Initial commit

This commit is contained in:
hornetfighter515 2021-07-22 21:21:09 -04:00
commit 6d1af3476a
14 changed files with 832 additions and 0 deletions

42
README.md Normal file
View File

@ -0,0 +1,42 @@
# [The Hacker News][hn] RSS Widget
With this widget, you can add a news feed from HackNews to any website based on a linux server.
___
## Setup
1. Drag the [`src/ef/`](src/ef/) folder into the same folder as the webpage on the target machine. The folder with your webpage will be represented by `/path_to_webpage/`.
2. Add a [`cron`][cron] job to run it once per hour. The easiest way to do this is to run this command:
```
crontab -e
```
and then add the following lines to your [`crontab`][cron]:
```
0 * * * * cd /path_to_webpage/ef/ && python3 xml-download.py
```
3. Copy the code in [`hack-news-widget.html`](src/hack-news-widget.html) to where you want your news widget on your webpage.
___
## How it works
The [`xml-download.py`](src/ef/xml-download.py) file downloads the RSS feed from the provided endpoint. Theoretically this hardcoded endpoint, but this is specifically designed for [Hacker News][hn]. The reason this isn't just placed in the webpage code is to prevent CORS errors and vulnerabilities.
The Python 3.8 code downloads the RSS feed into the [`src/ef/feed.xml`](src/ef/feed.xml) file. It then takes that feed and translates it into a pretty HTML template. The template includes references to the following files:
* [`news_scroll.js`](src/ef/news_scroll.js), which controls the scrolling animation.
* [`news_scroll.css`][nsc], which has a reference to the fancy terminal-based color scheme in [`palette.css`][pc], as well as styling to control the size of the entire widget.
___
## UX Configuration
The best place to look for customizing this template to your liking is in [`news_scroll.css`][nsc]. Width, text decoration, and font sizes can be adjust from there. If fonts or colors are what you're looking to adjust, check the `terminal` theme in [`palette.css`][pc].
___
## Samples
* [Sample Configuration on template for my website](src/sample_1.html)
* [Minimum viable configuration](src/sample_2.html)
___
## Dependencies
* [`cron`][cron]
* [`requests`](https://pypi.org/project/requests/)
___
NOTICE: Heavily modified from the [Allwebco Design Corporation IFrame news scroller](/IFrame-ScrollingNews-HTML5/help-ScrollingNews.html)
[hn]: (https://thehackernews.com/)
[nsc]:(src/ef/news_scroll.css)
[pc]:(src/ef/palette.css)
[cron]:(https://wiki.debian.org/cron)

