A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble that previously allowed you to drag and drop downloaded files onto any website or tab in the browser.
Google Chrome's downloads menu originally appeared in a bar at the bottom of the browser, but this changed last year when it was replaced with a downloads bubble, which appears within the toolbar.
A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware.
Also tracked as Evasive Panda, Daggerfly, and StormCloud, this cyber-espionage group has been active since at least 2012, targeting organizations across mainland China, Hong Kong, Macao, Nigeria, and various Southeast and East Asian countries.
On Friday, Volexity threat researchers revealed that the Chinese cyber-espionage gang had exploited insecure HTTP software update mechanisms that didn't validate digital signatures to deploy malware payloads on victims' Windows and Read Full Article ...
A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers.
The discovery comes from a team of researchers from the Graz University of Technology who demonstrated the attack on Linux kernel versions 5.9 and 6.2 (latest) using nine existing CVEs in both 32-bit and 64-bit systems, indicating high versatility.
Additionally, the attack worked with all modern kernel defenses like Supervisor Mode Execution Prevention (SMEP), Supervisor Mode Access Read Full Article ...
As platform engineering continues to grow in popularity inside enterprises, an all-new training curriculum is being launched that will provide one of the first platform engineering certifications in the industry.
The training and certification, offered by the global platform engineering developer’s community PlatformEngineering.org, will begin on Aug. 6 and include two courses and a certification exam that will help IT administrators gain new skills in this burgeoning field.
The courses include an eight-week Platform Engineering Fundamentals class and an MVP (Minimum Viable Platform) to IDP (Internal Development Read Full Article ...
React and its virtual DOM paradigm has been at the forefront of frontend development for a decade now, but there’s been a swing towards simplicity and web-native features in more recent frameworks. Astro is a great example; and it also now has the support of Netlify, a leading player in the current web landscape.
Earlier this month Netlify announced Astro as its “Official Deployment Partner,” which in practice means it will contribute $12,500 each month “towards the ongoing open source maintenance and development of Astro.”
As Netlify CEO Read Full Article ...
As part of an apparent effort to clean house, Amazon Web Services will pull the plug on its git-based source control service, AWS CodeCommit.
“After giving it a lot of thought, we made the decision to discontinue new access to a small number of services, including AWS CodeCommit,” AWS Chief Evangelist Jeff Barr wrote, sharing a prepared message on the X social media service Tuesday.
Although existing customers can continue to use CodeCommit for the time being, AWS has stopped accepting new customers. And it has Read Full Article ...
Video and gaming streaming service Netflix has released as open source the workflow orchestrator that its army of data scientists and analysts use every day to understand user behaviors and other large-scale data-driven trends.
The Maestro workflow orchestrator, released under an Apache 2.0 license, was designed to support hundreds of thousands of workflows and has completed up to 2 million jobs in a single day for the media company.
According to company engineers, it Read Full Article ...
The Registry Editor is a powerful application that allows you to access and edit the configuration settings of the Windows operating system.
The Windows Registry is a database containing various settings used by the operating system and installed software applications.
However, it is essential to be careful when using the Registry Editor, as making incorrect changes to the Registry can cause serious problems with your system, including preventing it from booting correctly.
Therefore, before using this guide to modify Read Full Article ...
Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs).
This cybercriminal activity was frst detected in February and it is leveraging the TryCloudflare free service to distribute multiple RATs, including AsyncRAT, GuLoader, VenomRAT, Remcos RAT, and Xworm.
The Cloudflare Tunnel service allows proxying traffic through an encrypted tunnel Read Full Article ...
Operating in ‘kernel-space’ – the most privileged layer of an operating system, with direct access to memory, hardware, resource management, and storage – is vitally important for security products. It enables them to monitor ‘user-space’ – the non-privileged environment where applications run – and protect against malware that executes in that environment, even when it tries to evade detection. But kernel access also allows security products to counter more insidious threats within the kernel itself. As we’ve reported previously, for example, some threat actors use BYOVD (Bring Your Own Vulnerable Driver) attacks, or attempt to get their Read Full Article ...
BitTorrent is often characterized as a decentralized file-sharing technology. However, its reliance on centralized indexes runs contrary to this idea. Over the years, several 'indestructible' alternatives have been proposed, including the relatively new Bitmagnet software. With Bitmagnet, people can run their own private BitTorrent index, relying on DHT and the BEP51 protocol.
When Bram Cohen released the first version of BitTorrent in 2002, it sparked a file-sharing revolution.
At the time bandwidth was a scarce resource, making it impossible to simultaneously share large files with millions Read Full Article ...
Researchers from Delft University of Technology plan to amplify their BitTorrent client "Tribler" with decentralized AI-powered search. A new demo shows that generative AI models make it possible to search for content in novel ways, without restriction. The ultimate goal of the research project is to shift the Internet's power balance from governments and large corporations back to consumers.
Twenty-five years ago, peer-to-peer file-sharing took the Internet by storm.
The ability to search for and share content with complete strangers was nothing short of a Read Full Article ...
Attackers can hide their attempts to execute malicious code by inserting commands into the machine code stored in memory by the software interpreters used by many programming languages, such as VBScript and Python, a group of Japanese researchers will demonstrate at next week's Black Hat USA conference.
Interpreters take human-readable software code and translate each line into bytecode — granular programming instructions understood by the underlying, often virtual, machine. The research team successfully inserted malicious instructions into the bytecode held in memory prior to execution, and because most security software does Read Full Article ...
China-linked advanced persistent threat group APT41 appears to have compromised a government-affiliated institute in Taiwan that conducts research on advanced computing and associated technologies.
