diff --git a/README.md b/README.md index 9b69e98..f8f418b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # [The Hacker News][hn] RSS Widget -With this widget, you can add a news feed from HackNews to any website based on a linux server. +With this widget, you can add a news feed from The Hacker News to any website based on a Linux server. ___ ## Setup diff --git a/src/ef/feed.xml b/src/ef/feed.xml index 42a2a14..6865eb6 100644 --- a/src/ef/feed.xml +++ b/src/ef/feed.xml @@ -1,17 +1,22 @@ -The Hacker Newshttps://thehackernews.com/Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.comennoreply@blogger.com (Swati Khandelwal)Wed, 21 Jul 2021 08:15:27 PDTBlogger http://www.blogger.com8887125http://creativecommons.org/licenses/by/3.0/http://creativecommons.org/licenses/by/3.0/http://creativecommons.org/images/public/somerights20.gifSome Rights ReservedSubscribe with FeedlyMalicious NPM Package Caught Stealing Users' Saved Passwords From Browsershttp://feedproxy.google.com/~r/TheHackersNews/~3/QyJiz3kF9n4/malicious-npm-package-caught-stealing.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 08:14:56 PDTtag:blogger.com,1999:blog-4802841478634147276.post-6358935692994086259A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. -The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/QyJiz3kF9n4" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/malicious-npm-package-caught-stealing.htmlXLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systemshttp://feedproxy.google.com/~r/TheHackersNews/~3/crF48NxsWMo/xloader-windows-infostealer-malware-now.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 03:12:55 PDTtag:blogger.com,1999:blog-4802841478634147276.post-8055459006866530600Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system. -The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/crF48NxsWMo" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/xloader-windows-infostealer-malware-now.htmlSeveral New Critical Flaws Affect CODESYS Industrial Automation Softwarehttp://feedproxy.google.com/~r/TheHackersNews/~3/BnByrOj1RPU/several-new-critical-flaws-affect.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 06:38:58 PDTtag:blogger.com,1999:blog-4802841478634147276.post-49785641586777679Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. +The Hacker Newshttps://thehackernews.com/Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.comennoreply@blogger.com (Swati Khandelwal)Thu, 22 Jul 2021 14:31:32 PDTBlogger http://www.blogger.com8891125http://creativecommons.org/licenses/by/3.0/http://creativecommons.org/licenses/by/3.0/http://creativecommons.org/images/public/somerights20.gifSome Rights ReservedSubscribe with FeedlyAPT Hackers Distributed Android Trojan via Syrian e-Government Portalhttp://feedproxy.google.com/~r/TheHackersNews/~3/gLX9xr2xUiY/apt-hackers-distributed-android-trojan.htmlnoreply@blogger.com (Ravie Lakshmanan)Thu, 22 Jul 2021 05:04:20 PDTtag:blogger.com,1999:blog-4802841478634147276.post-2187502297674416262An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. +"To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/gLX9xr2xUiY" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/apt-hackers-distributed-android-trojan.htmlReduce End-User Password Change Frustrationshttp://feedproxy.google.com/~r/TheHackersNews/~3/rcOYj6ymYvY/reduce-end-user-password-change.htmlnoreply@blogger.com (The Hacker News)Thu, 22 Jul 2021 03:12:39 PDTtag:blogger.com,1999:blog-4802841478634147276.post-1366712893411314386Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.  +This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.  +One of the most common areas where security may cause challenges for<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/rcOYj6ymYvY" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/reduce-end-user-password-change.htmlOracle Warns of Critical Remotely Exploitable Weblogic Server Flawshttp://feedproxy.google.com/~r/TheHackersNews/~3/Zd_2qghHdqs/oracle-warns-of-critical-remotely.htmlnoreply@blogger.com (Ravie Lakshmanan)Thu, 22 Jul 2021 01:21:09 PDTtag:blogger.com,1999:blog-4802841478634147276.post-372322768027249497Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. +Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/Zd_2qghHdqs" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.htmlAnother Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scamhttp://feedproxy.google.com/~r/TheHackersNews/~3/daC7Pxf6UMA/another-hacker-arrested-for-2020.htmlnoreply@blogger.com (Ravie Lakshmanan)Thu, 22 Jul 2021 01:04:25 PDTtag:blogger.com,1999:blog-4802841478634147276.post-7087988135652211406A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. +Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/daC7Pxf6UMA" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/another-hacker-arrested-for-2020.htmlMalicious NPM Package Caught Stealing Users' Saved Passwords From Browsershttp://feedproxy.google.com/~r/TheHackersNews/~3/QyJiz3kF9n4/malicious-npm-package-caught-stealing.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 20:37:37 PDTtag:blogger.com,1999:blog-4802841478634147276.post-6358935692994086259A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. +The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/QyJiz3kF9n4" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/malicious-npm-package-caught-stealing.htmlXLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systemshttp://feedproxy.google.com/~r/TheHackersNews/~3/crF48NxsWMo/xloader-windows-infostealer-malware-now.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 23:25:27 PDTtag:blogger.com,1999:blog-4802841478634147276.post-8055459006866530600A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. +The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/crF48NxsWMo" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/xloader-windows-infostealer-malware-now.htmlSeveral New Critical Flaws Affect CODESYS Industrial Automation Softwarehttp://feedproxy.google.com/~r/TheHackersNews/~3/BnByrOj1RPU/several-new-critical-flaws-affect.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 20:38:04 PDTtag:blogger.com,1999:blog-4802841478634147276.post-49785641586777679Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/BnByrOj1RPU" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/several-new-critical-flaws-affect.html[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teamshttp://feedproxy.google.com/~r/TheHackersNews/~3/SEP7cMf5Bfg/ebook-guide-to-stress-free.htmlnoreply@blogger.com (The Hacker News)Wed, 21 Jul 2021 02:52:09 PDTtag:blogger.com,1999:blog-4802841478634147276.post-990915030546808446Today’s cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can’t prevent these attacks from happening, what can lean security teams look forward to?  -Surprisingly, leaner teams have a much greater chance than<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/SEP7cMf5Bfg" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/ebook-guide-to-stress-free.htmlNew Windows and Linux Flaws Give Attackers Highest System Privilegeshttp://feedproxy.google.com/~r/TheHackersNews/~3/8w-lkhOOs48/new-windows-and-linux-flaws-give.htmlnoreply@blogger.com (Ravie Lakshmanan)Tue, 20 Jul 2021 23:50:33 PDTtag:blogger.com,1999:blog-4802841478634147276.post-252438210938664155Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. -"Starting with Windows 10 build 1809, non-administrative users are granted<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/8w-lkhOOs48" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/new-windows-and-linux-flaws-give.html16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printershttp://feedproxy.google.com/~r/TheHackersNews/~3/0waAACXDS2I/16-year-old-security-bug-affects.htmlnoreply@blogger.com (Ravie Lakshmanan)Tue, 20 Jul 2021 04:47:36 PDTtag:blogger.com,1999:blog-4802841478634147276.post-3367173600992530335Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. +Surprisingly, leaner teams have a much greater chance than<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/SEP7cMf5Bfg" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/ebook-guide-to-stress-free.htmlNew Windows and Linux Flaws Give Attackers Highest System Privilegeshttp://feedproxy.google.com/~r/TheHackersNews/~3/8w-lkhOOs48/new-windows-and-linux-flaws-give.