The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

January 18, 2022Ravie Lakshmanan
An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, COVID-19 research organizations, and the media, amongst others," Trend Micro researchers  said  in a new report. "However, the threat actor also seems to be financially motivated, as it also took aim at gambling and cryptocurrency companies. The cybersecurity firm attributed the group as part of the larger China-based  Winnti cluster , which refers to a number of linked groups rather than a single discrete entity that are focused on intelligence gathering and intellectual property theft. Earth Lusca's intrusion routes are facilitated by spear-phishing and watering hole attacks
Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

January 17, 2022Ravie Lakshmanan
Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as  CVE-2021-44757 , the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip file on the server," the company  noted  in an advisory. Osword from SGLAB of Legendsec at Qi'anxin Group has been credited with discovering and reporting the vulnerability. The Indian firm said it remediated the issue in build version 10.1.2137.9. With the latest fix, Zoho has addressed a total of four vulnerabilities over the past five months — CVE-2021-40539  (CVSS score: 9.8) – Authentication bypass vulnerability affecting Zoho ManageEngine ADSelfService Plus CVE-2021-44077  (CVSS score: 9.8) – Unauthenticated remote code execution vulnerability affecting Zoho ManageEn
Chrome Limits Websites' Direct Access to Private Networks for Security Reasons

Chrome Limits Websites' Direct Access to Private Networks for Security Reasons

January 17, 2022Ravie Lakshmanan
Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called private network access ( PNA ). "Chrome will start sending a  CORS  preflight request ahead of any private network request for a subresource, which asks for explicit permission from the target server," Titouan Rigoudy and Eiji Kitamura  said . "This preflight request will carry a new header, Access-Control-Request-Private-Network: true, and the response to it must carry a corresponding header, Access-Control-Allow-Private-Network: true." What this means is that starting with Chrome version 101, any website accessible via the internet will be made to seek explicit permi
Dark Web's Largest Marketplace for Stolen Credit Cards is Shutting Down

Dark Web's Largest Marketplace for Stolen Credit Cards is Shutting Down

January 17, 2022Ravie Lakshmanan
UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to blockchain analytics firm Elliptic. "It is [a] weighted decision, we are not young and our health do[es] not allow [us] to work like this any longer." The UniCC team also gave its users 10 days to spend their balances, while also warning customers to "not follow any fakes tied to our comeback." Platforms such as UniCC function as an underground marketplace wherein credit card details stolen from online retailers, banks, and payments companies by injecting  malicious skimmers  are trafficked in exchange for cryptocurrency. The cards are then used by crim
High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites

January 16, 2022Ravie Lakshmanan
Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a link," WordPress security company Wordfence  said  in a report published last week. Tracked as CVE-2022-0215, the cross-site request forgery ( CSRF ) flaw is rated 8.8 on the CVSS scale and impacts three plugins maintained by  Xootix  — Login/Signup Popup  (Inline Form + Woocommerce), Side Cart Woocommerce  (Ajax), and Waitlist Woocommerce  (Back in stock notifier) Cross-site request forgery, also known as one-click attack or session riding, occurs when an authenticated end-user is tricked by an attacker into submitting a specially crafted web request. "If the victim i
Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

January 16, 2022Ravie Lakshmanan
The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation  said  in a statement. "Moscow continues to wage a hybrid war and is actively building forces in the information and cyberspace." The purpose of the attack, said the ministry, "is not only to intimidate society," but to also "destabilize the situation in Ukraine by stopping the work of the public sector and undermining the confidence in the government on the part of Ukrainians." Russia, however, has denied it was behind the intrusion. "We have nothing to do with it, and Russia has nothing to do with these cyberattacks," Dmitry Peskov, press secretary for President Vladimir Putin,  told  CNN, adding "We are nearly accustomed to the fact that
New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

January 16, 2022Ravie Lakshmanan
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed  IndexedDB Leaks , was disclosed by fraud protection software company FingerprintJS, which  reported the issue  to the iPhone maker on November 28, 2021. IndexedDB is a low-level JavaScript application programming interface (API) provided by web browsers for managing a  NoSQL database  of structured data objects such as files and blobs. "Like most web storage solutions, IndexedDB follows a same-origin policy," Mozilla  notes in its documentation  of the API. "So while you can access stored data within a domain, you cannot access data across different domains." Same-origin is a  fundamental security mechanism  that ensures that resources retrieved from distinct  origins  — i.e., a  combination  of the scheme (protocol),
A New Destructive Malware Targeting Ukrainian Government and Business Entities

A New Destructive Malware Targeting Ukrainian Government and Business Entities

January 16, 2022Ravie Lakshmanan
Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation dubbed " WhisperGate " targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," Tom Burt, corporate vice president of customer security and trust at Microsoft, said , adding the intrusions were aimed at government agencies that provide critical executive branch or emergency response functions. Also among those affected by the malware is an IT firm that "manages websites for public and private sector clients, including government agencies whose websites were recently defaced ," Burt noted. The computing giant, which first detected the malware on January 13, attributed the attacks to an emerging threat cluster codenam
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.