#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Application Security | Breaking Cybersecurity News | The Hacker News

Category — Application Security
North Korean Hackers Target macOS Using Flutter-Embedded Malware

North Korean Hackers Target macOS Using Flutter-Embedded Malware

Nov 12, 2024 Malware / Application Security
Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built applications are part of a broader activity that includes malware written in Golang and Python. It's currently not known how these samples are distributed to victims, and if it has been used against any targets, or if the attackers are switching to a new delivery method. That said, North Korean threat actors are known to engage in extensive social engineering efforts targeting employees of cryptocurrency and decentralized finance businesses. "We suspect these specific examples are testing," Jaron Bradley, director at Jamf Threat Labs, told The Hacker News. "It's p...
AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Oct 24, 2024 Vulnerability / Cloud Security
Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover," Aqua researchers Ofek Itach and Yakir Kadkoda said in a report shared with The Hacker News. Following responsible disclosure on June 27, 2024, the issue was addressed by the project maintainers in CDK version 2.149.0 released in July. AWS CDK is an open-source software development framework for defining cloud application resources using Python, TypeScript, or JavaScript and provisioning them via CloudFormation. The problem identified by Aqua builds upon prior findings from the cloud security firm about shadow resources in AWS, and how predefined naming conventions for AWS Simple Storage Service (S3) buckets ...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

Oct 23, 2024 Vulnerability / Threat Intelligence
A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities ( KEV ) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result in remote code execution. "An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," Microsoft said in an alert for the flaw. Patches for the security defect were released by Redmond as part of its Patch Tuesday updates for July 2024. The exploitation risk is compounded by the fact that proof-of-concept (PoC) exploits for the flaw are available in the public domain. "The PoC script [...] automates authentication to a target SharePoint site using NTLM, creates a spe...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Oct 21, 2024 Penetration Testing / API Security
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization's attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically uncover vulnerabilities in various assets like networks, applications, APIs, and systems. They ensure no critical area is overlooked and guide the testing process, making it more efficient and effective at identifying security weaknesses that could be exploited by attackers. A pentest checklist essentially leaves no stone unturned and is a detailed and comprehensive list of every type of vulnerability in which to simulate an attack against. Each asset being tested, however, requires a different pentest checklist tailored to its specific characteristics and risks. For example, a checklist fo...
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

Sep 12, 2024 DevSecOps / Vulnerability
GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances," the company said in an alert. The vulnerability, along with three high-severity, 11 medium-severity, and two low-severity bugs, have been addressed in versions 17.3.2, 17.2.5, 17.1.7 for GitLab Community Edition (CE) and Enterprise Edition (EE). It's worth noting that CVE-2024-6678 is the fourth such flaw that GitLab has patched over the past year after CVE-2023-5009 (CVSS score: 9.6), CVE-2024-5655 (CVSS score: 9.6), and CVE-2024...
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Sep 09, 2024 SaaS Security / Risk Management
Designed to be more than a one-time assessment— Wing Security's SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it's free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can't afford to overlook the constantly evolving risks in their SaaS ecosystems. New SaaS apps, shifting permissions, and emerging threats mean risks are always in motion. SaaS Pulse makes it easy to treat SaaS risk management as an ongoing practice, not just an occasional check-up. Security teams instantly get a real-time security "health" score, prioritized risks, contextualized threat insights, and the organization's app inventory—without setups or integrations. SaaS is a Moving Target SaaS stacks don't stand still. Business critical apps can easily slip into a state of vulnerability (i.e. supply chain attacks, account takeo...
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Sep 03, 2024 Endpoint Security / Cyber Threat
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control ( TCC ) framework. "If successful, the adversary could gain any privileges already granted to the affected Microsoft applications," Cisco Talos said . "For example, the attacker could send emails from the user account without the user noticing, record audio clips, take pictures, or record videos without any user interaction." The shortcomings span various applications such as Outlook, Teams, Word, Excel PowerPoint, and OneNote. The cybersecurity company said malicious libraries could be injected into these applications and gain their entitlements and user-granted permissions, which could then be weaponized for extracting sensitive information depending on the access granted ...
New 'ALBeast' Misconfiguration Exposes Weakness in AWS Application Load Balancer

New 'ALBeast' Misconfiguration Exposes Weakness in AWS Application Load Balancer

Aug 22, 2024 Cloud Security / Application Security
As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast . "This vulnerability allows attackers to directly access affected applications, particularly if they are exposed to the internet," security researcher Liad Eliyahu said . ALB is an Amazon service designed to route HTTP and HTTPS traffic to target applications based on the nature of the requests. It also allows users to "offload the authentication functionality" from their apps into the ALB. "Application Load Balancer will securely authenticate users as they access cloud applications," Amazon notes on its website. "Application Load Balancer is seamlessly integrated with Amazon Cognit...
Anatomy of an Attack

Anatomy of an Attack

Aug 20, 2024 Threat Detection / Incident Response
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and Response (ADR) technology effectively safeguards against such zero-day threats. View the Contrast ADR white paper The anatomy of a modern application attack: Log4Shell To illustrate the complexity and severity of modern application attacks, let's examine an attack against the infamous Log4Shell vulnerability ( CVE-2021-44228 ) that sent shockwaves through the cybersecurity world in late 2021. This attack is a prime example of attack chaining, leveraging JNDI Injection, Expression Language (EL) Injection and Command Injection. Technology note : The CVE program catalogs, which publicly...
DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals

DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals

Aug 14, 2024 Network Security / Cyber Threat
Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report. Key Takeaways The number of DDoS attacks in H1 2024 has increased by 46% compared to the same period last year, reaching 445K in Q2 2024. Compared to data for the previous six months (Q3–4 2023), it increased by 34%. Peak attack power increased slightly: The most powerful attack in H1 2024 reached 1.7 Tbps. By comparison, in 2023, it was 1.6 Tbps. Although there has only been an increase of 0.1 Tbps in a year, this still indicates a gain in power that poses a significant danger. To put this into perspective, a terabit per second (Tbps) represents a massive amount of data flooding a network, equivalent to over 212,000 high-d...
Expert Insights / Articles Videos
Cybersecurity Resources