Roundcube Webmail Vulnerability Exploited in Government Attack
A threat actor was caught attempting to exploit a recent vulnerability in Roundcube Webmail against a governmental organization in a Commonwealth of Independent States (CIS) country, cybersecurity firm Positive Technologies reports.
Tracked as CVE-2024-37383 and described as a cross-site scripting (XSS) issue affecting the way Roundcube was handling SVG animate attributes, the bug was patched on May 19 in Roundcube Webmail versions 1.5.7 and 1.6.7.
See more: https://www.securityweek.com/roundcube-webmail-vulnerability-exploited-in-government-attack/
#cybersecurity #security
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
"Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine your data is now in the hands of some random guy. If not me, it'd be someone else."
BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what they knew about how the breach occurred and why it was done, but we never received a response.
See more: https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/
#cybersecurity #security
Cisco takes DevHub portal offline after hacker publishes stolen data
Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached.
This statement comes after a threat actor known as IntelBroker claimed to have breached Cisco and attempted to sell data and source code stolen from the company.
Screenshots and files, provided to BleepingComputer, showed that the threat actor had access to most, if not all, of the data stored on this portal. This data included source code, configuration files with database credentials, technical documentation, and SQL files.
See more: https://www.bleepingcomputer.com/news/security/cisco-takes-devhub-portal-offline-after-hacker-publishes-stolen-data/
#cybersecurity #security
Internet Archive and Wayback Machine Resurrect After DDoS Wave
Most of Internet Archive’s services have resumed after a series of distributed denial-of-service (DDoS) attacks took the world’s largest digital library’s website offline several times over the past few days.
In a blog post published on October 18, the non-profit confirmed that many services are now up and running, including its Wayback Machine, Archive-It, scanning and national library crawls, email, blog, helpdesk and social media communications.
See more: https://www.infosecurity-magazine.com/news/internet-archive-wayback-machine/
#hacking
Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
The latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing ‘Spectre’ mitigations.
The vulnerabilities impact Intel's 12th, 13th, and 14th chip generations for consumers and the 5th and 6th generation of Xeon processors for servers, along with AMD's Zen 1, Zen 1+, and Zen 2 processors.
See more: https://www.bleepingcomputer.com/news/security/intel-amd-cpus-on-linux-impacted-by-newly-disclosed-spectre-bypass/
#cybersecurity #security
Undercover North Korean IT workers now steal data, extort employers
North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization's network and asking for a ransom to not leak it.
They avoided video during calls or resorted to various tricks while on the job to hide their face during video conferences, such as using artificial intelligence tools.
Dispatching IT workers to seek employment at companies in wealthier nations is a tactic that North Korea has been using for years as a means to obtain privileged access for cyberattacks or to generate revenue for the country's weapons programs.
See more: https://www.bleepingcomputer.com/news/security/undercover-north-korean-it-workers-now-steal-data-extort-employers/
#cybersecurity #security
Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser
Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data.
The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code.
See more:
https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html
#cybersecurity #security
Google: 70% of exploited flaws disclosed in 2023 were zero-days
Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software.
Specifically, of the 138 vulnerabilities disclosed as actively exploited in 2023, Mandiant says 97 (70.3%) were leveraged as zero-days.
See more: https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/
#cybersecurity #security
VMware Patches High-Severity SQL Injection Flaw in HCX Platform
VMWare on Wednesday called urgent attention to a critical remote code execution flaw haunting users of its enterprise-facing HCX application mobility platform.
The vulnerability, tagged as CVE-2024-38814, carries a CVSS severity score of 8.8/10 and allows attackers with non-administrator privileges to execute remote code on the HCX manager.
The security defect impacts multiple versions of the VMware HCX platform, including versions 4.8.x, 4.9.x, and 4.10.x.
See more: https://www.securityweek.com/vmware-patches-high-severity-sql-injection-flaw-in-hcx-platform/
#cybersecurity #security
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU
Oracle on Tuesday announced 334 new security patches as part of its October 2024 Critical Patch Update (CPU), including 186 fixes for vulnerabilities that can be exploited remotely without authentication.
