Feed aggregator

Article URL: https://aisearchwatch.com/t/protect-from-ai/

Comments URL: https://news.ycombinator.com/item?id=42021689

Points: 1

# Comments: 0

Article URL: https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/

Comments URL: https://news.ycombinator.com/item?id=42021676

Points: 1

# Comments: 0

Article URL: https://brunothedev.github.io/p/2024-11-01-life_isnt_statistics.html

Comments URL: https://news.ycombinator.com/item?id=42021672

Points: 1

# Comments: 0

Keep an eye on your home while you're asleep or away with this affordable smart home security camera.

Hey HN community,

Excited to share my new project tailored for web developers! I’ve built an AI-powered tool that combines the power of AI and Tailwind CSS to help you create beautiful, responsive landing pages in seconds. No more painstaking hours of coding and design – our tool generates wireframes that you can export and further customize with ease.

I’m in the beta phase and would greatly appreciate your feedback. As a token of appreciation, I’m offering limited free access to the beta. Your insights will be crucial in refining and enhancing the tool to meet our community's needs.

Don't miss out! Visit landmarkai.dev to sign up for free and be a part of this exciting journey.

Thanks for your support, and happy coding!

Joey Jiron

Comments URL: https://news.ycombinator.com/item?id=42021627

Points: 1

# Comments: 0

Article URL: https://www.netmeister.org/blog/tls-hybrid-kex.html

Comments URL: https://news.ycombinator.com/item?id=42021622

Points: 1

# Comments: 0

Article URL: https://www.theguardian.com/world/2024/nov/01/finland-exports-snow-saving-mats-ski-resorts-climate-crisis

Comments URL: https://news.ycombinator.com/item?id=42021615

Points: 1

# Comments: 0

For a side project of mine, I collect the IP address of users, log it to my server where the country of the user is identified(using ipinfo.io in the backend) and is saved in the database. Since I'm not storing the IP address as such, am I GDPR compliant? Do I need to add a consent banner?

I just store the country name.

Comments URL: https://news.ycombinator.com/item?id=42021614

Points: 1

# Comments: 0

Article URL: https://jessitron.com/2021/03/27/those-pesky-pull-request-reviews/

Comments URL: https://news.ycombinator.com/item?id=42021608

Points: 1

# Comments: 0

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.

According to the market share website statista.com, booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message via SMS within minutes of making a reservation at a California hotel via booking.com.

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized.

The phishing SMS our reader’s friend received after making a reservation at booking.com in late October.

In an email to KrebsOnSecurity, booking.com confirmed one of its partners had suffered a security incident that allowed unauthorized access to customer booking information.

“Our security teams are currently investigating the incident you mentioned and can confirm that it was indeed a phishing attack targeting one of our accommodation partners, which unfortunately is not a new situation and quite common across industries,” booking.com replied. “Importantly, we want to clarify that there has been no compromise of Booking.com’s internal systems.”

The phony booking.com website generated by visiting the link in the text message.

Booking.com said it now requires 2FA, which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password.

“2FA is required and enforced, including for partners to access payment details from customers securely,” a booking.com spokesperson wrote. “That’s why the cybercriminals follow-up with messages to try and get customers to make payments outside of our platform.”

“That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued.

It’s unclear, however, if the company’s 2FA requirement is enforced for all or just newer partners. Booking.com did not respond to questions about that, and its current account security advice urges customers to enable 2FA.

A scan of social media networks showed this is not an uncommon scam.

In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware. SecureWorks said these attacks had been going on since at least March 2023.

“The hotel did not enable multi-factor authentication (MFA) on its Booking.com access, so logging into the account with the stolen credentials was easy,” SecureWorks said of the booking.com partner it investigated.

In June 2024, booking.com told the BBC that phishing attacks targeting travelers had increased 900 percent, and that thieves taking advantage of new artificial intelligence (AI) tools were the primary driver of this trend.

Booking.com told the BCC the company had started using AI to fight AI-based phishing attacks. Booking.com’s statement said their investments in that arena “blocked 85 million fraudulent reservations over more than 1.5 million phishing attempts in 2023.”

