The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

July 07, 2020Ravie Lakshmanan
Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta , is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits , and other stealthy malware techniques such as process hiding . The project is named after Warsaw's Freta Street , the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I. "Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every us
Cato MDR: Managed Threat Detection and Response Made Easy

Cato MDR: Managed Threat Detection and Response Made Easy

July 06, 2020The Hacker News
Lately, we can't help noticing an endless cycle where the more enterprises invest in threat prevention; the more hackers adapt and continue to penetrate enterprises. To make things worse, detecting these penetrations still takes too long with an average dwell time that exceeds 100 (!) days. To keep the enterprise protected, IT needs to figure out a way to break this endless cycle without purchasing complex security and data analysis tools and hiring the right (skilled and expensive) security professionals to operate them. Enter MDR An advanced security service, Managed Detection and Response (MDR), provides ongoing threat detection and response, leveraging AI and machine learning to investigate, alert, and contain threats. MDR is becoming popular and gaining traction. In fact, Gartner forecasts that by 2024, 25% of organizations will be using MDR services, up from less than 5% today. And by 2024, 40% of midsize enterprises will use MDR as their only managed security s
Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers

Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers

July 04, 2020Swati Khandelwal
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers take complete control of the targeted systems, eventually gaining surveillance over the application data they manage. According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface (TMUI) for BIG-IP application delivery controller (ADC). BIG-IP ADC is being used by large enterprises, data centers, and cloud computing environments, allowing them to implement application acceleration, load balancing, rate shaping, SSL offloading, an
Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

July 03, 2020Swati Khandelwal
In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed EncroChat , the top-secret encrypted communication app comes pre-installed on a customized Android-based handset with GPS, camera, and microphone functionality removed for anonymity and security. EncroChat phones aim to securely exchange data and messages with pre-loaded apps for secure instant messaging, VOIP calling, self destruct messages, and includes a 'kill code' functionality to let users remotely wipe complete data in times of trouble. The handset and its services, which cost around £1,500 for a six-month subscription, had 60,000 users worldwide and approximately 10,000 users in the United Kingdom. "EncroChat phones were presented to customers as guaranteeing pe
Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

July 02, 2020Ravie Lakshmanan
A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole , a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely. The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions. According to a report published by Check Point Research and shared with The Hacker News, the flaws grant "an attacker, who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting worker tries to connect to an infected machine." After the cybersecurity firm responsibly disclosed its findings to Apache, the maintainers of Guacamole, on March 31, the company released a patched version in June 2020. Apache Guacamole is a popular open-source clientless remote desktop gateways solution. When installed on a company'
Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

July 01, 2020Swati Khandelwal
Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users. To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July. That's likely because both flaws reside in the Windows Codecs Library , an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet. For those unaware, Codecs is a collection of support libraries that help the Windows operating system to play, compress and decompress various audio and video file extensions. The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457 , are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer. According to Microsoft, both remote code executi
Use This Definitive RFP Template to Effectively Evaluate XDR solutions

Use This Definitive RFP Template to Effectively Evaluate XDR solutions

July 01, 2020The Hacker News
A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions. XDR has been referred to as the next step in the evolution of Endpoint Detection and Response (EDR) solutions. In fact, Gartner named XDR as the first of their Top 9 Security and Risk Trend for 2020. Because XDR represents a new solution category, there is no single accepted definition of what capabilities and features should (and shouldn't) be included. Each provider approaches XDR with different strengths and perspectives on how what an XDR solution should include. Therefore, selecting an XDR provider is quite challenging as organizations must organize and prioritize a wide range of capabilities that can differ significantly between providers. Cynet is no
A New Ransomware Targeting Apple macOS Users Through Pirated Apps

A New Ransomware Targeting Apple macOS Users Through Pirated Apps

July 01, 2020Ravie Lakshmanan
Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss , Patrick Wardle , and Malwarebytes , the ransomware variant — dubbed " EvilQuest " — is packaged along with legitimate apps, which upon installation, disguises itself as Apple's CrashReporter or Google Software Update. Besides encrypting the victim's files, EvilQuest also comes with capabilities to ensure persistence, log keystrokes, create a reverse shell, and steal cryptocurrency wallet-related files. With this development, EvilQuest joins a handful of ransomware strains that have exclusively singled out macOS, including KeRanger and Patcher . The source of the malware appears to be trojanized versions of popular macOS software — such as Little Snitch, a DJ software called Mixed In Key 8, and Ableton Live — that are distributed on popular torre
Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

