Code & Design News Aggregator of Code, Security and Design news sites. Tue, 19 Jan 2021 11:57:36 +0000 New Educational Video Series for CISOs with Small Security Teams Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are<img src="" height="1" width="1" alt=""/> Tue, 19 Jan 2021 11:05:29 +0000 2021-01-19T11:05:29+00:00 FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in Linux devices to co-opt the systems into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency. The attacks involve a new malware variant called "FreakOut" that leverages newly patched flaws in TerraMaster, Laminas Project (formerly Zend Framework), and<img src="" height="1" width="1" alt=""/> Tue, 19 Jan 2021 11:02:30 +0000 2021-01-19T11:02:30+00:00 Is this plane landing or departing? <a href="">Comments</a> Tue, 19 Jan 2021 10:46:26 +0000 2021-01-19T10:46:26+00:00 Turkey imposes advertising bans on Twitter, Periscope and Pinterest <a href="">Comments</a> Tue, 19 Jan 2021 10:45:13 +0000 2021-01-19T10:45:13+00:00 How to leave Google and why <a href="">Comments</a> Tue, 19 Jan 2021 10:36:55 +0000 2021-01-19T10:36:55+00:00 Flagpack — Stunning flag icons for your digital product Tue, 19 Jan 2021 10:00:34 +0000 2021-01-19T10:00:34+00:00 Digital VT100 (1978) – Beautiful Vintage Terminal <a href="">Comments</a> Tue, 19 Jan 2021 09:51:30 +0000 2021-01-19T09:51:30+00:00 Is Signal as easy to use as WhatsApp? (a ~40 hour analysis) <a href="">Comments</a> Tue, 19 Jan 2021 09:23:46 +0000 2021-01-19T09:23:46+00:00 5 Best YouTube Gallery Plugins for WordPress Tue, 19 Jan 2021 09:23:23 +0000 2021-01-19T09:23:23+00:00 Useful design feedback Tue, 19 Jan 2021 09:17:41 +0000 2021-01-19T09:17:41+00:00 Kenneth Kuttler's Free Math Books <a href="">Comments</a> Tue, 19 Jan 2021 09:12:22 +0000 2021-01-19T09:12:22+00:00 User power, not power users: htop and its design philosophy <a href="">Comments</a> Tue, 19 Jan 2021 08:26:44 +0000 2021-01-19T08:26:44+00:00 Electric car batteries with five-minute charging times produced <a href="">Comments</a> Tue, 19 Jan 2021 07:31:15 +0000 2021-01-19T07:31:15+00:00 Nature’s Electromagnetic Symphony – Whistlers <a href="">Comments</a> Tue, 19 Jan 2021 06:28:56 +0000 2021-01-19T06:28:56+00:00 How to design and create an app like Netflix Tue, 19 Jan 2021 05:53:55 +0000 2021-01-19T05:53:55+00:00 <a href="">Comments</a> Tue, 19 Jan 2021 04:45:33 +0000 2021-01-19T04:45:33+00:00 Crossword.el – download and play crossword puzzles in Emacs <a href="">Comments</a> Tue, 19 Jan 2021 04:00:03 +0000 2021-01-19T04:00:03+00:00 Show HN: A high-performance TensorFlow library for quantitative finance <a href="">Comments</a> Tue, 19 Jan 2021 03:43:08 +0000 2021-01-19T03:43:08+00:00 What You Should Know Before Leaking a Zoom Meeting <a href="">Comments</a> Tue, 19 Jan 2021 03:41:07 +0000 2021-01-19T03:41:07+00:00 Full success of first-ever cubesat mission equipped with Hall-effect propulsion <a href="">Comments</a> Tue, 19 Jan 2021 03:30:10 +0000 2021-01-19T03:30:10+00:00 Everything you need to know to design your own CNC router <a href="">Comments</a> Tue, 19 Jan 2021 02:35:39 +0000 2021-01-19T02:35:39+00:00 How Clarity Found Why Its Best Customers Were Buying Tue, 19 Jan 2021 02:29:18 +0000 2021-01-19T02:29:18+00:00 Colorize <a href="">Comments</a> Tue, 19 Jan 2021 00:04:51 +0000 2021-01-19T00:04:51+00:00 Centralisation Is a Danger to Democracy <a href="">Comments</a> Mon, 18 Jan 2021 23:37:51 +0000 2021-01-18T23:37:51+00:00 Software engineering is a learning process, working code is a side effect <a href="">Comments</a> Mon, 18 Jan 2021 22:18:23 +0000 2021-01-18T22:18:23+00:00 7 Essential Tools Every Website Designer Needs (and Why) Mon, 18 Jan 2021 22:10:26 +0000 2021-01-18T22:10:26+00:00 A History of Primary Colours (2020) <a href="">Comments</a> Mon, 18 Jan 2021 21:48:40 +0000 2021-01-18T21:48:40+00:00 I wasted $40k on a fantastic startup idea <a href="">Comments</a> Mon, 18 Jan 2021 20:01:15 +0000 2021-01-18T20:01:15+00:00 Tech companies are profiling us from before birth <a href="">Comments</a> Mon, 18 Jan 2021 19:02:55 +0000 2021-01-18T19:02:55+00:00 Software effort estimation is mostly fake research <a href="">Comments</a> Mon, 18 Jan 2021 19:02:53 +0000 2021-01-18T19:02:53+00:00 TV detector vans once prowled the streets of England <a href="">Comments</a> Mon, 18 Jan 2021 16:42:33 +0000 