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 20:36:46 PDTtag:blogger.com,1999:blog-4802841478634147276.post-252438210938664155Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. +The vulnerability has been nicknamed "SeriousSAM.""Starting with Windows 10<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/8w-lkhOOs48" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/new-windows-and-linux-flaws-give.html16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printershttp://feedproxy.google.com/~r/TheHackersNews/~3/0waAACXDS2I/16-year-old-security-bug-affects.htmlnoreply@blogger.com (Ravie Lakshmanan)Tue, 20 Jul 2021 04:47:36 PDTtag:blogger.com,1999:blog-4802841478634147276.post-3367173600992530335Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/0waAACXDS2I" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/16-year-old-security-bug-affects.htmlThis New Malware Hides Itself Among Windows Defender Exclusions to Evade Detectionhttp://feedproxy.google.com/~r/TheHackersNews/~3/xoTHw83XeOg/this-new-malware-hides-itself-among.htmlnoreply@blogger.com (Ravie Lakshmanan)Tue, 20 Jul 2021 01:48:34 PDTtag:blogger.com,1999:blog-4802841478634147276.post-6585720508825483044Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign. -"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xoTHw83XeOg" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.htmlUS and Global Allies Accuse China of Massive Microsoft Exchange Attackhttp://feedproxy.google.com/~r/TheHackersNews/~3/zpzmQvEQWao/us-and-global-allies-accuse-china-of.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 00:05:20 PDTtag:blogger.com,1999:blog-4802841478634147276.post-3039196510423054412The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS). +"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xoTHw83XeOg" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.htmlUS and Global Allies Accuse China of Massive Microsoft Exchange Attackhttp://feedproxy.google.com/~r/TheHackersNews/~3/zpzmQvEQWao/us-and-global-allies-accuse-china-of.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 20:41:32 PDTtag:blogger.com,1999:blog-4802841478634147276.post-3039196510423054412The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS). In a statement issued by the White House on Monday, the administration said, "with a high degree of<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/zpzmQvEQWao" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/us-and-global-allies-accuse-china-of.htmlResearchers Warn of Linux Cryptojacking Attackers Operating from Romaniahttp://feedproxy.google.com/~r/TheHackersNews/~3/m2WxVj3ppPY/researchers-warn-of-linux-cryptojacking.htmlnoreply@blogger.com (Ravie Lakshmanan)Mon, 19 Jul 2021 22:49:00 PDTtag:blogger.com,1999:blog-4802841478634147276.post-3600347948500681941A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. -Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/m2WxVj3ppPY" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.htmlTurns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotelyhttp://feedproxy.google.com/~r/TheHackersNews/~3/TBSEy5OiD9k/turns-out-that-low-risk-ios-wi-fi.htmlnoreply@blogger.com (Ravie Lakshmanan)Mon, 19 Jul 2021 20:39:06 PDTtag:blogger.com,1999:blog-4802841478634147276.post-6602950666092926711The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. +Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/m2WxVj3ppPY" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.htmlTurns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotelyhttp://feedproxy.google.com/~r/TheHackersNews/~3/TBSEy5OiD9k/turns-out-that-low-risk-ios-wi-fi.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 20:40:57 PDTtag:blogger.com,1999:blog-4802841478634147276.post-6602950666092926711The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/TBSEy5OiD9k" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.htmlFive Critical Password Security Rules Your Employees Are Ignoringhttp://feedproxy.google.com/~r/TheHackersNews/~3/L013-YRnjLw/five-critical-password-security-rules.htmlnoreply@blogger.com (The Hacker News)Mon, 19 Jul 2021 03:07:53 PDTtag:blogger.com,1999:blog-4802841478634147276.post-7359122813118685651According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password Malpractice Report sought to find out. -In February 2021, Keeper surveyed 1,000 employees in the U.S.