The Hacker News | #1 Trusted Cybersecurity News Site

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle modern web-borne threats like phishing and malicious extensions, necessitate a shift towards more advanced solutions. These are the findings of a new report, titled " The Dark Side of Browser Isolation and the Next Generation of Browser Security " ( Download here ). The Roots of Browser Isolation In the past, traditional signature-based antiviruses were commonly used to protect against on-device malware infections. However, they failed to block two main types of threats. The first, browser exploit, especially in Microsoft's Internet Explorer. The second, drive-by malware down

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as  Budworm  using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team, part of Broadcom,  said  in a report shared with The Hacker News. Budworm , also referred to by the names APT27, Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, and Red Phoenix, is known to be active since at least 2013, targeting a wide range of industry verticals in pursuit of its intelligence gathering goals.  The nation-state group leverages various tools such as China Chopper web shell, Gh0st RAT, HyperBro, PlugX, SysUpdate, and ZXShell to exfiltrate high-value information and maintain access to sensitive systems over a long period of time. A previous report from SecureWorks in

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as  CVE-2023-5217 , the high-severity vulnerability has been described as a  heap-based buffer overflow  in the VP8 compression format in  libvpx , a free software  video codec  library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can result in program crashes or execution of arbitrary code, impacting its availability and integrity. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone  noting  on X (formerly Twitter) that it has been abused by a commercial spyware vendor to target high-risk individuals. No additional details have been disclosed by the tech giant other than to acknowledge that it's "aware that an exploit for CVE-2023-5217 exists in the wild." The latest discovery b

A new threat actor known as  AtlasCross  has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs  described  the adversary as having a "high technical level and cautious attack attitude," adding that "the phishing attack activity captured this time is part of the attacker's targeted strike on specific targets and is its main means to achieve in-domain penetration." The attack chains start with a macro-laced Microsoft document that purports to be about a blood donation drive from the American Red Cross that, when launched, runs the malicious macro to set up persistence, exfiltrate system metadata to a remote server (data.vectorse[.]com) that's a sub-domain of a legitimate website belonging to a structural and engineering firm based in the U.S. It also extracts a file named KB4495667.pkg (codenamed DangerAds), which, subsequently acts as a loader to

A novel side-channel attack called  GPU.zip  renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of Washington, and the University of Illinois Urbana-Champaign  said . Graphical data compression  is a feature in integrated GPUs (iGPUs) that allows for saving memory bandwidth and improving performance when rendering frames, compressing visual data losslessly even when it's not requested by software. The study found that the compression, which happens in various vendor-specific and undocumented ways, induces data-dependent  DRAM  traffic and cache occupancy that can be measured using a side-channel. "An attacker can exploit the iGPU-based compression channel to perform cro

Data security is in the headlines often, and it's almost never for a positive reason. Major breaches, new ways to hack into an organization's supposedly secure data, and other threats make the news because well, it's scary — and expensive.  Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but they are even more costly when they occur, with the  average cost  of a data breach reaching $4.35 million and counting.  Accordingly, companies are investing in solutions that combat these problems and focusing on their Data security and protection more than ever, based on the results of the  WinZip Enterprise survey  of leading industry professionals responsible for implementing and maintaining security at their organizations.  Confidence is Up Among Data Security Pros While the media is reporting on a wide range of security threats, many of those surveyed reported a certain level of confidence in their organization's data security. For instan

A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint  said  in a technical report. "The malware is a modular remote access trojan (RAT) with information stealing capabilities." ZenRAT is hosted on fake websites pretending to be associated with Bitwarden, although it's uncertain as to how traffic is being directed to the domains. Such malware has been propagated via phishing, malvertising, or SEO poisoning attacks in the past. The payload (Bitwarden-Installer-version-2023-7-1.exe), downloaded from crazygameis[.]com, is a trojanized version of the standard Bitwarden installation package that contains a malicious .NET executable (ApplicationRuntimeMonitor.exe). A noteworthy aspect of the campaign is that users wh

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the  WebP format  that has come under active exploitation in the wild. Tracked as  CVE-2023-5129 , the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the  Huffman coding algorithm  - With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized ar

Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a  major update  to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step. Based on  FIDO standards , Passkeys were  first announced  in May 2022 as a replacement for passwords in a manner that's both strong and phishing-resistant. It has since been adopted by  Apple ,  Google , and a number of other services in recent months. While the tech giant added passkey management in the Windows Insider program back in June 2023, the development marks the feature's general availability. "Passkeys are the cross-platform future of secure sign-in management," David Weston, vice president of enterprise and OS Security,  said . "A passkey creates a unique, unguessable cryptographic credential that is securely stored

Cybersecurity experts have shed light on a new cybercrime group known as  ShadowSyndicate  (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell  said  in a joint technical report. The actor, active since July 16, 2022, has linked to ransomware activity related to Quantum, Nokoyawa, BlackCat, Royal, Cl0p, Cactus, and Play strains, while also deploying off-the-shelf post-exploitation tools like  Cobalt Strike  and  Sliver  as well as loaders such as  IcedID  and  Matanbuchus . The findings are based on a distinct SSH fingerprint (1ca4cbac895fc3bd12417b77fc6ed31d) discovered on 85 servers, 52 of which have been used as command-and-control (C2) for Cobalt Strike. Among those servers are eight different Cobalt Strike license keys (or watermarks). A majority of the servers (23) a