2021-01-18T16:42:33+00:00 UI Design Trends for 2021 Mon, 18 Jan 2021 16:23:15 +0000 2021-01-18T16:23:15+00:00 The Xerox Principle Mon, 18 Jan 2021 16:09:50 +0000 2021-01-18T16:09:50+00:00 Speed techniques to help you design faster Mon, 18 Jan 2021 15:09:02 +0000 2021-01-18T15:09:02+00:00 The Real Reason We Procrastinate and How to Stop Mon, 18 Jan 2021 12:54:26 +0000 2021-01-18T12:54:26+00:00 Microbes Sleeping 100M Years on the Ocean Floor Have Awakened <a href="">Comments</a> Mon, 18 Jan 2021 12:16:21 +0000 2021-01-18T12:16:21+00:00 A Study of the “Human Flesh” Search Engine (2010) [pdf] <a href="">Comments</a> Mon, 18 Jan 2021 12:14:11 +0000 2021-01-18T12:14:11+00:00 5 female illustrators to work with in 2021 Mon, 18 Jan 2021 11:21:53 +0000 2021-01-18T11:21:53+00:00 Nocturnal — iOS 14 theme to match dark mode Mon, 18 Jan 2021 11:02:05 +0000 2021-01-18T11:02:05+00:00 Non-Blocking Parallelism for Services in Go <a href="">Comments</a> Mon, 18 Jan 2021 09:49:52 +0000 2021-01-18T09:49:52+00:00 Future of Design and Creativity Mon, 18 Jan 2021 09:16:08 +0000 2021-01-18T09:16:08+00:00 50+ Free Illustrator Scripts Mon, 18 Jan 2021 09:13:20 +0000 2021-01-18T09:13:20+00:00 How to render JSON file (Lottie animation) in After Effects Mon, 18 Jan 2021 08:34:18 +0000 2021-01-18T08:34:18+00:00 An amazing ebook reader mobil app design Mon, 18 Jan 2021 08:06:00 +0000 2021-01-18T08:06:00+00:00 60 Best Free SEO Tools (Tried & Tested) Mon, 18 Jan 2021 07:21:47 +0000 2021-01-18T07:21:47+00:00 Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network<img src="" height="1" width="1" alt=""/> Mon, 18 Jan 2021 06:42:40 +0000 2021-01-18T06:42:40+00:00 Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A<img src="" height="1" width="1" alt=""/> Mon, 18 Jan 2021 06:07:15 +0000 2021-01-18T06:07:15+00:00 Reflections on a Talk Gone Wrong <a href="">Comments</a> Mon, 18 Jan 2021 05:55:02 +0000 2021-01-18T05:55:02+00:00 The short, tormented life of computer genius Phil Katz (2000) <a href="">Comments</a> Mon, 18 Jan 2021 00:18:19 +0000 2021-01-18T00:18:19+00:00 - playlists for focus and productivity Sun, 17 Jan 2021 21:41:26 +0000 2021-01-17T21:41:26+00:00 Brandkey - All-in-one Brand Data API. Sun, 17 Jan 2021 16:58:49 +0000 2021-01-17T16:58:49+00:00 Learning to Suffer <a href="">Comments</a> Sun, 17 Jan 2021 11:18:52 +0000 2021-01-17T11:18:52+00:00 Sosumi Snap – Download and Install macOS in Ubuntu <a href="">Comments</a> Sun, 17 Jan 2021 10:29:28 +0000 2021-01-17T10:29:28+00:00 How to Complement Typography with the Right Colors. Sun, 17 Jan 2021 09:51:09 +0000 2021-01-17T09:51:09+00:00 Email shortcuts to your favorite productivity tools. Sat, 16 Jan 2021 21:54:58 +0000 2021-01-16T21:54:58+00:00 NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by<img src="" height="1" width="1" alt=""/> Sat, 16 Jan 2021 17:11:02 +0000 2021-01-16T17:11:02+00:00 WhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 Months WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of<img src="" height="1" width="1" alt=""/> Sat, 16 Jan 2021 17:10:04 +0000 2021-01-16T17:10:04+00:00 Check out top 10 Mobile App Development Trends in 2021 Sat, 16 Jan 2021 16:53:45 +0000 2021-01-16T16:53:45+00:00 PNGABLE is a good tool for finding high quality PNG images Sat, 16 Jan 2021 12:46:28 +0000 2021-01-16T12:46:28+00:00 Joker's Stash, The Largest Carding Marketplace, Announces Shutdown Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name "JokerStash" — said "it's time for us to leave forever" and that "we will never ever open again,"<img src="" height="1" width="1" alt=""/> Sat, 16 Jan 2021 05:35:26 +0000 2021-01-16T05:35:26+00:00 14 recent useful design resources in January 2021 Fri, 15 Jan 2021 17:04:50 +0000 2021-01-15T17:04:50+00:00 Top 10 reasons why Laravel Is The Best PHP Framework Fri, 15 Jan 2021 16:38:00 +0000 2021-01-15T16:38:00+00:00 Experts Uncover Malware Attacks Against Colombian Government and Companies Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed "Operation Spalax" — began in 2020, with the modus operandi sharing some similarities to an APT<img src="" height="1" width="1" alt=""/> Thu, 14 Jan 2021 09:10:41 +0000 2021-01-14T09:10:41+00:00 Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel's vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU<img src="" height="1" width="1" alt=""/> Wed, 13 Jan 2021 