Forwarded from The Hacker News
โ ๏ธ Ukraineโs CERT-UA uncovers a malware attack targeting military personnel.
Disguised as the Army+ app, this sophisticated attack:
ยป Exploits Cloudflare Workers and Pages to host fake login pages.
ยป Tricks users into giving up credentials.
ยป Installs OpenSSH and steals cryptographic keys via the TOR network.
๐ก Even legitimate services are becoming a haven for cybercriminals, raising red flags for CISOs and CTOs.
๐ Read the full analysis here: https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html
Disguised as the Army+ app, this sophisticated attack:
ยป Exploits Cloudflare Workers and Pages to host fake login pages.
ยป Tricks users into giving up credentials.
ยป Installs OpenSSH and steals cryptographic keys via the TOR network.
๐ก Even legitimate services are becoming a haven for cybercriminals, raising red flags for CISOs and CTOs.
๐ Read the full analysis here: https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html
Forwarded from The Hacker News
Netflix has been fined โฌ4.75M for violating GDPR by failing to explain how it used customer data like email addresses and payment details between 2018โ2020.
Read more: https://thehackernews.com/2024/12/dutch-dpa-fines-netflix-475-million-for.html
Read more: https://thehackernews.com/2024/12/dutch-dpa-fines-netflix-475-million-for.html
Forwarded from The Hacker News
๐ฅ Critical Alert: CISAโs new directive, BOD 25-01, sets a new benchmark in cloud security for federal agencies.
Why? Misconfigurations and weak controls are opening doors to attackers.
Key Deadlines:
ยป By Feb 2025: Identify all cloud tenants
ยป By Apr 2025: Deploy SCuBA assessment tools
ยป By Jun 2025: Implement mandatory policies
๐ Learn how to protect your communications effectively: https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html
๐ก๏ธ Regularly update security configurations to reduce your attack surface.
Why? Misconfigurations and weak controls are opening doors to attackers.
Key Deadlines:
ยป By Feb 2025: Identify all cloud tenants
ยป By Apr 2025: Deploy SCuBA assessment tools
ยป By Jun 2025: Implement mandatory policies
๐ Learn how to protect your communications effectively: https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html
๐ก๏ธ Regularly update security configurations to reduce your attack surface.
Forwarded from The Hacker News
๐ Fortinet's Wireless LAN Manager (FortiWLM) is vulnerable to a path traversal flaw (CVE-2023-34990) with a 9.6/10 CVSS score.
Why itโs urgent: It allows attackers to...
1๏ธโฃ Access admin accounts using static session IDs.
2๏ธโฃ Execute unauthorized commands by chaining vulnerabilities.
3๏ธโฃ Gain root access to your network in minutes.
๐ ๏ธ Patch now:
Affected versions: 8.5.0 to 8.6.5.
Fixed in 8.6.6โupdate immediately.
Read: https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html
Why itโs urgent: It allows attackers to...
1๏ธโฃ Access admin accounts using static session IDs.
2๏ธโฃ Execute unauthorized commands by chaining vulnerabilities.
3๏ธโฃ Gain root access to your network in minutes.
๐ ๏ธ Patch now:
Affected versions: 8.5.0 to 8.6.5.
Fixed in 8.6.6โupdate immediately.
Read: https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html
Forwarded from The Hacker News
๐จ What if your device unknowingly became a tool for cybercrime? Itโs happening now.
Mirai malware strikes Juniper SSR devices, leveraging default passwords to turn them into DDoS attack machines. Over 90% of breached systems had unaltered factory settings.
๐ Donโt leave the door open. Secure your systems today.
Read the full report: https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html
Mirai malware strikes Juniper SSR devices, leveraging default passwords to turn them into DDoS attack machines. Over 90% of breached systems had unaltered factory settings.
๐ Donโt leave the door open. Secure your systems today.
Read the full report: https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html
Forwarded from The Hacker News
Threat actors are tricking developers with fake npm packages like typescript-eslint lookalikes, amassing thousands of downloads.
Compromised tools = compromised enterprises. One wrong download could breach your entire development cycle.
๐ Your move:
โ Review your dependencies.
โ Learn how these attacks work.
โ Build a resilient security strategy.
๐ Read here: https://thehackernews.com/2024/12/thousands-download-malicious-npm.html
Compromised tools = compromised enterprises. One wrong download could breach your entire development cycle.
๐ Your move:
โ Review your dependencies.
โ Learn how these attacks work.
โ Build a resilient security strategy.
๐ Read here: https://thehackernews.com/2024/12/thousands-download-malicious-npm.html
Forwarded from ๐ฝ๐ผ๐ฝ๐ ๐ข๐๐ฆ | ๐๐ข๐ฆ๐ฆ, ๐๐ถ๐ณ๐ฒ, ๐ ๐ฒ๐บ๐ฒ๐ (รmer)
TLPUI
The Python scripts in this project generate a GTK-UI to change TLP configuration files easily. It has the aim to protect users from setting bad configuration and to deliver a basic overview of all the valid configuration values.
๐ Links:
- Installation
- Screenshots
- Source code
Developer: d4nj1
๐ท๏ธ Tags: #Linux #Optimization
The Python scripts in this project generate a GTK-UI to change TLP configuration files easily. It has the aim to protect users from setting bad configuration and to deliver a basic overview of all the valid configuration values.
