‘Blood generation’: Artist Taloi Havini on Bougainville’s pain | Arts and Culture News

The scene is epic, full of portent. A young woman clothed in white poses enigmatically in the photo’s foreground. Behind her is a vista of denuded mountain slopes and below, a blue pool of water at the bottom of a deep mining pit. Above, sombre grey clouds hang low. It is a picture of dark and light, foreboding and timelessness. The photograph is the work of Taloi Havini, an artist from

Tracking the new coronavirus strains | Infographic News

New variants of the coronavirus have now been reported in at least 31 countries worldwide. One of these new strains named VUI-202012/01 was first reported in the United Kingdom on December 14 and is said to be up to 70 percent more transmissible than the previously dominant strain in the UK. This means it is spreading faster in the UK, making the pandemic there even harder to control and

Trump, McConnell division grows as Senate poised to override veto | Coronavirus pandemic News

A growing split between outgoing President Donald Trump and Republicans in the United States Congress widened on Wednesday as the Senate moved closer to overriding a Trump veto and Republican leaders rejected his bid for $2,000 stimulus cheques for Americans. In a one-two punch, the Senate voted overwhelmingly, 80 to 12, to begin reversing President Donald Trump’s veto of the US’s annual defence

It is time for a system overhaul in Iraq’s Kurdish region | Opinions News

On December 2, teachers and public employees peacefully demonstrated in the city of Sulaymaniyah in the semi-autonomous Kurdistan Region of Iraq (KRI), demanding their long-overdue salaries. The Kurdistan Regional Government (KRG) has been unable to pay civil servants in full for months due to an ongoing financial crisis. Instead of heeding their calls, the local authorities sent security forces

Trump’s bid for $2,000 stimulus cheques stalls in US Senate | Coronavirus pandemic News

United States President Donald Trump’s push for bigger $2,000 COVID-19 relief cheques stalled in the Senate on Tuesday as Republicans blocked a swift vote proposed by Democrats and split within their own ranks over whether to boost spending or defy the White House. Senate Majority Leader Mitch McConnell threw up roadblocks to Trump’s request to increase the cheques from $600 for millions of

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google’s Vulnerability Reward Program. Many of

Israel shuts down Ramon prison due to COVID infections | Coronavirus pandemic News

Palestinian NGO said the increase in virus cases among Israeli jailers is the ‘first source of transmission’ to prisoners. Israeli prison authorities have closed down the Ramon prison after detecting several coronavirus infections among prisoners and guards, according to the Palestinian Prisoner Society (PPS). There was no comment from Israeli authorities but the PPS said on Sunday that the

AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One,

US: Ohio policeman fired over fatal shooting of Andre Hill | Black Lives Matter News

Adam Coy, a 17-year veteran, was fired from the Columbus, Ohio police force after shooting Andre Hill, a Black man. A white Ohio police officer in the United States was fired on Monday after bodycam footage showed him fatally shooting 47-year-old Andre Hill – a Black man who was holding a cellphone – and refusing to administer first aid for several minutes. Columbus police officer Adam Coy was

Vote count under way in Niger’s presidential election | Elections News

Almost 7.5 million cast their vote to choose a successor to President Issoufou. Vote counting has begun in Niger after an election that could lead to the country’s first peaceful transition of power since its independence from France 60 years ago. Almost 7.5 million people cast their vote on Sunday to choose a successor to President Mahamadou Issoufou who is stepping down after two five-year

Police name person under investigation in Nashville bombing | Crime News

Christmas day explosion wounded three people and damaged dozens of businesses, including an AT&T switching centre. Nashville Police have said Anthony Quinn Warner is under investigation in connection with the Christmas Day bombing that rocked the US city of Nashville. Metro Nashville Police Department Spokesman Don Aaron confirmed Warner’s identity on Sunday. Federal and state investigators

Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber and fraud offences, the UK National Crime Agency (NCA) said. Of the 21 arrested — all men aged

‘Message of hope’: Europe launches COVID vaccination campaign | Coronavirus pandemic News

Health care workers, the elderly and leading politicians got some of the first shots across the bloc to reassure the public that the vaccinations are safe. Europe has launched an enormous COVID vaccination drive, with elderly patients and medics lining up to take the first shots in hopes of seeing off the pandemic that has crippled economies and claimed more than 1.7 million lives worldwide.