30
src/ef/feed.xml Normal file
View File

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" media="screen" href="/~d/styles/rss2full.xsl"?><?xml-stylesheet type="text/css" media="screen" href="http://feeds.feedburner.com/~d/styles/itemcontent.css"?><rss xmlns:media="http://search.yahoo.com/mrss/" xmlns:creativeCommons="http://backend.userland.com/creativeCommonsRssModule" xmlns:feedburner="http://rssnamespace.org/feedburner/ext/1.0" version="2.0"><channel><title>The Hacker News</title><link>https://thehackernews.com/</link><atom10:link xmlns:atom10="http://www.w3.org/2005/Atom" rel="self" type="application/rss+xml" href="http://feeds.feedburner.com/TheHackersNews" /><description>Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com</description><language>en</language><managingEditor>noreply@blogger.com (Swati Khandelwal)</managingEditor><lastBuildDate>Wed, 21 Jul 2021 08:15:27 PDT</lastBuildDate><generator>Blogger http://www.blogger.com</generator><openSearch:totalResults xmlns:openSearch="http://a9.com/-/spec/opensearchrss/1.0/">8887</openSearch:totalResults><openSearch:startIndex xmlns:openSearch="http://a9.com/-/spec/opensearchrss/1.0/">1</openSearch:startIndex><openSearch:itemsPerPage xmlns:openSearch="http://a9.com/-/spec/opensearchrss/1.0/">25</openSearch:itemsPerPage><feedburner:info uri="thehackersnews" /><atom10:link xmlns:atom10="http://www.w3.org/2005/Atom" rel="hub" href="http://pubsubhubbub.appspot.com/" /><creativeCommons:license>http://creativecommons.org/licenses/by/3.0/</creativeCommons:license><image><link>http://creativecommons.org/licenses/by/3.0/</link><url>http://creativecommons.org/images/public/somerights20.gif</url><title>Some Rights Reserved</title></image><feedburner:feedFlare href="http://feedly.com/#subscription/feed/http://feeds.feedburner.com/TheHackersNews" src="http://s3.feedly.com/feedburner/feedly.png">Subscribe with Feedly</feedburner:feedFlare><item><title>Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/QyJiz3kF9n4/malicious-npm-package-caught-stealing.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Wed, 21 Jul 2021 08:14:56 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-6358935692994086259</guid><description>A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser.
The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/QyJiz3kF9n4" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-XtxZNUPs1TA/YPggF3kotiI/AAAAAAAADSk/NYtMp4xubHcuEf1sgS4JKdr19AMml6zKgCLcBGAsYHQ/s72-c-e100/npm.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/malicious-npm-package-caught-stealing.html</feedburner:origLink></item><item><title>XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/crF48NxsWMo/xloader-windows-infostealer-malware-now.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Wed, 21 Jul 2021 03:12:55 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-8055459006866530600</guid><description>Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system.
The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/crF48NxsWMo" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-fAdqnAOI3p4/YPfyT547WlI/AAAAAAAADSU/RH7aUb9QS_syAnHRburNKPfvLv9WswcYwCLcBGAsYHQ/s72-c-e100/macos-malware.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/xloader-windows-infostealer-malware-now.html</feedburner:origLink></item><item><title>Several New Critical Flaws Affect CODESYS Industrial Automation Software</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/BnByrOj1RPU/several-new-critical-flaws-affect.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Wed, 21 Jul 2021 06:38:58 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-49785641586777679</guid><description>Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure.
The flaws can be turned "into innovative attacks that could put threat actors in position to remotely&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/BnByrOj1RPU" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-ZB8lucGCHdQ/YPfqfoWigDI/AAAAAAAADSE/Wf7xUXveLBwvE7KnCXPjkk0Yn6eGGlK-QCLcBGAsYHQ/s72-c-e100/CODESYS.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/several-new-critical-flaws-affect.html</feedburner:origLink></item><item><title>[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/SEP7cMf5Bfg/ebook-guide-to-stress-free.html</link><author>noreply@blogger.com (The Hacker News)</author><pubDate>Wed, 21 Jul 2021 02:52:09 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-990915030546808446</guid><description>Todays cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams cant prevent these attacks from happening, what can lean security teams look forward to? 
Surprisingly, leaner teams have a much greater chance than&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/SEP7cMf5Bfg" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-VwmYHHW6_gE/YPft_2AoJtI/AAAAAAAABJI/jFWIXSjPBTI_FKyAVOqugXj8EBAPTgcfQCLcBGAsYHQ/s72-c-e100/cynet.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/ebook-guide-to-stress-free.html</feedburner:origLink></item><item><title>New Windows and Linux Flaws Give Attackers Highest System Privileges</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/8w-lkhOOs48/new-windows-and-linux-flaws-give.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Tue, 20 Jul 2021 23:50:33 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-252438210938664155</guid><description>Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.
"Starting with Windows 10 build 1809, non-administrative users are granted&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/8w-lkhOOs48" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-KWMyudCGllM/YPe_4G7D-JI/AAAAAAAADRc/c15FBZB4zo8eKdZwApdLeq6oXzYkulE9QCLcBGAsYHQ/s72-c-e100/windows-linux-hacking.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/new-windows-and-linux-flaws-give.html</feedburner:origLink></item><item><title>16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/0waAACXDS2I/16-year-old-security-bug-affects.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Tue, 20 Jul 2021 04:47:36 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-3367173600992530335</guid><description>Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005.
Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/0waAACXDS2I" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-cb_n4qO9cZQ/YPaz0pXc67I/AAAAAAAADRA/l3t26KSzbW4k3vNWF8AYW5Nz_rNVLtnAwCLcBGAsYHQ/s72-c-e100/printer.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html</feedburner:origLink></item><item><title>This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/xoTHw83XeOg/this-new-malware-hides-itself-among.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Tue, 20 Jul 2021 01:48:34 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-6585720508825483044</guid><description>Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.