SecurityWeek has identified roughly 220 unique CVEs in Oracle’s October 2024 CPU. Approximately three dozen security patches resolve critical-severity flaws.
See more: https://www.securityweek.com/oracle-patches-over-200-vulnerabilities-with-october-2024-cpu/
#cybersecurity #security
Experts Play Down Significance of Chinese Quantum “Hack”
Security experts have urged caution after a stream of doom-laden reports in recent days claimed Chinese researchers have cracked military-grade encryption using quantum computing technology.
“While the research shows quantum computing's potential threat to classical encryption, the attack was executed on a 22-bit key – far shorter than the 2048 or 4096-bit keys commonly used in practice today. The suggestion that this poses an imminent risk to widely used encryption standards is misleading,” DigiCert head of R&D Avesta Hojjati argued.
“This research, while intriguing, does not equate to an immediate quantum apocalypse.”
See more: https://www.infosecurity-magazine.com/news/experts-play-down-chinese-quantum/
#cybersecurity #security
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns
"This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week.
Some of the new variants of the malware have also been equipped to harvest the device's unlock pattern or PIN by presenting to the victim a deceptive User Interface (UI) - a full screenn HTML page, that mimics the device's actual unlock screen. It collects and sends users unlock pattern/PIN, alongside a unique device identifier to an attacker-controlled server.
See more: https://thehackernews.com/2024/10/trickmo-banking-trojan-can-now-capture.html
#cybersecurity #security
GitHub Patches Critical Vulnerability in Enterprise Server
Code hosting platform GitHub has released patches for a critical-severity vulnerability in GitHub Enterprise Server that could lead to unauthorized access to affected instances.
Tracked as CVE-2024-9487 (CVSS score of 9.5), the bug was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.
The vulnerability was resolved in GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2, which also address a medium-severity information disclosure bug that could be exploited through malicious SVG files.
See more: https://www.securityweek.com/github-patches-critical-vulnerability-in-enterprise-server/
#cybersecurity #security
New FIDO proposal lets you securely move passkeys across platforms
The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers.
Passkeys are a method of authentication without a password that leverages public-key cryptography to authenticate users without requiring them to remember or manage long strings of characters.
The new specification that FIDO proposes essentially addresses the lack of widely accepted secure standards for credential transfer, eliminating the complications or practical limitations when switching between providers.
The drafts were developed with the contribution of specialists from FIDO associate members and stakeholders like Dashlane, Bitwarden, 1Password, NordPass, and Google.
See more: https://www.bleepingcomputer.com/news/security/new-fido-proposal-lets-you-securely-move-passkeys-across-platforms/
#cybersecurity #security
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security.
PPTP is vulnerable to offline brute force attacks of captured authentication hashes, and L2TP provides no encryption unless coupled with another protocol, like IPsec. However, if L2TP/IPsec is not configured correctly, it can introduce weaknesses that make it susceptible to attacks.
"The move is part of Microsoft's strategy to enhance security and performance by transitioning users to more robust protocols like Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2)," Microsoft announced in a post this week.
See more:
https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/
#cybersecurity #privacy #security
Google warns uBlock Origin and other extensions may be disabled soon
The warning includes a link to a Google support bulletin that states the browser extension may be disabled to protect users' privacy and security.
"To better protect your privacy and security, Chrome and the Chrome Web Store require extensions to be up-to-date with new requirements," reads Google's support bulletin.
"uBO is a Manifest v2 extension, hence the warning in your Google Chrome browser. There is no Manifest v3 version of uBO, hence the browser will suggest alternative extensions as a replacement for uBO,"
See more: https://www.bleepingcomputer.com/news/google/google-warns-ublock-origin-and-other-extensions-may-be-disabled-soon/
#security #cybersecurity #privacy
Cisco investigates breach after stolen data for sale on hacking forum
"Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!," reads the post to a hacking forum.
