The Hacker News - Cybersecurity News and Analysis

South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a  total of 13 IP addresses , one of which — "27.102.114[.]89" — has been previously linked to a state-sponsored threat actor dubbed  Kimsuky . KAERI, established in 1959 and situated in the city of Daejeon, is a government-funded research institute that designs and develops nuclear technologies related to reactors, fuel rods, radiation fusion, and nuclear safety. Following the intrusion, the think tank said it took steps to block the attacker's IP addresses in question and applied necessary security patches to the vulnerable VPN solution. "Currently, the Atomic Energy Research Institute is investigating the subject of the ha

A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as " RedFoxtrot " to the People's Liberation Army (PLA) Unit 69010 operating out of Ürümqi, the capital of the Xinjiang Uyghur Autonomous Region in the country. Previously called the Lanzhou Military Region's Second Technical Reconnaissance Bureau, Unit 69010 is a military cover for a Technical Reconnaissance Bureau (TRB) within China's Strategic Support Force (SSF) Network Systems Department ( NSD ). The connection to PLA Unit 69010 stems from what the researchers said were "lax operational security measures" adopted by an unnamed suspected RedFoxtrot threat act

Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021," the state agency  said  in a statement. The watchdog described them as threats in accordance with the Decree of the Government of the Russian Federation No. 127 dated February 12, adding the restrictions will not affect Russian companies using VPN services in continuous technological processes. The development comes a little over a month after  RKN sent a request  to enterprises and organizations that use the two VPN services to inform the  Center for Monitoring and Management of the Public Telecommunications Network  and seek e

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov  security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.  Called " Supply chain Levels for Software Artifacts " (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and deployment pipeline — i.e., the source ➞ build ➞ publish workflow — and  mitigate threats  that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain. Google said SLSA is inspired by the company's own internal enforcement mechanism called Binary Authorization for Borg , a set of auditing tools that verifies code provenance and implements code identity to ascertain that the deployed production software is properly reviewed and authorized. "In its current state, SLSA is a set of incrementally adoptable

It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight. This combination usually results in one of two things – organizations make less than ideal choices about the software and tools they're adding, or security leaders simply cannot stay abreast of new developments and opt to stay put with their existing stack. The problem is that once you let one update pass you by, you're suddenly miles behind. A new eBook from XDR provider Cynet ( download here ) offers insights into factors that are clear signs organizations need to upgrade their detection and response tools to stay with the times. The eBook highlights several factors and questions that companies can ask themselves to determine whether they are okay

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as  CVE-2021-30554 , the high severity flaw concerns a  use after free vulnerability  in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser. Successful exploitation of the flaw could mean corruption of valid data, leading to a crash, and even execution of unauthorized code or commands. The issue was reported to Google anonymously on June 15, Chrome technical program manager Srinivas Sista  noted , adding the company is "aware that an exploit for CVE-2021-30554 exists in the wild." While it's usually the norm to limit details of the vulnerability until a majority of users are updated with the fix, the development comes less than 10 days after Google addressed another zero-day vulnerability exploited in act

A Middle Eastern advanced persistent threat (APT) group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month. Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it tracks as TA402 , and known by other monikers such as  Molerats  and GazaHackerTeam. Based on its targeting and previous campaigns, TA402 is alleged to operate with motives that align with military or Palestinian state objectives. The threat actor is believed to be active for a decade, with a history of striking organizations primarily located in Israel and Palestine, and spanning multiple verticals such as technology, telecommunications, finance, academia, military, media, and governments. It's not clear what prompted the collective to cease its operations for two months, but Proofpoint