"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xoTHw83XeOg" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-CserOCH1Vpo/YPaLv8EwTYI/AAAAAAAADQs/MaL4LT73ifc3OjY39M5G9u-BiCQahAVzwCLcBGAsYHQ/s72-c-e100/windows-computer-malware.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.html</feedburner:origLink></item><item><title>US and Global Allies Accuse China of Massive Microsoft Exchange Attack</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/zpzmQvEQWao/us-and-global-allies-accuse-china-of.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Wed, 21 Jul 2021 00:05:20 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-3039196510423054412</guid><description>The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS).
In a statement issued by the White House on Monday, the administration said, "with a high degree of&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/zpzmQvEQWao" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-NHcGYIFQcwU/YPZyM4MDWyI/AAAAAAAADQU/MSAKlGHlje0QnZdziqaGW2AXuNEJHmuJACLcBGAsYHQ/s72-c-e100/fbi-wanted-chinese-hackers.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/us-and-global-allies-accuse-china-of.html</feedburner:origLink></item><item><title>Researchers Warn of Linux Cryptojacking Attackers Operating from Romania</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/m2WxVj3ppPY/researchers-warn-of-linux-cryptojacking.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Mon, 19 Jul 2021 22:49:00 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-3600347948500681941</guid><description>A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang.
Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/m2WxVj3ppPY" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-kygoky3QER0/YPV42v2rBoI/AAAAAAAADP0/m0uD_z_dK5ox4WlFMjygdWsvnaZoWrrtQCLcBGAsYHQ/s72-c-e100/linux-cryptocurrency-malware.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.html</feedburner:origLink></item><item><title>Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/TBSEy5OiD9k/turns-out-that-low-risk-ios-wi-fi.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Mon, 19 Jul 2021 20:39:06 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-6602950666092926711</guid><description>The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.
The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/TBSEy5OiD9k" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-97et0GSc1qo/YPVQ6QCxoHI/AAAAAAAADPk/jGA_GjXihjUni73sa2Wsm0P78t7jAcuSQCLcBGAsYHQ/s72-c-e100/wifi-hacking.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.html</feedburner:origLink></item><item><title>Five Critical Password Security Rules Your Employees Are Ignoring</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/L013-YRnjLw/five-critical-password-security-rules.html</link><author>noreply@blogger.com (The Hacker News)</author><pubDate>Mon, 19 Jul 2021 03:07:53 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-7359122813118685651</guid><description>According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security.
Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password Malpractice Report sought to find out.
In February 2021, Keeper surveyed 1,000 employees in the U.S.&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/L013-YRnjLw" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-07O649m7bZU/YPGy1slYgMI/AAAAAAAABJA/x30NYvoBqsYsUlsLBijjFINBngxN2TJYQCLcBGAsYHQ/s72-c-e100/Password-Security.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/five-critical-password-security-rules.html</feedburner:origLink></item><item><title>Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/zgc63uS7Nu8/researcher-uncover-yet-another.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Mon, 19 Jul 2021 00:52:37 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-1591471731922249246</guid><description>Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks.
"Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/zgc63uS7Nu8" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-bi5ZcqZAriI/YPUgr-nwSjI/AAAAAAAADPc/Vyz_FgNnVwEF-E_EP0oMclWiGQCCSplZACLcBGAsYHQ/s72-c-e100/Windows-Printer-Spooler-Vulnerability.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/researcher-uncover-yet-another.html</feedburner:origLink></item><item><title>New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/WCLNQvg-w9Y/new-leak-reveals-abuse-of-pegasus.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Mon, 19 Jul 2021 20:39:50 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-4509478851833674590</guid><description>A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world.
Dubbed the "Pegasus Project," the investigation is a collaboration by more than 80 journalists from a&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/WCLNQvg-w9Y" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-SicLJqO0iaQ/YPUZguxfkvI/AAAAAAAADPU/Q-V1U5PbYI4nFN2Z446nZIJ9YjxIdDiewCLcBGAsYHQ/s72-c-e100/NSO-Pegasus-Spyware.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.html</feedburner:origLink></item><item><title>China's New Law Requires Vendors to Report Zero-Day Bugs to Government</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/hDIiMFjmWqc/chinas-new-law-requires-researchers-to.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Mon, 19 Jul 2021 12:05:54 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-4069844790646132417</guid><description>The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report.
The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/hDIiMFjmWqc" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-6n701cU_Bb4/YPLcBpQDzMI/AAAAAAAADPA/UmZ43arFmHoYMEdB_NfyTJpEUtoYVKG9QCLcBGAsYHQ/s72-c-e100/china-vulnerability-disclosure-program.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html</feedburner:origLink></item><item><title>Instagram Launches 'Security Checkup' to Help Users Recover Hacked Accounts</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/SrSMJnd9H34/instagram-launches-security-checkup-to.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Sun, 18 Jul 2021 22:57:55 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-7468023247072638596</guid><description>Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them.
In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as phone numbers or&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/SrSMJnd9H34" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-cWpCESnnSpo/YPLNKiu_6KI/AAAAAAAADO4/TYYwkq7rsmgdCARa3hNnS1WEHHtEjgS3wCLcBGAsYHQ/s72-c-e100/Instagram-Data-Breach.png" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/instagram-launches-security-checkup-to.html</feedburner:origLink></item><item><title>CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/iLNhjM9jFOM/cloudflare-cdnjs-bug-could-have-led-to.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Sun, 18 Jul 2021 22:58:25 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-599524960078952216</guid><description>Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet.
CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.
The weakness&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/iLNhjM9jFOM" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-ZyTrXeh5X-0/YPLIW2IGY6I/AAAAAAAADOQ/X7FVe-LMdA8mrnS6BHAH61yZYfYWrWAsQCLcBGAsYHQ/s72-c-e100/cdnjs-cloudflare.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/cloudflare-cdnjs-bug-could-have-led-to.html</feedburner:origLink></item><item><title>Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/kxKUMcFXWq8/israeli-firm-helped-governments-target.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Mon, 19 Jul 2021 09:01:00 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-6130813682041928659</guid><description>Two of the zero-day Windows flaws rectified by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally.
