Code & Design News Aggregator of Code, Security and Design news sites. Wed, 21 Apr 2021 05:04:18 +0000 WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch yet. At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations<img src="" height="1" width="1" alt=""/> Wed, 21 Apr 2021 04:41:13 +0000 2021-04-21T04:41:13+00:00 The Greshm System [pdf] <a href="">Comments</a> Wed, 21 Apr 2021 01:56:09 +0000 2021-04-21T01:56:09+00:00 Quantum Astronomy Could Create Telescopes Hundreds of Kilometers Wide <a href="">Comments</a> Wed, 21 Apr 2021 01:51:52 +0000 2021-04-21T01:51:52+00:00 Researcher says he can link Facebook accounts to 5M email addresses per day <a href="">Comments</a> Wed, 21 Apr 2021 01:44:22 +0000 2021-04-21T01:44:22+00:00 Git from the Bottom Up <a href="">Comments</a> Wed, 21 Apr 2021 01:23:01 +0000 2021-04-21T01:23:01+00:00 Tetris-OS: An operating system that only plays Tetris <a href="">Comments</a> Wed, 21 Apr 2021 00:02:21 +0000 2021-04-21T00:02:21+00:00 .NET for Beginners (2020) <a href="">Comments</a> Tue, 20 Apr 2021 22:18:22 +0000 2021-04-20T22:18:22+00:00 .NET MAUI: .NET Multi-Platform App UI <a href="">Comments</a> Tue, 20 Apr 2021 21:43:37 +0000 2021-04-20T21:43:37+00:00 Lisp in Forth <a href="">Comments</a> Tue, 20 Apr 2021 21:39:06 +0000 2021-04-20T21:39:06+00:00 Show HN: Mongita is to MongoDB as SQLite is to SQL <a href="">Comments</a> Tue, 20 Apr 2021 21:23:26 +0000 2021-04-20T21:23:26+00:00 The Landlord's Game <a href="">Comments</a> Tue, 20 Apr 2021 21:15:22 +0000 2021-04-20T21:15:22+00:00 AtoB (YC S20) – Stripe for Transportation – hiring early engineers and operators <a href="">Comments</a> Tue, 20 Apr 2021 21:00:18 +0000 2021-04-20T21:00:18+00:00 Pulumi 3.0 <a href="">Comments</a> Tue, 20 Apr 2021 20:14:45 +0000 2021-04-20T20:14:45+00:00 YouTube CEO Susan Wojcicki Gets 'Freedom Expression' Award Sponsored by YouTube <a href="">Comments</a> Tue, 20 Apr 2021 19:55:01 +0000 2021-04-20T19:55:01+00:00 Facebook wants to 'normalize' the mass scraping of personal data <a href="">Comments</a> Tue, 20 Apr 2021 18:48:11 +0000 2021-04-20T18:48:11+00:00 Sponsor: BugHerd changes vague feedback into visual, trackable tasks. Pin feedback and capture technical information to act on. Tue, 20 Apr 2021 18:31:48 +0000 2021-04-20T18:31:48+00:00 Show HN: I'm working on a open-source, self-hosted alternative to Disqus <a href="">Comments</a> Tue, 20 Apr 2021 17:56:45 +0000 2021-04-20T17:56:45+00:00 Grafana, Loki, and Tempo will be relicensed to AGPLv3 <a href="">Comments</a> Tue, 20 Apr 2021 17:17:39 +0000 2021-04-20T17:17:39+00:00 Discord ends deal talks with Microsoft <a href="">Comments</a> Tue, 20 Apr 2021 17:17:31 +0000 2021-04-20T17:17:31+00:00 Apple Introduces AirTag <a href="">Comments</a> Tue, 20 Apr 2021 17:14:23 +0000 2021-04-20T17:14:23+00:00 Margin Notes: Automatic documentation with recorded examples from runtime (2018) <a href="">Comments</a> Tue, 20 Apr 2021 17:10:18 +0000 2021-04-20T17:10:18+00:00 Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform. The findings were reported<img src="" height="1" width="1" alt=""/> Tue, 20 Apr 2021 16:19:08 +0000 2021-04-20T16:19:08+00:00 mRNA vaccines – a new era in vaccinology (2018) <a href="">Comments</a> Tue, 20 Apr 2021 15:46:01 +0000 2021-04-20T15:46:01+00:00 Create a Dashboard Page with Figma Design System Tue, 20 Apr 2021 15:35:12 +0000 2021-04-20T15:35:12+00:00 How To Sell An App Idea Tue, 20 Apr 2021 15:21:08 +0000 2021-04-20T15:21:08+00:00 Preparing Rustls for Wider Adoption <a href="">Comments</a> Tue, 20 Apr 2021 14:56:00 +0000 2021-04-20T14:56:00+00:00 Include-what-you-use: A tool to analyze includes in C and C++ source files <a href="">Comments</a> Tue, 20 Apr 2021 14:43:23 +0000 2021-04-20T14:43:23+00:00 Charm delivers Stripe's carbon removal purchase ahead of schedule <a href="">Comments</a> Tue, 20 Apr 2021 13:49:58 +0000 2021-04-20T13:49:58+00:00 Car Connectivity Consortium <a href="">Comments</a> Tue, 20 Apr 2021 11:28:36 +0000 2021-04-20T11:28:36+00:00 [eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing<img src="" height="1" width="1" alt=""/> Tue, 20 Apr 2021 11:06:50 +0000 2021-04-20T11:06:50+00:00 Porting Doom to the Fastly edge serverless platform <a href="">Comments</a> Tue, 20 Apr 2021 10:50:12 +0000 