IntelBroker also shared samples of the alleged stolen data, including a database, customer information, various customer documentation, and screenshots of customer management portals.
However, the threat actor did not provide further details about how the data was obtained.
See more: https://www.bleepingcomputer.com/news/security/cisco-investigates-breach-after-stolen-data-for-sale-on-hacking-forum/
#security #cybersecurity #privacy
Recent Firefox Zero-Day Exploited Against Tor Browser Users
Patches for CVE-2024-9680, which were included in Firefox version 131.0.2 and Firefox ESR versions 128.3.1 and 115.16.1, are rolling out in Tor browser version 13.5.7.
The Tor Project noted that Mozilla is aware of attacks exploiting CVE-2024-9680 against Tor Browser users.
“Using this vulnerability, an attacker could take control of Tor browser, but probably not deanonymize you in Tails,” Tor’s maintainers explained.
See more: https://www.securityweek.com/recent-firefox-zero-day-exploited-against-tor-browser-users/
#security #cybersecurity #privacy
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
Jetpack is a popular WordPress plugin by Automattic that provides tools to enhance website functionality, security, and performance. According to the vendor, the plugin is installed on 27 million websites.
The issue was discovered during an internal audit and impacts all Jetpack versions since 3.9.9, released in 2016.
See more: https://www.bleepingcomputer.com/news/security/jetpack-fixes-critical-information-disclosure-flaw-existing-since-2016/https://thehackernews.com/2024/10/wordpress-plugin-jetpack-patches-major.html
#security #cybersecurity
If you want to track the latest news about cyber security and privacy, check the zCat!
zCat is an Android app, which lets you create your own news feed.
It also tracks ZCash, privacy focused cryptocurrency based on ZK 😎
https://play.google.com/store/apps/details?id=crypto.crab.app.zcat
#zcash #privacy #security
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems
Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.
The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.
"A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary command," SSD Disclosure said in an advisory for the flaw released late last month, stating the vendor has yet to provide a fix or a workaround.
See more: https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html
#security #hacking
69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail
In fact, thanks to Bitcoin's wild appreciation in recent years, it appears to be the largest ever criminal seizure of money of any kind to be added to the US federal budget.
The $4.4 billion in crypto from Silk Roads case is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent Tigran Gambaryan who seized the record-breaking sum, meanwhile, languishes in a Nigerian jail cell.
The Nigerian government detained Gambaryan, took his passport, and has now jailed him for over six months, charging him with money laundering and tax evasion as a proxy for his employer (Binance).
See more: https://www.wired.com/story/4-4-billion-silk-road-bitcoin-tigran-gambaryan/
#bitcoin
Fidelity Investments says data breach affects over 77,000 people
Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August.
When asked how the attacker could access the data of thousands of customers using two accounts they previously created, Michael Aalto, Fidelity's head of external corporate comms, told BleepingComputer they couldn't share that information and added that "they did not view accounts. They viewed customer information".
See more: https://www.bleepingcomputer.com/news/security/fidelity-investments-says-data-breach-affects-over-77-000-people/
#security #privacy
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.
Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.
"An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches," GitLab said in an advisory.
See more: https://thehackernews.com/2024/10/new-critical-gitlab-vulnerability-could.html
#security
FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation
"Three market makers — ZM Quant, CLS Global, and MyTrade — along with their employees are charged with allegedly wash trading and/or conspiring to wash trade on behalf of NexFundAI, a cryptocurrency company and token created at the direction of law enforcement as part of the government's investigation," the DoJ said.
"A fourth market maker, Gotbit, its CEO, and two of its directors are also charged for perpetrating a similar scheme."
Some says they joined CIA and NSA club with releasing crypto to track criminal activity 👀
See more: https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html
#security #privacy #crypto
AI 'Nude Photo Generator' Delivers Infostealers Instead of Images!
The notorious FIN7 threat group is combining artificial intelligence (AI) with social engineering in an aggressive, adult-themed threat campaign that dangles lures for access to technology that can "deepfake" nude photos — all to fool people into installing infostealing malware.