The spyware vendor was also formally identified as the commercial surveillance company that Google's&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/kxKUMcFXWq8" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-lnmWNBrSE9k/YPWhrFsftuI/AAAAAAAA4Tc/mV6atejnTU8JKQ98Latgx1poZRDDLxvXgCLcBGAsYHQ/s72-c-e100/cyber.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html</feedburner:origLink></item><item><title>The Definitive RFP Templates for EDR/EPP and APT Protection</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/KY7v6Zs6YKQ/rfp-templates-for-edr-epp.html</link><author>noreply@blogger.com (The Hacker News)</author><pubDate>Fri, 16 Jul 2021 04:38:28 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-6536896568429837334</guid><description>Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise—in fact, every organization, regardless of vertical and size is at risk, whether as a direct target, supply chain or collateral damage.
The vast majority of security decision-makers acknowledge they need to address the APT&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/KY7v6Zs6YKQ" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-J5JfIIfcGBM/YPFvetgHnTI/AAAAAAAA4TE/ZAhswzhpAVwqgEALZ3dUXTwMbPQJBviGACLcBGAsYHQ/s72-c-e100/cynet.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2019/09/rfp-templates-for-edr-epp.html</feedburner:origLink></item><item><title>Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/D71FVAKV1pY/facebook-suspends-accounts-used-by.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Sun, 18 Jul 2021 22:59:52 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-1697022254154608274</guid><description>Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform.
The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/D71FVAKV1pY" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-GvSw0nJfz30/YPFNYzFZPeI/AAAAAAAADN4/pOT_0iF2J1c8Oz7pIszrRm0hH05grHbSACLcBGAsYHQ/s72-c-e100/facebook-hacker.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/facebook-suspends-accounts-used-by.html</feedburner:origLink></item><item><title>Update Your Chrome Browser to Patch New ZeroDay Bug Exploited in the Wild</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/j6BEv2m0Dn8/update-your-chrome-browser-to-patch-new.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Thu, 15 Jul 2021 22:08:47 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-8842642962985258276</guid><description>Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild.
The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine (CVE-2021-30563). The search giant credited an anonymous researcher for reporting&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/j6BEv2m0Dn8" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/--Br-zb7NQb0/YPEUTqMvgsI/AAAAAAAADNw/cesEHjkHFKgyqC_MTP_ji5iUXUCeqoH1QCLcBGAsYHQ/s72-c-e100/chrome-update.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html</feedburner:origLink></item><item><title>Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/KIB6sSY3DOA/microsoft-warns-of-new-unpatched.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Sat, 17 Jul 2021 04:53:08 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-4075963699407058047</guid><description>Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update.
Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/KIB6sSY3DOA" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-dWO_rqbdIfE/YPENEeXU5vI/AAAAAAAADNg/aAsoS9_8txQ842LEOAjpzJcvpkm6tro9wCLcBGAsYHQ/s72-c-e100/Windows-Print-Spooler-Vulnerability.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html</feedburner:origLink></item><item><title>China's Cyberspies Targeting Southeast Asian Government Entities</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/ynTYqw0HM1w/chinas-cyberspies-targeting-southeast.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Thu, 15 Jul 2021 05:57:59 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-630618765425204257</guid><description>A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research.
Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as "LuminousMoth," which it connected with medium to high confidence to a&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/ynTYqw0HM1w" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-20eyxCzbb3o/YPAwFgzlaVI/AAAAAAAADNY/GPLgN7s_-XIzwofzmeelLHMzJDjBk8maACLcBGAsYHQ/s72-c-e100/chinese-hackers.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/chinas-cyberspies-targeting-southeast.html</feedburner:origLink></item><item><title>New Zero-Trust API Offers Mobile Carrier Authentication to Developers</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/xMQewm8swes/how-to-access-mobile-carrier.html</link><author>noreply@blogger.com (The Hacker News)</author><pubDate>Thu, 15 Jul 2021 05:43:10 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-6992701658319290526</guid><description>Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators without the overhead of processing or storing user data. 
Before we show you how it&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xMQewm8swes" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-1b2OPAwXz7g/YO-tuubpvpI/AAAAAAAABI4/AaxU74Qv5L8vogyoy-KncccT1WUIit1twCLcBGAsYHQ/s72-c-e100/cybersecurity.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/how-to-access-mobile-carrier.html</feedburner:origLink></item><item><title>Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/kFBap-h96gQ/ransomware-attacks-targeting-unpatched.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Thu, 15 Jul 2021 03:21:33 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-9141110185783236331</guid><description>Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/kFBap-h96gQ" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-43bdlNyEf40/YPAKb-i_6pI/AAAAAAAADNA/86ITJbk_xXYG63SkB11ytvt5XKev0a6WQCLcBGAsYHQ/s72-c-e100/sonicwall.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/ransomware-attacks-targeting-unpatched.html</feedburner:origLink></item><item><title>Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild</title><link>http://feedproxy.google.com/~r/TheHackersNews/~3/J51bCpFSyXc/google-details-ios-chrome-ie-zero-day.html</link><author>noreply@blogger.com (Ravie Lakshmanan)</author><pubDate>Thu, 15 Jul 2021 05:45:33 PDT</pubDate><guid isPermaLink="false">tag:blogger.com,1999:blog-4802841478634147276.post-577634265832327354</guid><description>Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an&lt;img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/J51bCpFSyXc" height="1" width="1" alt=""/&gt;</description><media:thumbnail url="https://1.bp.blogspot.com/-xmPJ5TMTpac/YO_wfpf1LkI/AAAAAAAADM4/xSKsZYAbLBYJjYvNQilqUM9z0lf0Rx7_gCLcBGAsYHQ/s72-c-e100/chrome.jpg" height="72" width="72" /><feedburner:origLink>https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.html</feedburner:origLink></item><media:rating>nonadult</media:rating></channel></rss>