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from a security

Biden slams Trump for refusing to sign COVID relief bill | Coronavirus pandemic News

United States President-elect Joe Biden is urging Donald Trump to sign into law an $892bn COVID-19 funding and relief bill that would provide much-needed support to Americans hit hard by the virus and an economic downturn caused by the pandemic. In a written statement, Biden, who is set to take office on January 20, accused Trump of an “abdication of responsibility” that could have “devastating

Spain confirms first case of coronavirus variant found in UK | Coronavirus pandemic News

Announcement comes after authorities in France and Lebanon also confirm cases of the UK variant. Four cases of a coronavirus variant that recently emerged in the United Kingdom and is believed to be particularly infectious, have been confirmed in Madrid, the regional government has said. All four cases, the first detected in Spain, involved people who recently arrived from the UK, the Madrid

Armenia’s leader backs early vote next year after mass protests | Europe News

The opposition is calling for PM Nikol Pashinyan’s resignation over his handling of the Nagorno-Karabakh conflict with Azerbaijan. Armenian Prime Minister Nikol Pashinyan has backed the prospect of early parliamentary elections next year, after huge protests over his handling of the Nagorno-Karabakh conflict with Azerbaijan. Pashinyan wrote on Facebook on Friday that he was inviting

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company’s email. The hacking endeavor was reported to the company by Microsoft’s Threat Intelligence Center on December 15, which identified a third-party reseller’s Microsoft Azure account to be making “abnormal

As violence grips Ethiopia, June parliamentary vote announced | Ethiopia News

Election, which was set to take place in August, was delayed because of the pandemic, as new date is set amid fresh violence. Ethiopia will hold a parliamentary election on June 5, 2021, its National Electoral Board has said on Friday, after postponing the vote from August this year because of the COVID-19 pandemic. The chairman of the winning party becomes prime minister. News of the vote

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Canada receives first shipment of Moderna COVID vaccines | Coronavirus pandemic News

Officials say Moderna vaccine will be distributed to remote, isolated communities in northern Canada. Canada has received its first shipment of Moderna Inc’s COVID-19 vaccines, Prime Minister Justin Trudeau said Thursday, as the country urged people to limit their contacts during the Christmas and New Year’s holidays. Trudeau said the first shipment of Moderna vaccines is part of the 168,000

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

Google’s Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24. Originally tracked as CVE-2020-0986, the flaw

At least 20 migrants drown after boat sinks off Tunisia | Refugees News

Coastguard rescues five people, as Tunisian official says 45 people were on the boat when it capsized. At least 20 migrants and refugees died when their boat capsized off Tunisia’s coast as they tried to cross the Mediterranean to the Italian island of Lampedusa, Tunisian authorities said. The Tunisian coastguard rescued five people and the search for more was continuing, National Guard

North Korean Hackers Trying to Steal COVID-19 Vaccine Research

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries’ vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting

Coalition of rights groups joins suit against Israeli firm NSO | Cybersecurity News

Facebook last year filed a lawsuit against NSO, accusing it of subverting WhatsApp to hack into phones of activists. A coalition of human rights groups on Wednesday joined Facebook’s lawsuit against Israeli spyware vendor NSO, alleging that the company “prioritizes profit to the detriment of human rights”. The organisations – including internet rights group Access Now, London-based Amnesty

New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices

The US Cybersecurity Infrastructure and Security Agency (CISA) has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks. The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two

How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis

As if the exponential rise in phishing scams and malware attacks in the last five years wasn’t enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol’s COVID-19 Cybercrime Analysis Report, based on the feedback of

UK, EU to hold crisis talks again with days until Brexit deadline | Boris Johnson News

UK PM and top EU official set for crunch call as fractious talks over a post-Brexit trade deal drag on. British Prime Minister Boris Johnson and European Commission President Ursula von der Leyen are expected to hold another crisis call, as talks over a post-Brexit trade deal between the United Kingdom and European Union go down to the wire. The pair are set to speak on Wednesday or Thursday,

Law Enforcement Seizes Joker’s Stash — Stolen Credit Card Marketplace

The US Federal Bureau of Investigation (FBI) and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker’s Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week on December 17. The operators of Joker’s Stash operate several versions of the platform, including