2021-04-20T10:50:12+00:00 120 Compromised Ad Servers Target Millions of Internet Users An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "convincing<img src="" height="1" width="1" alt=""/> Tue, 20 Apr 2021 10:41:36 +0000 2021-04-20T10:41:36+00:00 Take My Money: UX Practices on Product Page Design Tue, 20 Apr 2021 10:31:22 +0000 2021-04-20T10:31:22+00:00 Show HN: Manuzoid – Database of More Than 1M Manuals <a href="">Comments</a> Tue, 20 Apr 2021 10:22:35 +0000 2021-04-20T10:22:35+00:00 Useful Sketch plugins and where to find them Tue, 20 Apr 2021 09:25:31 +0000 2021-04-20T09:25:31+00:00 Continued Fractions in Haskell <a href="">Comments</a> Tue, 20 Apr 2021 09:24:54 +0000 2021-04-20T09:24:54+00:00 Prototype Pollution <a href="">Comments</a> Tue, 20 Apr 2021 08:54:49 +0000 2021-04-20T08:54:49+00:00 Show HN: Ruby code and tools for animating Voronoi diagrams <a href="">Comments</a> Tue, 20 Apr 2021 05:40:43 +0000 2021-04-20T05:40:43+00:00 Lazarus APT Hackers are now using BMP images to hide RAT malware A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information. Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes<img src="" height="1" width="1" alt=""/> Tue, 20 Apr 2021 05:33:45 +0000 2021-04-20T05:33:45+00:00 10 Most Important Robotic Process Automation (RPA) Tools in Demand Tue, 20 Apr 2021 05:25:36 +0000 2021-04-20T05:25:36+00:00 Complete guide on how to create an app like Bet365 Tue, 20 Apr 2021 04:55:09 +0000 2021-04-20T04:55:09+00:00 Detect When Specific Terms or Phrases Are Added to Any Site Mon, 19 Apr 2021 22:02:05 +0000 2021-04-19T22:02:05+00:00 Has a remote Amazonian tribe upended our understanding of language? (2007) <a href="">Comments</a> Mon, 19 Apr 2021 21:42:44 +0000 2021-04-19T21:42:44+00:00 How Restaurant Website Design Can Help You Sell More Food In 2021 Mon, 19 Apr 2021 17:24:46 +0000 2021-04-19T17:24:46+00:00 Vectornator 4.0 - An Illustrator’s Perspective Mon, 19 Apr 2021 15:17:19 +0000 2021-04-19T15:17:19+00:00 Generative art and vectorization from raster images or photo Mon, 19 Apr 2021 15:00:56 +0000 2021-04-19T15:00:56+00:00 Product Design and UI/UX Education: What are my options? Mon, 19 Apr 2021 11:59:49 +0000 2021-04-19T11:59:49+00:00 Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload<img src="" height="1" width="1" alt=""/> Mon, 19 Apr 2021 11:58:49 +0000 2021-04-19T11:58:49+00:00 Passwordless: More Mirage Than Reality The concept of "passwordless" authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn't want an easier way? That's the premise behind<img src="" height="1" width="1" alt=""/> Mon, 19 Apr 2021 11:20:51 +0000 2021-04-19T11:20:51+00:00 The Best Templates For Startup Website Mon, 19 Apr 2021 11:05:43 +0000 2021-04-19T11:05:43+00:00 Native vs Hybrid vs Web Apps - Which Mobile App Development is better for Businesses? Mon, 19 Apr 2021 07:15:29 +0000 2021-04-19T07:15:29+00:00 Establish a relationship with your user Mon, 19 Apr 2021 06:34:25 +0000 2021-04-19T06:34:25+00:00 I’ve spent 5 months building a tool to help you monetise your Airtable bases. Check out the journey so far! Sat, 17 Apr 2021 18:42:24 +0000 2021-04-17T18:42:24+00:00 SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information,<img src="" height="1" width="1" alt=""/> Sat, 17 Apr 2021 09:44:52 +0000 2021-04-17T09:44:52+00:00 What are the different roles within cybersecurity? People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles, while CyberSN, a recruiting organization, came up with its own list of 45 cybersecurity job categories<img src="" height="1" width="1" alt=""/> Sat, 17 Apr 2021 09:13:23 +0000 2021-04-17T09:13:23+00:00 When you ask the client for their vector logo Fri, 16 Apr 2021 19:12:31 +0000 2021-04-16T19:12:31+00:00 800+ Remote UXR Jobs Fri, 16 Apr 2021 18:17:57 +0000 2021-04-16T18:17:57+00:00 20 Awesome Tailwind Landing Page Templates Fri, 16 Apr 2021 09:14:02 +0000 2021-04-16T09:14:02+00:00 Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that<img src="" height="1" width="1" alt=""/> Fri, 16 Apr 2021 09:06:17 +0000 2021-04-16T09:06:17+00:00 US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR). "Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services<img src="" height="1" width="1" alt=""/> Fri, 16 Apr 2021 06:47:10 +0000 2021-04-16T06:47:10+00:00 