108
src/ef/news_scroll.css Normal file
View File

@ -0,0 +1,108 @@
@import url("palette.css");
/* NEWS FRAME AREA TOP LEVEL PAGE - WIDTH ADDS BORDER */
#news_iframe_scroll {
/*
* Use this width if you want it to span your whole page
*/
/* width: 100%; */
/*
* Otherwise, uncomment this width
*/
max-width: 250px;
min-width: 200px;
margin: 0px auto 10px auto;
-moz-box-sizing: border-box;
-webkit-box-sizing: border-box;
box-sizing: border-box;
/* border-radius: 10px; */
background-color: var(--bg);
font-family: var(--font-family);
}
#news_iframe_scroll iframe
{
width: 100%;
height: 176px; /* IF YOU EDIT HEIGHT EDIT THE SCROLLING SCRIPT HEIGHT!!!! */
display: block;
margin: 0px;
padding: 0px;
overflow: hidden;
}
.news-scroll-title {
color: var(--bg);
font-weight: bold;
background-color: var(--text);
text-align: left;
padding: 5px 5px 5px 5px;
border-bottom: var(--accent) 5px solid;
}
a{
text-decoration: none;
}
.news-article{
color:var(--text);
-webkit-transition-duration: 0.3s;
transition-duration: 0.3s;
padding:5px;
}
.news-article h2{
font-size: medium;
}
.news-article:hover{
color:var(--bg);
background-color: var(--primary);
}
/* EMBEDDED NEWS PAGE BODY */
#NewsDiv { position: absolute; left: 0; top: 0px; width: 100%; }
/*
body.news-scroll {
/*
background-color: var(--bg);
margin: 0;
padding: 0;
border: 0;
}
*/
/* FONTS & PADDING */
.scroll-text-if {
font-size: 12px;
/*text-align: left;
padding: 8px 7px 0px 7px;
*/
}
.scroll-title-if {
font-size: 14px;
/*
text-align: left;
*/
border-bottom: #666666 0px solid;
}
/* EMBEDDED NEWS PAGE LINK COLORS */
/*
.news-scroll a:link { color: #0033FF; text-decoration: none; }
.news-scroll a:visited { color: #6633FF; text-decoration: none; }
.news-scroll a:active { color: #0033FF; text-decoration: none; }
.news-scroll a:hover { color: #6699FF; text-decoration: underline; }
*/

