The Hacker News - Cybersecurity News and Analysis

A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other criminal clientele for distributing a wide range of malware and attempted to cause millions of dollars in losses to U.S. victims.  Skvortsov is pending sentencing and faces a maximum penalty of 20 years in prison. Bulletproof hosting operations are similar to regular web hosting, but are a lot more lenient about what can be hosted on their servers. They are known for providing secure hosting for malicious content and activity and assuring anonymity to threat actors. Grichishkin, in May,  pleaded guilty  to conspiracy to engage in a racketeer-influenced corrupt organization (RICO). Acting as th

Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services ( NSS ) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a  heap overflow  vulnerability when verifying digital signatures such as  DSA  and  RSA-PSS  algorithms that are encoded using the  DER  binary format. Credited with reporting the issue is Tavis Ormandy of Google Project Zero, who codenamed it " BigSig ." "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures," Mozilla  said  in an advisory published Wednesday. "Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted." NSS is a

A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360's Netlab network security division, which detected the botnet first on October 27, 2021, called it  EwDoor , noting it observed 5,700 compromised IP addresses located in the U.S. during a brief three-hour window. "So far, the EwDoor in our view has undergone three versions of updates, and its main functions can be summarized into two main categories of DDoS attacks and backdoor," the researchers  noted . "Based on the attacked devices are telephone communication related, we presume that its main purpose is DDoS attacks, and gathering of sensitive information, such as call logs." Propagating through a flaw in EdgeMarc devices, EwDoor supports a

Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called  RTF  (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to retrieve malicious content from a remote URL using an RTF file," Proofpoint researchers said in a new report shared with The Hacker News. At the heart of the attack is an RTF file containing decoy content that can be  manipulated  to enable the retrieval of content, including malicious payloads, hosted at an external URL upon opening an RTF file. Specifically, it leverages the RTF  template functionality  to alter a document's formatting properties using a  hex editor  by specifying a URL resource instead of an accessible file resource destination from which a remote payload

A sixth member associated with an international hacking group known as  The Community  has been sentenced in connection with a multimillion-dollar SIM swapping conspiracy, the U.S. Department of Justice (DoJ) said. Garrett Endicott, 22, from the U.S. state of Missouri, who pleaded guilty to charges of wire fraud and aggravated identity theft following an indictment in 2019, was  sentenced  to 10 months in prison and ordered to pay an amount totaling $121,549.37 in restitution. SIM swapping , also called SIM hijacking, refers to an identity theft scheme wherein malicious parties persuade phone carriers into porting their victims' cell services to SIM cards under their control, often facilitated by bribing an employee of a mobile phone provider or by contacting the service provider's customer support by posing as the victim and requesting that the phone number be swapped to a SIM card operated by the group. The goal is to leverage the phone numbers as a gateway to hijack dif

Twitter on Tuesday announced an expansion to its private information policy to include private media, effectively prohibiting the sharing of photos and videos without express permission from the individuals depicted in them with an aim to curb doxxing and harassment. "Beginning today, we will not allow the sharing of private media, such as images or videos of private individuals without their consent. Publishing people's private info is also prohibited under the policy, as is threatening or incentivizing others to do so," the company's Safety team  said  in a tweet. To that end, the policy also  discourages  users from sharing information such as sign-in credentials that would enable malicious actors to gain access to a person's sensitive information without their authorization. It also forbids users from seeking financial compensation in exchange for posting (or not posting) another individual's private information as part of blackmail schemes. As part o

One of the harsh realities of cybersecurity today is that malicious actors and attackers don't distinguish between organizations that have seemingly endless resources and those operating with lean IT security teams. For these lean teams, meeting the challenges in the current security landscape requires constant attention, and sometimes a little support. XDR provider Cynet has built a new minisite ( find it here ) with the goal of giving these lean IT Security teams a space to find answers, share their wins and strategies, gain new insights, and have some fun in the process. The company refers to these lean teams and the people that make them up as Lean IT Security Heroes. These groups often work with fewer resources, but are always able to defend against massive threats through creativity, ingenuity, and hard work. This new Lean IT Security Heroes minisite offers a variety of activities and tools that are ideal for lean teams looking to enhance their defenses. Additionally, the sit

Cybersecurity researchers on Tuesday disclosed eight-year-old security flaws affecting 150 different multifunction printers (MFPs) from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to mount other attacks. The two weaknesses — collectively called  Printing Shellz  — were discovered and reported to HP by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev on April 29, 2021, prompting the PC maker to  issue   patches  earlier this month — CVE-2021-39237  (CVSS score: 7.1) - An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers. CVE-2021-39238  (CVSS score: 9.3) - A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products. "The flaws are in the unit's communications board and

Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company  said  in a short statement published on November 26. Panasonic didn't reveal the exact nature of the data that was accessed, but TechCrunch  reported  that the breach began on June 22 and ended on November 3. The Osaka-based company said that immediately upon discovering the intrusion on November 11, it took steps to report the incident to the relevant authorities and that it implemented security countermeasures, including preventing external access to the network. Panasonic also noted it's currently working with an independent "specialist" organization to probe the extent of the leak and determine if the access

Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems. Tracked as  CVE-2021-24084  (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files. Security researcher Abdelhamid Naceri was credited with discovering and reporting the bug in October 2020, prompting Microsoft to address the issue as part of its February 2021 Patch Tuesday updates. But as  observed  by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month found that the incompletely patched vulnerability could also be  exploited  to gain administrator privileges and run malicious code on Windows 10 machines running the  latest security updates . "Name