in_stdshared_mutex_on_windows/ Comments URL: https://news.ycombinator.com/item?id=39581664 Points: 18 #...
Bug in reader/writer locks in Windows API
Bug in reader/writer locks in Windows API Go to Source Article URL: https://old.reddit.com/r/cpp/comments/1b55686/maybe_possible_bug_in_stdshared_mutex_on_windows/ Comments URL: https://news.ycombinator.com/item?id=39581664 Points:...
Mr. Green Gaming – 27,176 breached accounts
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Ask HN: What laptop are you using to daily drive Linux?
I am an idiot, and bought a Dell XPS 15 with an Nvidia graphics card, and getting the graphics card to work without excessive patching is not worth it to me. I'd rather just get an AMD laptop instead for daily driving Linux.What laptop are you using for Linux?...
Lazarus Group observed exploiting an admin-to-kernel Windows zero-day
Lazarus Group observed exploiting an admin-to-kernel Windows zero-day Go to Source Article URL: https://www.scmagazine.com/news/lazarus-group-observed-exploiting-an-admin-to-kernel-windows-zero-day Comments URL:...
I accidentally made my link shortener into a malware honeypot
Article URL: https://app.y.gy/blog/honeypot Comments URL: https://news.ycombinator.com/item?id=39564678 Points: 17 # Comments: 4
This Week in Security: Forksquatting, RustDesk, and M&Ms
Github is struggling to keep up with a malware campaign that’s a new twist on typosquatting. The play is straightforward: Clone popular repositories, add malware, and advertise the forks as the original. Some developers mistake the forks for the real projects, and...
CISA Warns of Windows Streaming Service Vulnerability Exploitation
CISA Warns of Windows Streaming Service Vulnerability Exploitation Go to Source CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild. The post CISA Warns of...
ThinkPad X1 Carbon Turned USB Device Through Relentless Digging
In what’s perhaps one of the most impressive laptop reverse engineering posts in recent memory, [Andrey Konovalov] brings us an incredibly detailed story of how he’s discovered and successfully enabled a USB device controller in a ThinkPad X1 Carbon equipped with a...
New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems,"...
MWC Barcelona 2024 news roundup: Telecom, AI, security and more
MWC Barcelona 2024 comes to a close today. Here’s a look at some of the announcements that the event brought to light, from industry leaders like Cisco, Google, Intel and others, spanning artificial intelligence, telecom, security and sustainability. Telecom Cisco has...
GitHub struggles to keep up with automated malicious forks
Cloned then compromised, bad repos are forked faster than they can be removed A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at...
Here Are the Google and Microsoft Security Updates You Need Right Now
Here Are the Google and Microsoft Security Updates You Need Right Now Go to Source Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from February.
Ransomware gangs are paying attention to infostealers, so why aren’t you?
Analysts warn of big leap in cred-harvesting malware activity last year There appears to be an uptick in interest among cybercriminals in infostealers – malware designed to swipe online account passwords, financial info, and other sensitive data from infected PCs – as...
X enables live video broadcasts in Spacesye
X's audio chat rooms called Spaces can now broadcast live video, but only for those hosting the session. As The Verge reports, a Dogecoin designer posted an official walkthrough of the feature on the platform formerly known as Twitter. Hosts will now be able to choose...
Cisco Patches High-Severity Vulnerabilities in Data Center OS
Cisco’s semiannual FXOS and NX-OS security advisory bundle resolves two high- and two medium-severity vulnerabilities. The post Cisco Patches High-Severity Vulnerabilities in Data Center OS appeared first on SecurityWeek.
GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks
Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for...
Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack
Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack Go to Source North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. The post...
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib,...
More news organizations sue OpenAI and Microsoft over copyright infringement
More news organizations sue OpenAI and Microsoft over copyright infringement Go to Source Legal claims are starting to pile up against Microsoft and OpenAI, as three more news sites have sued the firms over copyright infringement, The...
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new...
Chinese PC-maker Acemagic customized its own machines to get infected with malware
Tried to speed boot times, maybe by messing with 'Windows source code', ended up building a viral on-ramp Chinese PC maker Acemagic has admitted some of its products shipped with pre-installed malware.…
Cutout.Pro – 19,972,829 breached accounts
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum...
Show HN: CriticalPath – Advanced Profiler for Android
I am excited to announce the project I am working on: an advanced mobile app profiler for Android. Its primary purpose is to optimize app performance and make it faster. Additionally, it serves as an excellent debugging tool.The main distinction between existing...
Chinese Cyberspies Use New Malware in Ivanti VPN Attacks
Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades. The post Chinese Cyberspies Use New Malware in Ivanti VPN Attacks appeared first on SecurityWeek.
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the "threat...
Tangerine – 243,462 breached accounts
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine...
Coffee Briefing Feb. 27 – Apple introduces post quantum cryptography in iMessage; Seneca Polytechnic and Microsoft partner; New CRTC vice chairperson; and more
Coffee Briefing Feb. 27 – Apple introduces post quantum cryptography in iMessage; Seneca Polytechnic and Microsoft partner; New CRTC vice chairperson; and more Go to Source Coffee Briefings are timely deliveries of the latest ITWC...
Microsoft’s February Windows 11 security update unravels at 96% for some users
Microsoft's February Windows 11 security update unravels at 96% for some users Go to Source Was your Patch Tuesday followed by a Rollback Wednesday? You're not alone Microsoft says that February 13's security update for Windows 11...
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT
Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the...