247
src/ef/news_scroll.html Normal file
View File

@ -0,0 +1,247 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>News</title>
<base target="_parent" />
<link rel="stylesheet" href="news_scroll.css" type="text/css" />
<script src="news_scroll.js" type="text/javascript"></script>
</head>
<body color-theme="terminal" class="news-scroll" onMouseover="scrollspeed=0" onMouseout="scrollspeed=current" OnLoad="NewsScrollStart();">
<!-- START NEWS FEED -->
<div id="NewsDiv">
<div class="scroll-text-if">
<div id="news-container">
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/QyJiz3kF9n4/malicious-npm-package-caught-stealing.html>
<div class="news-article">
<h2>
Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
</h2>
<p>A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser.
The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/QyJiz3kF9n4" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/crF48NxsWMo/xloader-windows-infostealer-malware-now.html>
<div class="news-article">
<h2>
XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems
</h2>
<p>Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system.
The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/crF48NxsWMo" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/BnByrOj1RPU/several-new-critical-flaws-affect.html>
<div class="news-article">
<h2>
Several New Critical Flaws Affect CODESYS Industrial Automation Software
</h2>
<p>Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure.
The flaws can be turned "into innovative attacks that could put threat actors in position to remotely<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/BnByrOj1RPU" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/SEP7cMf5Bfg/ebook-guide-to-stress-free.html>
<div class="news-article">
<h2>
[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams
</h2>
<p>Todays cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams cant prevent these attacks from happening, what can lean security teams look forward to? 
Surprisingly, leaner teams have a much greater chance than<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/SEP7cMf5Bfg" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/8w-lkhOOs48/new-windows-and-linux-flaws-give.html>
<div class="news-article">
<h2>
New Windows and Linux Flaws Give Attackers Highest System Privileges
</h2>
<p>Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.
"Starting with Windows 10 build 1809, non-administrative users are granted<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/8w-lkhOOs48" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/0waAACXDS2I/16-year-old-security-bug-affects.html>
<div class="news-article">
<h2>
16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
</h2>
<p>Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005.
Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/0waAACXDS2I" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/xoTHw83XeOg/this-new-malware-hides-itself-among.html>
<div class="news-article">
<h2>
This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection
</h2>
<p>Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.
"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xoTHw83XeOg" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/zpzmQvEQWao/us-and-global-allies-accuse-china-of.html>
<div class="news-article">
<h2>
US and Global Allies Accuse China of Massive Microsoft Exchange Attack
</h2>
<p>The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS).
In a statement issued by the White House on Monday, the administration said, "with a high degree of<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/zpzmQvEQWao" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/m2WxVj3ppPY/researchers-warn-of-linux-cryptojacking.html>
<div class="news-article">
<h2>
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
</h2>
<p>A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang.
Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/m2WxVj3ppPY" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/TBSEy5OiD9k/turns-out-that-low-risk-ios-wi-fi.html>
<div class="news-article">
<h2>
Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely
</h2>
<p>The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.
The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/TBSEy5OiD9k" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/L013-YRnjLw/five-critical-password-security-rules.html>
<div class="news-article">
<h2>
Five Critical Password Security Rules Your Employees Are Ignoring
</h2>
<p>According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security.
Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password Malpractice Report sought to find out.
In February 2021, Keeper surveyed 1,000 employees in the U.S.<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/L013-YRnjLw" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/zgc63uS7Nu8/researcher-uncover-yet-another.html>
<div class="news-article">
<h2>
Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability
</h2>
<p>Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks.
"Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/zgc63uS7Nu8" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/WCLNQvg-w9Y/new-leak-reveals-abuse-of-pegasus.html>
<div class="news-article">
<h2>
New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally
</h2>
<p>A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world.
Dubbed the "Pegasus Project," the investigation is a collaboration by more than 80 journalists from a<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/WCLNQvg-w9Y" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/hDIiMFjmWqc/chinas-new-law-requires-researchers-to.html>
<div class="news-article">
<h2>
China's New Law Requires Vendors to Report Zero-Day Bugs to Government
</h2>
<p>The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report.
The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/hDIiMFjmWqc" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/SrSMJnd9H34/instagram-launches-security-checkup-to.html>
<div class="news-article">
<h2>
Instagram Launches 'Security Checkup' to Help Users Recover Hacked Accounts
</h2>
<p>Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them.
In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as phone numbers or<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/SrSMJnd9H34" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/iLNhjM9jFOM/cloudflare-cdnjs-bug-could-have-led-to.html>
<div class="news-article">
<h2>
CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks
</h2>
<p>Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet.
CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.
The weakness<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/iLNhjM9jFOM" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/kxKUMcFXWq8/israeli-firm-helped-governments-target.html>
<div class="news-article">
<h2>
Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware
</h2>
<p>Two of the zero-day Windows flaws rectified by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally.
The spyware vendor was also formally identified as the commercial surveillance company that Google's<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/kxKUMcFXWq8" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/KY7v6Zs6YKQ/rfp-templates-for-edr-epp.html>
<div class="news-article">
<h2>
The Definitive RFP Templates for EDR/EPP and APT Protection
</h2>
<p>Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise—in fact, every organization, regardless of vertical and size is at risk, whether as a direct target, supply chain or collateral damage.
The vast majority of security decision-makers acknowledge they need to address the APT<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/KY7v6Zs6YKQ" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/D71FVAKV1pY/facebook-suspends-accounts-used-by.html>
<div class="news-article">
<h2>
Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel
</h2>
<p>Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform.
The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/D71FVAKV1pY" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/j6BEv2m0Dn8/update-your-chrome-browser-to-patch-new.html>
<div class="news-article">
<h2>
Update Your Chrome Browser to Patch New ZeroDay Bug Exploited in the Wild
</h2>
<p>Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild.
The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine (CVE-2021-30563). The search giant credited an anonymous researcher for reporting<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/j6BEv2m0Dn8" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/KIB6sSY3DOA/microsoft-warns-of-new-unpatched.html>
<div class="news-article">
<h2>
Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability
</h2>
<p>Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update.
Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/KIB6sSY3DOA" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/ynTYqw0HM1w/chinas-cyberspies-targeting-southeast.html>
<div class="news-article">
<h2>
China's Cyberspies Targeting Southeast Asian Government Entities
</h2>
<p>A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research.
Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as "LuminousMoth," which it connected with medium to high confidence to a<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/ynTYqw0HM1w" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/xMQewm8swes/how-to-access-mobile-carrier.html>
<div class="news-article">
<h2>
New Zero-Trust API Offers Mobile Carrier Authentication to Developers
</h2>
<p>Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators without the overhead of processing or storing user data. 
Before we show you how it<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xMQewm8swes" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/kFBap-h96gQ/ransomware-attacks-targeting-unpatched.html>
<div class="news-article">
<h2>
Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances
</h2>
<p>Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/kFBap-h96gQ" height="1" width="1" alt=""/>...</p>
</div>
</a>
<a href=http://feedproxy.google.com/~r/TheHackersNews/~3/J51bCpFSyXc/google-details-ios-chrome-ie-zero-day.html>
<div class="news-article">
<h2>
Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
</h2>
<p>Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/J51bCpFSyXc" height="1" width="1" alt=""/>...</p>
</div>
</a>
</div>
</div>
</div>
</body>
</html>