Detailed description in the article, it seems the journalist did her homework 😊
See more: https://www.darkreading.com/endpoint-security/ai-nude-photo-generator-delivers-infostealers
#security #malware
MoneyGram confirms hackers stole customer data in cyberattack:
MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage
The threat actors stole a varied amount of sensitive customer information, including transaction information, email addresses, postal addresses, names, phone numbers, utility bills, government IDs, and social security numbers.
See more: https://www.bleepingcomputer.com/news/security/moneygram-confirms-hackers-stole-customer-data-in-cyberattack/
#security
Firefox Zero-Day Under Attack: Update Your Browser Immediately!
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2024-9680, discovered by ESET researcher Damien Schaeffer, has been described as a use-after-free bug in the Animation timeline component.
"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla said in a Wednesday advisory.
The issue has been addressed in the following versions of the web browser:
Firefox 131.0.2
Firefox ESR 128.3.1, and
Firefox ESR 115.16.1.
See more:
https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.htmlhttps://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/
#security #cve
Internet Archive hacked, data breach impacts 31 million users
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP (Have I Been Pwned)!," reads a JavaScript alert shown on the compromised archive.org site.
See more: https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
#security #privacy
AT&T, Verizon reportedly hacked to target US govt wiretapping platform!
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports.
The purpose of the attack appears to be for intelligence collection as the hackers might have had access to systems used by the U.S. federal government for court-authorized network wiretapping requests. The exploit run 'for a few months or longer'.
The threat actor attacked also hotels, engineering companies, and law firms in Brazil, Burkina Faso, South Africa, Canada, Israel, France, Guatemala, Lithuania, Saudi Arabia, Taiwan, Thailand, and the United Kingdom.
See more: https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
#security
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
Attack on the supply chain - libraries used by developers to put together the final product (= their application) is getting hot again. Malicious packages were able to fetch executable code from remote and make a couple sad faces.
See more in the original post from The Hacker News: https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html
#security
For these who missed it: Mozilla Faces GDPR Complaint Over New Firefox Tracking Feature
NOYB, a European privacy group has filed a complaint with Austrian authorities, alleging that Mozilla breached GDPR by enabling “Privacy Preserving Attribution” (PPA), a tracking feature in Firefox, by default without user consent.
It got spicy with July's update to version 128, when Mozilla jumped on Google like dark side to collect data for advertisers = monetizing Firefox users (their thinking was probably something like this: when websites are doing it, when Google is doing it, why not us 🤷♂️
How to turn it off and more details in the original article by Hackread: https://hackread.com/mozilla-gdpr-complaint-firefox-tracking-feature/
#privacy #privacymatters
Ireland's DPC Hits Meta with €91 Million Penalty for GDPR Violation
The DPC launched the initial inquiry in April 2019 after MPIL notified the DPC that it had inadvertently stored certain passwords of social media users in ‘plaintext’ on its internal systems (i.e. without cryptographic protection or encryption).
https://www.infosecurity-magazine.com/news/irelands-dpc-hits-meta-with-91/
#privacy
CUPS flaws enable Linux remote code execution, but there’s a catch
Simone Margaritelli, a cybersecurity researcher and Linux developer, claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers to gain control of vulnerable devices.
Margaritelli found that if the CUPS (short for Common UNIX Printing System) - browsed daemon is enabled, which is not on most systems, it will listen on UDP port 631. It will also, by default, allow remote connections from any device on the network to create a new printer.
But there is a catch! "It is a chain of bugs that rely on spoofing a printer in your local network that is automatically added via network discovery if it is turned on at all - usually not in its default configuration. Then an unverified variable that is used to exploit other vulnerabilities in the CUPS system to execute code, but only when a print job is triggered," said Ilkka Turunen, Field CTO at Sonatype.