10:07:16 +0000 2021-01-13T10:07:16+00:00 Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365 Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The discovery was made after the breach was notified by Microsoft, the London-based company said in an alert posted on its website, adding it's reached out to the impacted organizations to remediate<img src="" height="1" width="1" alt=""/> Wed, 13 Jan 2021 08:41:19 +0000 2021-01-13T08:41:19+00:00 Buyer's Guide for Securing Internal Environment with a Small Cybersecurity Team Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your internal environment from breaches. The "buyer's guide for securing the internal environment with a<img src="" height="1" width="1" alt=""/> Wed, 13 Jan 2021 08:37:23 +0000 2021-01-13T08:37:23+00:00 Authorities Take Down World's Largest Illegal Dark Web Marketplace Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI). At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors,<img src="" height="1" width="1" alt=""/> Wed, 13 Jan 2021 07:49:30 +0000 2021-01-13T07:49:30+00:00 Experts Sound Alarm On New Android Malware Sold On Hacking Forums Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages. The vendor, who goes by the<img src="" height="1" width="1" alt=""/> Wed, 13 Jan 2021 05:24:37 +0000 2021-01-13T05:24:37+00:00 Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core<img src="" height="1" width="1" alt=""/> Wed, 13 Jan 2021 05:01:20 +0000 2021-01-13T05:01:20+00:00 Warning — 5 New Trojanized Android Apps Spying On Users In Pakistan Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL Insurance,<img src="" height="1" width="1" alt=""/> Tue, 12 Jan 2021 14:10:14 +0000 2021-01-12T14:10:14+00:00 Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop. "This<img src="" height="1" width="1" alt=""/> Tue, 12 Jan 2021 06:29:57 +0000 2021-01-12T06:29:57+00:00 Researchers Find Links Between Sunburst and Russian Kazuar Malware Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented by Palo Alto<img src="" height="1" width="1" alt=""/> Tue, 12 Jan 2021 04:36:46 +0000 2021-01-12T04:36:46+00:00 Russian Hacker Gets 12-Years Prison for Massive JP Morgan Chase Hack A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies. Andrei Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online<img src="" height="1" width="1" alt=""/> Mon, 11 Jan 2021 07:11:27 +0000 2021-01-11T07:11:27+00:00 ALERT: North Korean hackers targeting South Korea with RokRat Trojan A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT). "The<img src="" height="1" width="1" alt=""/> Fri, 08 Jan 2021 20:00:16 +0000 2021-01-08T20:00:16+00:00 New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it. The vulnerability (<img src="" height="1" width="1" alt=""/> Fri, 08 Jan 2021 19:59:53 +0000 2021-01-08T19:59:53+00:00 WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook "Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The Facebook-owned messaging service is alerting users in India of an update to its terms of service and <img src="" height="1" width="1" alt=""/> Fri, 08 Jan 2021 15:27:03 +0000 2021-01-08T15:27:03+00:00 How Does Your AD Password Policy Compare to NIST's Password Recommendations? End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your users may also inadvertently use breached passwords for their corporate account password. The National<img src="" height="1" width="1" alt=""/> Fri, 08 Jan 2021 07:02:32 +0000 2021-01-08T07:02:32+00:00 SolarWinds Hackers Also Accessed U.S. Justice Department's Email Server The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack. "On December 24, 2020, the Department of Justice's Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected<img src="" height="1" width="1" alt=""/> Thu, 07 Jan 2021 15:49:57 +0000 2021-01-07T15:49:57+00:00 Hackers Using Fake Trump's Scandal Video to Spread QNode Malware Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive (JAR) file called "TRUMP_SEX_SCANDAL_VIDEO.jar," which, when downloaded, installs Qua or Quaverse RAT (QRAT)<img src="" height="1" width="1" alt=""/> Wed, 06 Jan 2021 14:00:59 +0000 2021-01-06T14:00:59+00:00 FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. "This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and<img src="" height="1" width="1" alt=""/> Wed, 06 Jan 2021 07:17:23 +0000 2021-01-06T07:17:23+00:00