The Hacker News - Cybersecurity News and Analysis

A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," pleaded guilty to one count of racketeering conspiracy on October 13, 2021. He joined the gang in August 2011 and remained a member for five-and-a-half years. "Telusma was among the most prolific and active members of the Infraud Organization, purchasing and fraudulently using compromised credit card numbers for his own personal gain," the U.S. Justice Department (DoJ)  said . Infraud, a transnational cybercrime behemoth, operated for more than seven years, advertising its activities under the slogan "In Fraud We Trust," before its online infrastructure was dismantled by U.S. law enforcement authorities in February 2018. The rogue enterprise dabbled in the large-scale acquisition and sale of compromised

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system privileges. "As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device," the Microsoft 365 Defender Research Team  said  in a report published Friday. The weaknesses, which range from command-injection to local privilege escalation, have been assigned the identifiers CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with CVSS scores between 7.0 and 8.9. Command injection proof-of-concept (POC) exploit code Injecting a simil

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the browser." The flaw, which  was identified  in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company  Numen Cyber Technology  and has since been quietly fixed by the company. "This vulnerability occurs in the instruction selection stage, where the wrong instruction has been selected and resulting in memory access exception," Wang said . Use-after-free flaws  occur  when previous-freed memory is accessed, inducing undefined behavior and causing a program to crash, use corrupted data, or even achieve execution

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of its integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure," Greg Ose said , adding the attacker then managed to obtain a number of files - A database backup of skimdb.npmjs.com consisting of data as of April 7, 2021, including an archive of user information from 2015 and all private NPM package manifests and package metadata. The archive contained NPM usernames, password hashes, and email addresses for roughly 100,000 users A set of CSV files encompassing an archive of all names and version numbers of published versions of all NPM private packages as of April 10, 2022, and  A "small subset" of private packages from two organiza

Today's modern companies are built on data, which now resides across countless cloud apps. Therefore  preventing data loss  is essential to your success. This is especially critical for mitigating against rising ransomware attacks — a threat that  57% of security leaders expect to be compromised by within the next year .  As  organizations continue to evolve, in turn so does ransomware . To help you stay ahead, Lookout Chief Strategy Officer, Aaron Cockerill met with Microsoft Chief Security Advisor, Sarah Armstrong-Smith to discuss how  remote work  and the cloud have made it more difficult to spot a ransomware attack, as well as how deploying behavioral-anomaly-based detection can help mitigate ransomware risk.  Access the full interview .  Aaron Cockerill:  I feel like the way modern enterprises operate, which includes a combination of technologies, has allowed the ransomware to thrive. Having experienced this type of attack in my past roles, I know how many CISOs are feeling

Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch , as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt  said  in a new research paper. The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device. The attack, which works from a distance of up to 40mm, hinges on the fact that  capacitive touchscreens  are sensitive to EMI, leveraging it to inject electromagnetic signals into transparent electrodes that are built into the touchscreen so as to register them as touch events. The experimental setup involves an electrostatic gun

Zyxel has released  patches  to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734  - A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user's browser, such as cookies or session tokens, via a malicious script. CVE-2022-26531  - Several input validation flaws in command line interface (CLI) commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash. CVE-2022-26532  - A command injection vulnerability in the " packet-trace " CLI command for some versions of firewall, AP controller, and AP devices that could lead to execution of arbitrary OS commands. CVE-2022-0910  - An authentication bypass vulnerability affecting select firewall versions that could p