While patches are still in development, Red Hat shared mitigation measures requiring admins to stop the cups-browsed service from running and prevent it from being started on reboot.
https://hackread.com/old-vulnerability-9-9-impacts-all-gnu-linux-systems/https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html
#security #cybersecurity
Tails OS merges with Tor Project for better privacy, security
The Tor Project and Tails OS are merging operations to better collaborate for a free internet by protecting users from surveillance and censorship.
The idea is to introduce Tails OS to wider user base - which is already familiar with Tor browser, and reach a sustainable funding for both privacy focused projects.
https://www.bleepingcomputer.com/news/software/tails-os-merges-with-tor-project-for-better-privacy-security/
#privacy #security #tor
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.
"These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security researchers Neiko Rivera, Sam Curry, Justin Rhinehart, and Ian Carroll said.
All vehicles after 2013 affected.
(More in the article)
https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html
#security
Chat control is coming "... to detect new CSAM and grooming." That means more surveillance, monitoring and possible the end of end-to-end encryption privacy.
nostr:nevent1qqs2qnpk80nztfkme53pslw30s5tvzqdla6s2kgttqznl9m3kuceekgpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyz8k26x7asqjpt9j5ng7fcc3ezqaxpkrj65j3zc2ql6kf5s0rp3xsqcyqqqqqqgpuuzzv
zCat, an Android data aggregator for #Zcash, privacy and security news released a new update. Please, update your app to v0.1.1.
https://image.nostr.build/e02e3156c698af59cdbe46e7aa87eaea676d934cdda513ed48bff42914ae581f.jpg
Available in multiple languages: BR 🇧🇷, CS 🇨🇿, DE 🇩🇪, EN 🇺🇸, ES 🇪🇸, FR 🇫🇷, IN 🇮🇩, PL 🇵🇱, RU 🇷🇺, TR 🇹🇷
https://play.google.com/store/apps/details?id=crypto.crab.app.zcat
The main changes were about the creating of your own news feed. There are couple of more news resources to track now.
Bigger reconstruction was made in feed focused on social networks. There was added option to follow profiles on #Nostr protocol! Furthermore, now you can see also posts from #ZEC Pages!
https://image.nostr.build/e9919af97d4340621b495f3c121ae43a28ac4f5ba39ae381bf52e20735527e5a.jpg
Nostr protocol works in specific way where in rare case you might need to reset relays to which you want to connect to fetch desired data. Be aware it is in your hands, but default pre-set option should work in most cases.
#ZECPages load the whole board, so you can see the latest post. In the future I can add filtering and give more care to keep threads (original posts with responses to be visible in the app). Let's see if there will be demand for it.
https://image.nostr.build/f59b6c5574efcb58d2a3c8716705e184f7cfc978a63011813381a9e242b0742f.jpg
Some of the tracked social network are customizable. That means you can add profiles/channels you want to follow! It is applicable for #Free2Z, #Nostr & #Reddit Just scroll on Resource list and tap 'Add Source'
Insert the username/channel you want to find & track and then, if search is successful, tap on Save button (Reddit data fetch might not working while connected to TOR or some VPNs, since they block it). After return to the feed screen you should be able to see the result!
https://image.nostr.build/1abf88222e8d239bddca0b9959c8ae4433d1199ea00d36e1b8a208450e0bed77.jpg
These feeds are created for tracking only (cannot create a post from zCat app) and it is limited to public posts. There is no login or profile creation in the app (if there is special content for subscribers only, it might not be shown)
Another new option is to turn off the noisy ads in the Setting screen, if you want. These ads are not real ads, just hard-coded links to other apps made by myself in the past. Do not worry to turn it off, I do not lose anything on that.
Of course, there were smaller bug fixes and code cleanup. I replaced some libraries, which might introduce new bugs. If you notice anything, please, let me know. I decided to not implement any tracking tools like crashlytics (which is probably stupid), I need to know from you.
If you will have any suggestion for improvements, please, let me know, too. Apart of functionality I am also a little bit suspicious about machine translations, so, any feedback is appreciated. Enjoy the app!
Oddbean new post about login | logout
Notes by zCat | export