Who are some of the most valuable freelance / agency people to follow? I run a membership site for freelancers and agencies that helps find outbound leads (it's called [Folyo]( Since I focus on a specific area, I'm looking for other good resources to recommend that touch on other topics. **Some of my current favorites are:** - [Double Your Freelancing by Brennan Dunn]( - [Jonathan Stark]( - [Freelance to Win by Danny Marguiles]( - [I Will Teach You to Be Rich by Ramit Sethi]( - [The Futur by Chris Do]( **Also been checking out:** - [Location Rebel by Sean Ogle]( - [Freelancing School by Jay Clouse]( Wondering if there's anyone else I should check out? Thu, 15 Apr 2021 17:17:42 +0000 2021-04-15T17:17:42+00:00 1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.<img src="" height="1" width="1" alt=""/> Thu, 15 Apr 2021 15:42:14 +0000 2021-04-15T15:42:14+00:00 8 Best Inkscape Alternatives (Free & Paid) Thu, 15 Apr 2021 14:44:08 +0000 2021-04-15T14:44:08+00:00 Inside Nintendo's secretive creative process Thu, 15 Apr 2021 11:59:52 +0000 2021-04-15T11:59:52+00:00 Our first artist, Bessa is Minty #rare digital art NFT. Support her with vote, or even Foundation Bid. Thu, 15 Apr 2021 10:57:44 +0000 2021-04-15T10:57:44+00:00 Malware Variants: More Sophisticated, Prevalent and Evolving in 2021 A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts.  The evolution<img src="" height="1" width="1" alt=""/> Thu, 15 Apr 2021 10:27:19 +0000 2021-04-15T10:27:19+00:00 YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems.<img src="" height="1" width="1" alt=""/> Thu, 15 Apr 2021 09:38:32 +0000 2021-04-15T09:38:32+00:00 5+ Best Cost Calculator WordPress Plugins Thu, 15 Apr 2021 08:49:00 +0000 2021-04-15T08:49:00+00:00 New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what's known as a "man-in-the-disk" attack that makes it possible for<img src="" height="1" width="1" alt=""/> Thu, 15 Apr 2021 06:55:19 +0000 2021-04-15T06:55:19+00:00 NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be<img src="" height="1" width="1" alt=""/> Thu, 15 Apr 2021 05:57:31 +0000 2021-04-15T05:57:31+00:00 16 Best Ruby Frameworks For Web Development Thu, 15 Apr 2021 04:27:48 +0000 2021-04-15T04:27:48+00:00 New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the<img src="" height="1" width="1" alt=""/> Wed, 14 Apr 2021 15:50:53 +0000 2021-04-14T15:50:53+00:00 Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves One of the biggest consequences of the rapidly evolving cybersecurity threat landscape is that defenses must constantly build bigger systems to defend themselves.  This leads to both more complex systems and often less communication between them. More importantly, it can lead companies to invest in disparate “best in class” components instead of finding the best fit for their needs. The constant<img src="" height="1" width="1" alt=""/> Wed, 14 Apr 2021 12:01:51 +0000 2021-04-14T12:01:51+00:00 Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine (<img src="" height="1" width="1" alt=""/> Wed, 14 Apr 2021 08:32:40 +0000 2021-04-14T08:32:40+00:00 Detecting the "Next" SolarWinds-Style Cyber Attack The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual<img src="" height="1" width="1" alt=""/> Tue, 13 Apr 2021 17:21:31 +0000 2021-04-13T17:21:31+00:00 New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security<img src="" height="1" width="1" alt=""/> Tue, 13 Apr 2021 12:24:29 +0000 2021-04-13T12:24:29+00:00 Hackers Using Website's Contact Forms to Deliver IcedID Malware Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review<img src="" height="1" width="1" alt=""/> Tue, 13 Apr 2021 11:51:30 +0000 2021-04-13T11:51:30+00:00 BRATA Malware Poses as Android Security Scanners on Google Play Store A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm<img src="" height="1" width="1" alt=""/> Tue, 13 Apr 2021 07:19:48 +0000 2021-04-13T07:19:48+00:00 RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed<img src="" height="1" width="1" alt=""/> Tue, 13 Apr 2021 06:33:30 +0000 2021-04-13T06:33:30+00:00 Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users' Data Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled<img src="" height="1" width="1" alt=""/> Mon, 12 Apr 2021 16:04:02 +0000 2021-04-12T16:04:02+00:00