Previously loved: Shoppers flock to second-hand luxury fashion | Coronavirus pandemic News

Covid-19 has made most shoppers cost-conscious this holiday season, but those with cash to burn are still finding ways to splurge. As retail sales in general suffer, luxury fashion—the previously owned kind—is flying off the shelves. Peer-to-peer online luxury consignment shop Tradesy reported a jump in sales over the past few weeks. Customers are stocking up on used high-end shoes, jewelry and

Cybercriminals’ Favorite Bulletproof VPN Service Shuts Down In Global Action

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol’s European Cybercrime Centre (EC3), announced today the coordinated takedown of Safe-Inet, a popular virtual private network (VPN) service that was used to facilitate criminal activity. The three domains in question — insorg[.]org, safe-inet[.]com, and safe-inet[.]net — were shut down, and their

A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider’s Orion software to drop a similar persistent backdoor on target systems. “The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the

German sisters’ Corona board game sells out for Christmas | Coronavirus pandemic News

The game can be played by up to four players who compete to buy groceries on a shopping list for an elderly neighbour who is shielding against the virus. At a loose end during Germany’s first lockdown, the four Schwaderlapp sisters decided to put their long hours indoors to good use – by inventing a coronavirus board game that is selling by the thousands. “Corona – the rush to the shops” can

Texas police release video of officer shooting Joshua Feast | Police News

A lawyer for Feast’s family, Ben Crump, says footage portrays ‘a defenceless man who was shot in the back’. Police in a Houston suburb released body-camera footage Monday of an officer fatally shooting a Black man in the back, though key moments of the night-time encounter were missing or obscured. The footage released by the La Marque Police Department does not include audio for the first 30

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

A team of researchers today unveils two critical security vulnerabilities it discovered in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS

Common Security Misconfigurations and Their Consequences

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later – so let’s look at a few common security misconfigurations. The first one is development permissions that don’t get changed when something goes live. For example, AWS S3

Coronavirus: Denmark to exhume millions of mink from mass graves | Coronavirus pandemic News

Move comes amid health risk fears after mink carcasses rose from the ground, pushed up by gasses from decomposition. Denmark will exhume millions of mink from mass graves after some carcasses resurfaced following a cull last month, raising concerns over health risks. Officials ordered Denmark’s entire herd of approximately 15 million mink – which are farmed for their furs and prized in the

iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto’s Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al

Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of Microsoft’s compromise was first reported by Reuters, which also said the company’s own products were then

Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals (Without Wi-Fi Hardware)

A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel—surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems. Dubbed “AIR-FI,” the attack hinges on deploying a specially designed malware in a compromised system that exploits “DDR SDRAM buses

Software Supply-Chain Attack Hits Vietnam Government Certification Authority

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency’s digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, the “SignSight” attack involved modifying software installers hosted on the CA’s website (“

How to Use Password Length to Set Best Password Expiration Policy

One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limited in configuration settings. Let’s take a look at a few best practices that have changed in regards

Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy

Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads

New 5G Network Flaws Let Attackers Track Users’ Locations and Steal Data

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic. The findings form the basis of a new “5G Standalone core

New Evidence Suggests SolarWinds’ Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds’ internal network and poison the company’s software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed

What is Geocoding? — How to Find Coordinates of An Address

How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet, it can also help web development by enhancing UX through reverse geocoding. Not to mention

SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to

Download the Essential Guide to Response Automation

In the classic children’s movie ‘The Princess Bride,’ one of the characters utters the phrase, “You keep using that word. I do not think it means what you think it means.” It’s freely used as a response to someone’s misuse or misunderstanding of a word or phrase. “Response Automation” is another one of those phrases that have different meanings to different people. It’s bantered around by the

Nearly 18,000 SolarWinds Customers Installed Backdoored Software

SolarWinds, the enterprise monitoring software provider which found itself at the epicenter of the most consequential supply chain attacks, said as many as 18,000 of its high-profile customers might have installed a tainted version of its Orion products. The acknowledgment comes as part of a new filing made by the company to the US Securities and Exchange Commission on Monday. The Texas-based

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called “Gitpaste-12,” which used GitHub to host malicious code containing as many as