Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at


hpr3821 :: The Oh No! News.

Oh No! News, is Good News.

<< First, < Previous, , Latest >>

Thumbnail of Some Guy On The Internet
Hosted by Some Guy On The Internet on 2023-03-27 is flagged as Clean and is released under a CC-BY-SA license.
Oh No, News, Threat analysis, InfoSec, User space. 2.
The show is available on the Internet Archive at: https://archive.org/details/hpr3821

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:13:17

general.

The Oh No! news.

Oh No! News, is Good News.


  • Threat analysis; your attack surface.
    • TAGS: Malware, Phishing, Security Breach
  • GoDaddy, a Web Hosting Provider Hit Multiple Times by the Same Group.
    • This month, GoDaddy, a leading web hosting provider, revealed that it had experienced a major security breach over several years, resulting in the theft of company source code, customer and employee login credentials, and the introduction of malware onto customer websites.
    • Major Security Breach: Spanning several years.
      • Data Breach: Employee login credentials & customer data.
      • 10-k form Filled with the U.S. Securities and Exchange Commission.
      • sec: GoDaddy Announces Security Incident Affecting Managed WordPress Service.
      • Malware: Compromising customer websites managed by GoDaddy.
      • Phishing Attacks: Exposed customer data including login credentials, email addresses, and SSL private keys.
  • Chick-Fil-A Customers are Victims of a Data Breach.
    • Fast-food chain Chick-fil-A has issued a warning to customers regarding a recent data security breach. The incident occurred between Dec. 18, 2022 and Feb. 12, 2023, during which unauthorized parties gained access to customer information, according to a statement posted on the California Attorney General’s website on Tuesday.
      • Data Breach: membership numbers, mobile pay numbers, QR codes, last 4 digits of credit/debit card numbers, credits on Chick-fil-A accounts, birthdays, phone numbers, and addresses.
  • New phishing campaign uses fake ChatGPT platform to scam eager investors.
    • Bitdefender Antispam Labs confirmed that these scams initiate with an email containing a link that directs users to a copycat version of ChatGPT. The goal of this copycat version is to convince users that they can earn as much as $10,000 per month on the duplicate ChatGPT platform.
    • Phishing: Email based scam.
  • LassPass Security Incident Update and Recommended Actions.
    • Major Security Breach: Spanning multiple years.
      • Data Breach: Employee login credentials, source code & other intellectual property, customer data.
      • Malware: Attackers exploited third-party software to compromise company systems by delivering a keylogger type malware.

  • InfoSec; the language of security.
    • TAGS: Information Security, Monitoring
  • Bitwarden flaw can let hackers steal passwords using iframes.
    • Bitwarden highlights that the autofill feature is a potential risk and even includes a prominent warning in its documentation, specifically mentioning the likelihood of compromised sites abusing the autofill feature to steal credentials.
    • Phishing: Sniff credentials from a webpage HTML inline frame.
    • wikipedia: An inline frame places another HTML document in a frame. Unlike an <object /> element, an <iframe> can be the "target" frame for links defined by other elements, and it can be selected by the user agent as the focus for printing, viewing its source, and so on. The content of the element is used as alternative text to be displayed if the browser does not support inline frames. A separate document is linked to a frame using the src attribute inside the <iframe />, an inline HTML code is embedded to a frame using the srcdoc attribute inside the <iframe /> element. First introduced by Microsoft Internet Explorer in 1997, standardized in HTML 4.0 Transitional, allowed in HTML5.

  • User space.
    • TAGS: Solutions, Services
  • Flathub’s Got Big Plans for 2023.
    • Developers are flocking to Flathub in droves, which means users are too, and even Linux distributions (well, bar one) are getting in on the action by making making it easier to install apps from Flathub with the friction of setting things up using terminal commands or odd sounding download files.
    • Flathub Beta site: Welcome to Flathub, the home of hundreds of apps which can be easily installed on any Linux distribution. Browse the apps online, from your app center or the command line.


Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2023-03-27 15:07:12 by Trey

Mastodon?

These news shorts are great. Keep them up. You mentioned that you are on Mastodon. What username should we use to connect with you there?

Comment #2 posted on 2023-03-28 22:45:52 by Some Guy On The Internet

My Mastodon handle.

@Yung_Lyun@mastodon.social

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
What is the HOST_ID for the host of this show?
What does HPR mean to you?