<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/L013-YRnjLw" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/five-critical-password-security-rules.htmlResearcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerabilityhttp://feedproxy.google.com/~r/TheHackersNews/~3/zgc63uS7Nu8/researcher-uncover-yet-another.htmlnoreply@blogger.com (Ravie Lakshmanan)Mon, 19 Jul 2021 00:52:37 PDTtag:blogger.com,1999:blog-4802841478634147276.post-1591471731922249246Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. +In February 2021, Keeper surveyed 1,000 employees in the U.S.<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/L013-YRnjLw" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/five-critical-password-security-rules.htmlResearcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerabilityhttp://feedproxy.google.com/~r/TheHackersNews/~3/zgc63uS7Nu8/researcher-uncover-yet-another.htmlnoreply@blogger.com (Ravie Lakshmanan)Wed, 21 Jul 2021 20:40:17 PDTtag:blogger.com,1999:blog-4802841478634147276.post-1591471731922249246Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. "Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/zgc63uS7Nu8" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/researcher-uncover-yet-another.htmlNew Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globallyhttp://feedproxy.google.com/~r/TheHackersNews/~3/WCLNQvg-w9Y/new-leak-reveals-abuse-of-pegasus.htmlnoreply@blogger.com (Ravie Lakshmanan)Mon, 19 Jul 2021 20:39:50 PDTtag:blogger.com,1999:blog-4802841478634147276.post-4509478851833674590A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world. Dubbed the "Pegasus Project," the investigation is a collaboration by more than 80 journalists from a<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/WCLNQvg-w9Y" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.htmlChina's New Law Requires Vendors to Report Zero-Day Bugs to Governmenthttp://feedproxy.google.com/~r/TheHackersNews/~3/hDIiMFjmWqc/chinas-new-law-requires-researchers-to.htmlnoreply@blogger.com (Ravie Lakshmanan)Mon, 19 Jul 2021 12:05:54 PDTtag:blogger.com,1999:blog-4802841478634147276.post-4069844790646132417The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/hDIiMFjmWqc" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.htmlInstagram Launches 'Security Checkup' to Help Users Recover Hacked Accountshttp://feedproxy.google.com/~r/TheHackersNews/~3/SrSMJnd9H34/instagram-launches-security-checkup-to.htmlnoreply@blogger.com (Ravie Lakshmanan)Sun, 18 Jul 2021 22:57:55 PDTtag:blogger.com,1999:blog-4802841478634147276.post-7468023247072638596Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them. @@ -23,8 +28,4 @@ The spyware vendor was also formally identified as the commercial surveillance c The vast majority of security decision-makers acknowledge they need to address the APT<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/KY7v6Zs6YKQ" height="1" width="1" alt=""/>https://thehackernews.com/2019/09/rfp-templates-for-edr-epp.htmlFacebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnelhttp://feedproxy.google.com/~r/TheHackersNews/~3/D71FVAKV1pY/facebook-suspends-accounts-used-by.htmlnoreply@blogger.com (Ravie Lakshmanan)Sun, 18 Jul 2021 22:59:52 PDTtag:blogger.com,1999:blog-4802841478634147276.post-1697022254154608274Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform. The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/D71FVAKV1pY" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/facebook-suspends-accounts-used-by.htmlUpdate Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wildhttp://feedproxy.google.com/~r/TheHackersNews/~3/j6BEv2m0Dn8/update-your-chrome-browser-to-patch-new.htmlnoreply@blogger.com (Ravie Lakshmanan)Thu, 15 Jul 2021 22:08:47 PDTtag:blogger.com,1999:blog-4802841478634147276.post-8842642962985258276Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine (CVE-2021-30563). The search giant credited an anonymous researcher for reporting<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/j6BEv2m0Dn8" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.htmlMicrosoft Warns of New Unpatched Windows Print Spooler Vulnerabilityhttp://feedproxy.google.com/~r/TheHackersNews/~3/KIB6sSY3DOA/microsoft-warns-of-new-unpatched.htmlnoreply@blogger.com (Ravie Lakshmanan)Sat, 17 Jul 2021 04:53:08 PDTtag:blogger.com,1999:blog-4802841478634147276.post-4075963699407058047Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update. -Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/KIB6sSY3DOA" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.htmlChina's Cyberspies Targeting Southeast Asian Government Entitieshttp://feedproxy.google.com/~r/TheHackersNews/~3/ynTYqw0HM1w/chinas-cyberspies-targeting-southeast.htmlnoreply@blogger.com (Ravie Lakshmanan)Thu, 15 Jul 2021 05:57:59 PDTtag:blogger.com,1999:blog-4802841478634147276.post-630618765425204257A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research. -Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as "LuminousMoth," which it connected with medium to high confidence to a<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/ynTYqw0HM1w" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/chinas-cyberspies-targeting-southeast.htmlNew Zero-Trust API Offers Mobile Carrier Authentication to Developershttp://feedproxy.google.com/~r/TheHackersNews/~3/xMQewm8swes/how-to-access-mobile-carrier.htmlnoreply@blogger.com (The Hacker News)Thu, 15 Jul 2021 05:43:10 PDTtag:blogger.com,1999:blog-4802841478634147276.post-6992701658319290526Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators – without the overhead of processing or storing user data.  -Before we show you how it<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xMQewm8swes" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/how-to-access-mobile-carrier.htmlRansomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Applianceshttp://feedproxy.google.com/~r/TheHackersNews/~3/kFBap-h96gQ/ransomware-attacks-targeting-unpatched.htmlnoreply@blogger.com (Ravie Lakshmanan)Thu, 15 Jul 2021 03:21:33 PDTtag:blogger.com,1999:blog-4802841478634147276.post-9141110185783236331Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. -The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/kFBap-h96gQ" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/ransomware-attacks-targeting-unpatched.htmlGoogle Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wildhttp://feedproxy.google.com/~r/TheHackersNews/~3/J51bCpFSyXc/google-details-ios-chrome-ie-zero-day.htmlnoreply@blogger.com (Ravie Lakshmanan)Thu, 15 Jul 2021 05:45:33 PDTtag:blogger.com,1999:blog-4802841478634147276.post-577634265832327354Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. -What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/J51bCpFSyXc" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.htmlnonadult +Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/KIB6sSY3DOA" height="1" width="1" alt=""/>https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.htmlnonadult diff --git a/src/ef/palette.css b/src/ef/palette.css index 444bb1e..db48a35 100644 --- a/src/ef/palette.css +++ b/src/ef/palette.css @@ -7,10 +7,12 @@ --hornet-red: #E3073F; --hornet-black:#050515; + + --hornet-gray:#989098; font-family: Verdana, Geneva, sans-serif; } -.light, body[color-theme="light"]{ +.light, body[color-theme="light"],div[color-theme="dark"]{ --bg: #DDDDFF; --text: var(--hornet-black); --link: var(--hornet-blue); @@ -21,9 +23,9 @@ --font-family: var(--hornet-font); } -.dark, body[color-theme="dark"]{ +.dark, body[color-theme="dark"], div[color-theme="dark"]{ --bg:var(--hornet-black); - --text:white; + --text:var(--hornet-gray); --link: var(--hornet-blue); --clicked-link: purple; --primary:var(--hornet-blue); @@ -41,4 +43,15 @@ --accent: var(--hornet-blue); --warning: red; --font-family: var(--hornet-font); +} + +.hornetfighter-red, body[color-theme="hornetfighter-red"], div[color-theme="hornetfighter-red"]{ + --bg:var(--hornet-red); + --text:var(--hornet-black); + --link: var(--hornet-gray); + --clicked-link: var(--hornet-gray); + --primary:var(--hornet-black); + --accent: var(--hornet-blue); + --warning: var(--hornet-black); + --font-family: var(--hornet-font); } \ No newline at end of file diff --git a/src/ef/xml-download.py b/src/ef/xml-download.py index 089b9d6..1222024 100644 --- a/src/ef/xml-download.py +++ b/src/ef/xml-download.py @@ -57,7 +57,7 @@ def saveToHTML(articles): \n\ \n\ \n\ -\n\ +\n\ \n\
\n\
\n\