The intrusion began in July 2023, with the threat actor gaining initial access to the victim environment via undetermined means. Since then, it has deployed multiple malware tools, including the well-known ShadowPad remote access Trojan (RAT), the Cobalt Strike post compromise tool, and a custom loader for injecting malware using a 2018 Windows remote code execution vulnerability (CVE-2018-0824).
Read Full Article ...
A Fortune 50 company paid $75 million to its cyberattackers earlier this year, greatly exceeding any other confirmed ransom payment in history. The beneficiary of the payout is an outfit called Dark Angels. And Dark Angels isn't just effective — in some ways, the gang turns so much of what we thought we knew about ransomware on its head.
Sure, there have been other big amounts forked over in the past: In 2021, Illinois-based CNA Financial was reported to have paid a then unprecedented $40 million ransom in order Read Full Article ...
The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for "flagrantly violating" children's privacy laws in the country.
The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share short-form videos and messages with adults and others on the service.
They also accused it of illegally collecting and retaining a wide variety of personal information from these children without notifying or obtaining consent from their parents, in Read Full Article ...
Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks.
The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.
Attack chains entail the exploitation of internet-exposed Jupyter Notebook instances to run wget commands for fetching a ZIP archive hosted on a file-sharing site called Filebin.
Read Full Article ...
Free Download Burp Suite Professional for Windows PC is a reliable and practical platform that provides a simple means of performing security testing of web applications.
It gives you complete control, combining advanced manual techniques with various tools that seamlessly support the entire testing process.
Burp Suite Professional is easy-to-use and intuitive and does not require you to perform advanced actions to analyze, scan and exploit web apps. It is highly configurable and Read Full Article ...
Free Download PrivacyRoot Secure Delete Professional full version standalone offline installer for Windows; it is an effective tool to erase files and folders securely.
This is a straightforward but very effective tool to erase files and folders securely. After using this tool, selected files and folders will not be available for recovery. We have attached several security options to choose the level of security you need (this reflects the processing speed).
Free Download Heidi Eraser latest version standalone offline installer for Windows; it removes sensitive data by overwriting it several times.
This program is an advanced security tool for Windows that allows you to remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
It is currently supported under Windows XP (with Service Pack 3), Windows Server 2003 (with Service Pack 2), Windows Vista, Windows Server 2008, Windows 7, Read Full Article ...
Free Download Fort Firewall's latest version standalone offline installer for Windows. It is a simple firewall for Windows with lots of rich features.
Protecting your computer against threats on the internet usually means one has to filter internet access more strictly. What better way to do that if not by using a firewall? Windows comes packed with a firewall by default.
If you're not satisfied with it and are looking for more ways Read Full Article ...
Free Download Antivirus Live CD full version standalone offline installer for Windows. It is an official 4MLinux fork, including the ClamAV scanner.
This software helps you protect your computer against viruses. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses. It automatically updates its virus signature databases by using ethernet, WiFi, PPP, and PPPoE.
All partitions are mounted during the boot Read Full Article ...
Free Download InterCrypto Advanced Encryption Package for Windows PC. It is a robust software solution designed to secure your confidential documents. With a range of powerful encryption algorithms, this tool ensures your sensitive data remains protected from unauthorized access. Whether dealing with personal files or professional documents, this package offers advanced security features to keep your information safe.
It is designed for those who prioritize data security. It employs a variety of robust encryption algorithms to provide Read Full Article ...
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.
Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment. Their customers span over 100 countries (including the United States, despite the FCC labeling Hikvision “an unacceptable risk to U.S. national security” in 2019).
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old ransomware-as-a-service (RaaS) groups. With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks. That’s Read Full Article ... To exploit the vulnerabilities so they can then be repaired, ethical hacking identifies weaknesses in computer systems or networks. Hackers exploit a range of methodologies to identify dangers and eventually enhance safety. They can break into networks or computers using Linux-based operating systems. To stop cybersecurity threats, there are various applications. The field of hacking is highly broad and includes a wide range of activities. In the modern cyber world, several types of attacks take place per hour. A hacking operating system is the most fundamental Read Full Article ... The largest password compilation with nearly ten billion unique passwords was leaked on a popular hacking forum. The Cybernews research team believes the leak poses severe dangers to users prone to reusing passwords. The king is dead. Long live the king. Cybernews researchers discovered what appears to be the largest password compilation with a staggering 9,948,575,739 unique plaintext passwords. The file with the data, titled rockyou2024.txt, was posted on July 4th by forum user ObamaCare. While the user registered in late May 2024, they have Read Full Article ... A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years. The applications attracted a total of more than 32,000 installations before being pulled from the app storefront, Kaspersky said in a Monday write-up. A majority of the downloads originated from Canada, Germany, Italy, Mexico, Spain, Peru, and the U.K. "The new samples included new layers of obfuscation and evasion techniques, such as moving malicious functionality Read Full Article ... ONLY FOR EDUCATION PURPOSE mIRC is a software that allows you to communicate, share, play or work on IRC networks.across the world, whether in multi-user group conferencesor private one-on-one discussions.Communications are instantly transferred using windows.It is possible to define a chat group and send messages to multiple peoplesimultaneously.This software provides users with a file transfer protocol.It tracks exchanges to ensure that data is transmitted to its recipient.It is also able to send encrypted files to keep them secure. mIRC allows the creation of scripts Read Full Article ... A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The weakness was presented 07/30/2024. This vulnerability is traded as CVE-2024-7300. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been Read Full Article ...Ransomware Attacks are on the Rise
14 Best Operating System (OS) for Hacking in 2024
RockYou2024: 10 billion passwords leaked in the largest compilation of all time
New Mandrake Spyware Found in Google Play Store Apps After Two Years
Learn Crack mIRC 7.41 step by step
BOLT CMS 3.7.1 SHOWCASE CREATION SHOWCASES TEXTAREA CROSS SITE SCRIPTING
Overview