The domain name in the phony booking.com website sent via SMS to our reader’s friend — guestssecureverification[.]com — was registered to the email address ilotirabec207@gmail.com. According to DomainTools.com, this email address was used to register more than 700 other phishing domains in the past month alone.

Many of the 700+ domains appear to target hospitality companies, including platforms like booking.com and Airbnb. Others seem crafted to phish users of Shopify, Steam, and a variety of financial platforms. A full, defanged list of domains is available here.

A cursory review of recent posts across dozens of cybercrime forums monitored by the security firm Intel 471 shows there is a great demand for compromised booking.com accounts belonging to hotels and other partners.

One post last month on the Russian-language hacking forum BHF offered up to $5,000 for each hotel account. This seller claims to help people monetize hacked booking.com partners, apparently by using the stolen credentials to set up fraudulent listings.

A service advertised on the English-language crime community BreachForums in October courts phishers who may need help with certain aspects of their phishing campaigns targeting booking.com partners. Those include more than two million hotel email addresses, and services designed to help phishers organize large volumes of phished records. Customers can interact with the service via an automated Telegram bot.

Some cybercriminals appear to have used compromised booking.com accounts to power their own travel agencies catering to fellow scammers, with up to 50 percent discounts on hotel reservations through booking.com. Others are selling ready-to-use “config” files designed to make it simple to conduct automated login attempts against booking.com administrator accounts.

SecureWorks found the phishers targeting booking.com partner hotels used malware to steal credentials. But today’s thieves can just as easily just visit crime bazaars online and purchase stolen credentials to cloud services that do not enforce 2FA for all accounts.

That is exactly what transpired over the past year with many customers of the cloud data storage giant Snowflake. In late 2023, cybercriminals figured out that while tons of companies had stashed enormous amounts of customer data at Snowflake, many of those customer accounts were not protected by 2FA.

Snowflake responded by making 2FA mandatory for all new customers. But that change came only after thieves used stolen credentials to siphon data from 160 companies — including AT&T, Lending Tree and TicketMaster.

Article URL: https://www.tomshardware.com/tech-industry/artificial-intelligence/intel-says-it-will-miss-its-ai-goals-with-gaudi-3-unbaked-software-leaves-intels-usd500-million-ai-goal-unachievable-as-competitors-rake-in-billions

Comments URL: https://news.ycombinator.com/item?id=42021584

Points: 1

# Comments: 0

Article URL: https://jamesclear.com/great-speeches/roadkill-on-the-information-highway-by-nathan-myhrvold

Comments URL: https://news.ycombinator.com/item?id=42021576

Points: 1

# Comments: 1

Article URL: https://woodruffw.github.io/zizmor/

Comments URL: https://news.ycombinator.com/item?id=42021563

Points: 1

# Comments: 0

Article URL: https://developer.mozilla.org/en-US/blog/how-to-land-your-first-developer-job/

Comments URL: https://news.ycombinator.com/item?id=42021554

Points: 1

# Comments: 1

Article URL: https://www.bloomberg.com/news/newsletters/2024-11-01/using-foia-to-lift-the-veil-of-secrecy-on-a-cold-war-secret

Comments URL: https://news.ycombinator.com/item?id=42021549

Points: 2

# Comments: 0

Article URL: https://arxiv.org/abs/2212.10496

Comments URL: https://news.ycombinator.com/item?id=42021539

Points: 2

# Comments: 0

Article URL: https://medicalxpress.com/news/2024-10-portable-device-colorectal-prostate-cancer.html

Comments URL: https://news.ycombinator.com/item?id=42021535

Points: 17

# Comments: 1

Article URL: https://arxiv.org/abs/2410.05192

Comments URL: https://news.ycombinator.com/item?id=42021531

Points: 1

# Comments: 0

Article URL: https://leetcodewizard.io/

Comments URL: https://news.ycombinator.com/item?id=42021518

Points: 1

# Comments: 0

Article URL: https://www.tomshardware.com/pc-components/cpus/intel-outlines-plan-to-break-free-from-tsmc-manufacturing-70-percent-of-panther-lake-at-intel-fabs-nova-lake-almost-entirely-in-house

Comments URL: https://news.ycombinator.com/item?id=42021513

Points: 3

# Comments: 0