June 30, 2020Ravie Lakshmanan
Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called StrongPity , has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker News. "Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover a wide range of options that targeted victims might be seeking," the researchers said. With the timestamps of the analyzed malware samples used in the campaign coinciding with the Turkish offensive into north-eastern Syria (codenamed Operation Peace Spring )
Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards

Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards

June 29, 2020Swati Khandelwal
A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes. Aleksei Yurievich Burkov , 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud—one count of access device fraud and one count of conspiracy to commit access device fraud, identity theft, computer intrusions, wire fraud, and money laundering. Burkov admitted to operating a website named Cardplanet that was dedicated to buying and selling stolen credit card and debit card data for anywhere between $2.50 and $10 per payment card, depending on the card type, origin, and availability of card owner information. According to the U.S. Department of Justice, Cardplanet hosted roughly 150,000 payment card details between 2009 and 2013, most of which belonged to U.S. citizens and used to make over $
e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

June 29, 2020Ravie Lakshmanan
In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes researchers said last week. "This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot." The evolving tactic of the operation, widely known as web skimming or a Magecart attack, comes as bad actors are finding different ways to inject JavaScript scripts, including misconfigured AWS S3 data storage buckets and exploiting content security policy to transmit data to a Google Analytics account under their control. Using Steganography
'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

June 26, 2020Wang Wei
The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets. According to court documents, Kenneth Currin Schuchman , a resident of Vancouver, and his criminal associates–Aaron Sterritt and Logan Shwydiuk–created multiple DDoS botnet malware since at least August 2017 and used them to enslave hundreds of thousands of home routers and other Internet-connected devices worldwide. Dubbed Satori, Okiru, Masuta, and Tsunami or Fbot, all these botnets were the successors of the infamous IoT malware Mirai , as they were created mainly using the source code of Mirai, with some additional features added to make them more sophisticated and effective against evolving targets. Even after the orig
WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers

WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers

June 25, 2020Swati Khandelwal
The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the infamous LulzSec and "Anonymous" hacking groups. The new superseding indictment does not contain any additional charges beyond the prior 18-count indictment filed against Assange in May 2019, but it does "broaden the scope of the conspiracy surrounding alleged computer intrusions with which Assange was previously charged," the DoJ said. In May 2019, Assange was charged with 18 counts under the old U.S. Espionage Act for unlawfully publishing classified military and diplomatic documents on his popular WikiLeaks website in 2010, which he obtained from former Army intelligence analyst Chelsea Manning. Assange has been alleged to have obtained those classified documents by conspiring with Manning to crack a password hash to a classified U.S. Department of Defense comput
Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

June 25, 2020Ravie Lakshmanan
With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service (DDoS) attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images. "Docker containers provide a convenient way for packaging software, which is evident by its increasing adoption rate," Unit 42 researchers said . "This, combined with coin mining, makes it easy for a malicious actor to distribute their images to any machine that supports Docker and instantly starts using its compute resources towards cryptojacking." Docker is a well-known platform-as-a-servic
Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners

Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners

June 25, 2020Ravie Lakshmanan
GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. In a report shared exclusively with The Hacker News, enterprise security firm Acronis said it discovered the vulnerabilities last year following a routine security audit of a Singapore-based major retailer. "Malicious attackers can establish persistence on the network and spy on internal users, steal data — without ever getting detected," Acronis said. "They can reuse your fingerprint data to enter your home and/or personal devices, and photos can be easily reused by malicious actors to perpetrate identity theft based on biometric data." In all, the flaws affect at least 6 device families, with over 2,500 vulnerable devices discovered online across Brazil, US, Germany, Ta
New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur

New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur

June 23, 2020Swati Khandelwal
Unprecedented times call for unprecedented measures. No, we're not talking about 'coronavirus,' the current global pandemic because of which Apple—for the very first time in history—organized its Worldwide Developer Conference ( WWDC ) virtually. Here we're talking about a world in which we are all connected and constantly sharing data, also known as the new oil, with something called "privacy" for which we still have to fight on several fronts together. During WWDC 2020 on Monday, the world's most valuable company announced the next versions of its operating systems — iOS 14 for iPhones, iPadOS 14 for iPads, watchOS 7 for Apple Watches, and macOS Big Sur for MacBooks — with new features and enhancements. What's important is that the company also highlighted a few new security and privacy features that have been added to the upcoming iOS 14 and macOS Big Sur systems, categorically aiming to help users: better control which apps installed
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.