39
src/ef/news_scroll.js Normal file
View File

@ -0,0 +1,39 @@
var startdelay = 2; // START SCROLLING DELAY IN SECONDS
var scrollspeed = 1.1; // ADJUST SCROLL SPEED
var scrollwind = 1; // FRAME START ADJUST
var speedjump = 30; // ADJUST SCROLL JUMPING = RANGE 20 TO 40
var nextdelay = 0; // SECOND SCROLL DELAY IN SECONDS 0 = QUICKEST
var topspace = "2px"; // TOP SPACING FIRST TIME SCROLLING
var frameheight = 176; // IF YOU RESIZE THE CSS HEIGHT, EDIT THIS HEIGHT TO MATCH
current = (scrollspeed);
function HeightData(){
AreaHeight=dataobj.offsetHeight
if (AreaHeight===0){
setTimeout("HeightData()",( startdelay * 1000 ))
}
else {
ScrollNewsDiv()
}
}
function NewsScrollStart(){
dataobj=document.all? document.all.NewsDiv : document.getElementById("NewsDiv")
dataobj.style.top=topspace
setTimeout("HeightData()",( startdelay * 1000 ))
}
function ScrollNewsDiv(){
dataobj.style.top=scrollwind+'px';
scrollwind-=scrollspeed;
if (parseInt(dataobj.style.top)<AreaHeight*(-1)) {
dataobj.style.top=frameheight+'px';
scrollwind=frameheight;
setTimeout("ScrollNewsDiv()",( nextdelay * 1000 ))
}
else {
setTimeout("ScrollNewsDiv()",speedjump)
}
}

44
src/ef/palette.css Normal file
View File

@ -0,0 +1,44 @@
:root{
/*
Todo: make the colors right
*/
--hornet-blue: #302efe;
--hornet-red: #E3073F;
--hornet-black:#050515;
font-family: Verdana, Geneva, sans-serif;
}
.light, body[color-theme="light"]{
--bg: #DDDDFF;
--text: var(--hornet-black);
--link: var(--hornet-blue);
--clicked-link: purple;
--primary: var(--hornet-blue);
--accent: var(--hornet-red);
--warning: var(--hornet-red);
--font-family: var(--hornet-font);
}
.dark, body[color-theme="dark"]{
--bg:var(--hornet-black);
--text:white;
--link: var(--hornet-blue);
--clicked-link: purple;
--primary:var(--hornet-blue);
--accent: var(--hornet-red);
--warning:var(--hornet-red);
--font-family: var(--hornet-font);
}
.terminal, body[color-theme="terminal"], div[color-theme="terminal"]{
--bg:black;
--text: #00ff00;
--link: var(--hornet-blue);
--clicked-link: #4400ff;
--primary: #00ff00;
--accent: var(--hornet-blue);
--warning: red;
--font-family: var(--hornet-font);
}

102
src/ef/xml-download.py Normal file
View File

@ -0,0 +1,102 @@
import requests
import xml.etree.ElementTree as ET
URL = "https://feeds.feedburner.com/TheHackersNews?format=xml"
FEED_FILE = "feed.xml"
def downloadRSS():
response = requests.get(URL)
with open(FEED_FILE, 'wb') as file:
file.write(response.content)
def parseXML(xmlfile):
# create element tree object
tree = ET.parse(xmlfile)
# get root element
root = tree.getroot()
# create empty list for news items
newsitems = []
# iterate news items
for item in root.findall('./channel/item'):
# empty news dictionary
news = {}
# iterate child elements of item
for child in item:
# # special checking for namespace object content:media
if child.tag == '{http://search.yahoo.com/mrss/}content':
news['media'] = child.attrib['url']
else:
if child.text is not None:
news[child.tag] = child.text.encode('utf8')
# append news dictionary to news items list
newsitems.append(news)
# return news items list
return newsitems
def saveToHTML(articles):
# create news article list
with open("news_scroll.html", "w") as news:
news.write('\
<!doctype html>\n\
<html lang="en">\n\
<head>\n\
<meta charset="utf-8" />\n\
<title>News</title>\n\
<base target="_parent" />\n\
<link rel="stylesheet" href="news_scroll.css" type="text/css" />\n\
<script src="news_scroll.js" type="text/javascript"></script> \n\
</head>\n\
<body color-theme="terminal" class="news-scroll" onMouseover="scrollspeed=0" onMouseout="scrollspeed=current" OnLoad="NewsScrollStart();">\n\
<!-- START NEWS FEED -->\n\
<div id="NewsDiv">\n\
<div class="scroll-text-if">\n\
<div id="news-container">\n')
# for each article, create an element
for article in articles:
news.write('\
<a href={uri}>\n\
<div class="news-article">\n\
<h2>\n\
{title}\n\
</h2>\n\
<p>{content}...</p>\n\
</div>\n\
</a>\n\
'.format(title = article["title"].decode('utf-8'), content = article["description"].decode('utf-8'), uri = article["link"].decode('utf-8')))
news.write('\
</div>\n\
</div>\n\
</div>\n\
</body>\n\
</html>\
')
news.write('')
return
def main():
print("Downloading RSS...")
downloadRSS()
print("RSS downloaded.")
print("Parsing RSS...")
articles = parseXML(FEED_FILE)
print("RSS parsed into", len(articles), "articles.")
print("Putting into HTML...")
saveToHTML(articles)
print("Put in HTML.")
if __name__ == "__main__":
main()

13
src/footer.css Normal file
View File

@ -0,0 +1,13 @@
footer {
position: absolute;
left: 0;
bottom: 0;
height: 100px;
width: 100%;
color:var(--bg);
background: var(--primary);
text-align: center;
}
footer p{
padding: 20 0 0 0;
}