๐ Links:
- Installation
- Screenshots
- Source code
Developer: d4nj1
๐ท๏ธ Tags: #Linux #Optimization
Forwarded from ๐ฝ๐ผ๐ฝ๐ ๐ข๐๐ฆ | ๐๐ข๐ฆ๐ฆ, ๐๐ถ๐ณ๐ฒ, ๐ ๐ฒ๐บ๐ฒ๐ (๏ผบ๏ผง๏ผ๏ผ๏ผ ใ)
Viper4Windows
Unofficial version of Viper4Android, made for Windows.
๐Links
- Download
- Screenshots
- Set up presets
- Source code
Developer: Abdullah Al Masud
๐ท Tags: #Windows #Utilities
Unofficial version of Viper4Android, made for Windows.
๐Links
- Download
- Screenshots
- Set up presets
- Source code
Developer: Abdullah Al Masud
๐ท Tags: #Windows #Utilities
Forwarded from It's FOSS
Get ready for 2025! ๐ 6 Linux distros to keep an eye on!
https://news.itsfoss.com/linux-distros-2025/
https://news.itsfoss.com/linux-distros-2025/
It's FOSS News
6 Linux Distros to Watch Out for in 2025
Some great Linux distributions are expected to be released in 2025. Here's what you should keep an eye out for.
Forwarded from It's FOSS
Want to feel like a hacker? ๐ Check out these 7 awesome Linux tools! ๐ป๐ง
https://www.youtube.com/watch?v=F5qjZlfIJs4
https://www.youtube.com/watch?v=F5qjZlfIJs4
YouTube
Feel Like a Hacker! 7 Cool Linux Terminal Tools
Ever wanted to feel like a hacker straight out of a Hollywood blockbuster? ๐ป
In this video, we dive into 7 awesome Linux tools that let you simulate the hacking experience without any real-world consequences.
Perfect for presentations, fun coding sessionsโฆ
In this video, we dive into 7 awesome Linux tools that let you simulate the hacking experience without any real-world consequences.
Perfect for presentations, fun coding sessionsโฆ
Forwarded from Hacker News
purplesyringa's blog
The RAM myth
The RAM myth is a belief that modern computer memory resembles perfect random-access memory. Cache is seen as an optimization for small data: if it fits in L2, itโs going to be processed faster; if it doesnโt, thereโs nothing we can do.
Most likely, you believeโฆ
Most likely, you believeโฆ
Forwarded from Hacker News
GitHub
GitHub - garyexplains/piccolo_os_v1: Piccolo OS is a small multitasking OS for the Raspberry Pi Pico. It is designed primarilyโฆ
Piccolo OS is a small multitasking OS for the Raspberry Pi Pico. It is designed primarily as a teaching tool. It demonstrates the fundamentals of a co-operative multitasking OS and the Arm Cortex-M...
Forwarded from Hacker News
Greptime
Error Handling for Large Rust Projects - Best Practice in GreptimeDB
How to handle and report errors effectively in Rust applications is a common question. This blog shares our experience organizing variant types of Error in a complex system like GreptimeDB, from how an error is defined to how to log the error or present itโฆ
Forwarded from Mishaal's Android News Feed
The folks behind the popular Niagara Launcher are rolling out a major update today, bringing a useful digital wellbeing feature as well as the ability to backup your settings!
The new digital wellbeing feature is called Usage Breaker and it's designed to give you gentle nudges that tell you you may be using an app for too long. It's not as restrictive as setting an app limit which is good because app limits can get in your way and some even override them as a result. You select the apps you think you spend too much time in, and Niagara will send a reminder about the duration of your current app session.
Usage Breaker is available in Niagara Pro. The devs realize it's very similar to the screen time reminder feature that Google recently rolled out, but hey, what can you do: great minds think alike. (They were obviously working on this separately.)
The other major new feature is backup support. This lets you reliably transfer your setup of Niagara from one device to another. It's available for both Free and Pro users under the Advanced menu in Niagara Settings. The feature is in preview right now so the devs warn everything may not transfer yet. Also it's not designed to transfer your home screen setup.
Lastly, the team has some big personal news: working on Niagara Launcher is now their full time job! They've opened up a proper office in Germany and did the paperwork to turn the project into a proper company. Going full-time has allowed them to work on long requested features like backup support as well as fix many bugs.
To make this sustainable, the Niagara devs will be raising the price of Pro, but only for new subscribers starting in February 2025. Lifetime purchases are unaffected.
Congrats to the team on this big launch!
The new digital wellbeing feature is called Usage Breaker and it's designed to give you gentle nudges that tell you you may be using an app for too long. It's not as restrictive as setting an app limit which is good because app limits can get in your way and some even override them as a result. You select the apps you think you spend too much time in, and Niagara will send a reminder about the duration of your current app session.
Usage Breaker is available in Niagara Pro. The devs realize it's very similar to the screen time reminder feature that Google recently rolled out, but hey, what can you do: great minds think alike. (They were obviously working on this separately.)
The other major new feature is backup support. This lets you reliably transfer your setup of Niagara from one device to another. It's available for both Free and Pro users under the Advanced menu in Niagara Settings. The feature is in preview right now so the devs warn everything may not transfer yet. Also it's not designed to transfer your home screen setup.
Lastly, the team has some big personal news: working on Niagara Launcher is now their full time job! They've opened up a proper office in Germany and did the paperwork to turn the project into a proper company. Going full-time has allowed them to work on long requested features like backup support as well as fix many bugs.
To make this sustainable, the Niagara devs will be raising the price of Pro, but only for new subscribers starting in February 2025. Lifetime purchases are unaffected.
Congrats to the team on this big launch!