12
src/hack-news-widget.html Normal file
View File

@ -0,0 +1,12 @@
<!-- START SCROLLING NEWS WINDOW -->
<!-- NOTE: For educational use only -->
<link rel="stylesheet" type="text/css" href="ef/news_scroll.css">
<div id="news_iframe_scroll" class="section" color-theme="terminal">
<a href="https://thehackernews.com/">
<div class="news_scroll-title">
The Hacker News feed<br>
</div>
</a>
<iframe name="NewsIFrame" src="news_scroll_2.html" frameborder="0" scrolling="no"></iframe>
</div>
<!-- END SCROLLING NEWS WINDOW -->

44
src/header.css Normal file
View File

@ -0,0 +1,44 @@
header{
color:white;
display: flex;
flex-direction: row;
flex-wrap: nowrap;
justify-content: center;
font-size: 1.2rem;
}
/*
#logo {
padding: 10px 0 10px 0;
max-width: 100px;
background-size: 100%;
height: 100px;
}
#logo img{
border-radius: 0.5rem;
max-width: inherit;
max-height: inherit;
background-color: var(--bg);
}
#trademark {
max-width: 200px;
visibility: visible;
display: flex;
flex-direction: column;
justify-content: center;
}
#trademark *{
margin:0px;
padding:0 0 0 1rem;
color:gray;
}
#trademark h1{
font-variant:small-caps;
}
*/
#H{
color:var(--primary);
}
#F{
color:var(--accent);
}

40
src/navbar.css Normal file
View File

@ -0,0 +1,40 @@
.navbar{
position: -webkit-sticky;
position: sticky;
top: 0;
margin: 0;
padding: 0;
max-width: none;
z-index: 3;
background-color: var(--primary);
color: var(--bg);
}
.navlink{
max-width: none;
list-style-type: none;
margin: 0;
padding: 0;
overflow: auto;
text-align: center;
}
.navlink > li {
display: inline-block;
}
.navlink > li > a {
color: var(--bg);
display: block;
margin: 1;
text-align: center;
padding: 0.7rem 1.3rem;
text-decoration: none;
-webkit-transition-duration: 0.3s;
transition-duration: 0.3s;
}
.navlink > li > a:hover {
color: gray;
}

45
src/news_main.css Normal file
View File

@ -0,0 +1,45 @@
@import "header.css";
@import "navbar.css";
@import "footer.css";
html{
position:relative;
min-height: 100%;
}
body{
background-color: var(--bg);
font-family: var(--font-family);
margin: 0 0 100px 0;
display: flex;
flex-direction: column;
}
main{
line-height: 1.4;
flex:1 0 auto;
display: flex;
flex-flow: column;
color:var(--text);
}
.section{
max-width: 800px;
display: flex;
flex-flow: column wrap;
justify-content: flex-start;
margin: 0 auto;
width:100%
}
a{
color:var(--link);
text-decoration: none;
}
#error{
color:var(--warning);
}
.hide{
display:none;
}

49
src/sample_1.html Normal file
View File

@ -0,0 +1,49 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="-1" />
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE" />
<meta name="theme-color" content="#304FFE" />
<link rel="stylesheet" type="text/css" href="news_main.css">
<title>HornetFighter HackNews</title>
<link rel="icon" href="../img/hornetFighter.ico">
</head>
<body color-theme="light">
<header id="header">
<h1 class = "name">
<a href="https://hornetfighter.com" style="text-decoration:none">
<span id="H">HORNET</span><span id="F">FIGHTER</span><span id="COM">.COM</span>
</a>
</h1>
<!--<p class="name"><em>SOFTWARE SOLUTIONS</em></p>-->
</header>
<div class="navbar">
<ul class="navlink">
<li><a href="<?php echo $address;?>">HOME</a></li>
<li><a href="<?php echo $address;?>projects/">PROJECTS</a></li>
<li><a href="https://github.com/hornetfighter515/">GITHUB</a></li>
</ul>
</div>
<main>
<!-- START SCROLLING NEWS WINDOW -->
<!-- NOTE: For educational use only -->
<link rel="stylesheet" type="text/css" href="ef/news_scroll.css">
<div class="section" id="news_iframe_scroll" color-theme="terminal">
<a href="https://thehackernews.com/">
<div class="news-scroll-title">
The Hacker News feed<br>
</div>
</a>
<iframe name="Hacker News IFrame" src="ef/news_scroll.html" frameborder="0" scrolling="no"></iframe>
</div>
<!-- END SCROLLING NEWS WINDOW -->
</main>
<footer id="footer">
<p><i>Copyright &copy; 2021 HornetFighter</i></p>
</footer>
</body>
</html>

17
src/sample_2.html Normal file
View File

@ -0,0 +1,17 @@
<!DOCTYPE html>
<html lang="en">
<body>
<!-- START SCROLLING NEWS WINDOW -->
<!-- NOTE: For educational use only -->
<link rel="stylesheet" type="text/css" href="ef/news_scroll.css">
<div class="section" id="news_iframe_scroll" color-theme="terminal">
<a href="https://thehackernews.com/">
<div class="news-scroll-title">
The Hacker News feed<br>
</div>
</a>
<iframe name="Hacker News IFrame" src="ef/news_scroll.html" frameborder="0" scrolling="no"></iframe>
</div>
<!-- END SCROLLING NEWS WINDOW -->
</body>
</html>