#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Spear-Phishing | Breaking Cybersecurity News | The Hacker News

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability
Dec 05, 2023 Email Security / Vulnerability
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant  attributed  the intrusions to a threat actor it called  Forest Blizzard  (formerly Strontium), which is also widely tracked under the monikers APT28, BlueDelta, Fancy Bear, FROZENLAKE, Iron Twilight, Sednit, Sofacy, and TA422. The security vulnerability in question is  CVE-2023-23397  (CVSS score: 9.8), a critical privilege escalation bug that could allow an adversary to access a user's Net-NTLMv2 hash that could then be used to conduct a relay attack against another service to authenticate as the user. It was patched by Microsoft in March 2023. The goal, according to the Polish Cyber Command (DKWOC), is to obtain unauthorized access to mailboxes belonging to public and private entities in the country. "In the next stage of malici

Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions

Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
Nov 21, 2023 Cyber Attack / Cyber Espionage
The China-linked Mustang Panda actor has been linked to a cyber attack targeting a Philippines government entity amid  rising tensions  between the two countries over the disputed South China Sea. Palo Alto Networks Unit 42 attributed the adversarial collective to three campaigns in August 2023, primarily singling out organizations in the South Pacific. "The campaigns leveraged legitimate software including Solid PDF Creator and SmadavProtect (an Indonesian-based antivirus solution) to sideload malicious files," the company  said . "Threat authors also creatively configured the malware to impersonate legitimate Microsoft traffic for command-and-control (C2) connections." Mustang Panda, also tracked under the names Bronze President, Camaro Dragon, Earth Preta, RedDelta, and Stately Taurus, is assessed to be a Chinese advanced persistent threat (APT) active since at least 2012,  orchestrating   cyber espionage   campaigns  targeting non-governmental organization

Hands-on Review: Cynomi AI-powered vCISO Platform

Hands-on Review: Cynomi AI-powered vCISO Platform
Apr 10, 2024vCISO / Risk Assessment
The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
Nov 17, 2023 Patch Management / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog based on evidence of active exploitation in the wild. The  vulnerabilities  are as follows - CVE-2023-36584  (CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability CVE-2023-1671  (CVSS score: 9.8) - Sophos Web Appliance Command Injection Vulnerability CVE-2020-2551  (CVSS score: 9.8) - Oracle Fusion Middleware Unspecified Vulnerability CVE-2023-1671 relates to a critical  pre-auth command injection vulnerability  that allows for the execution of arbitrary code. CVE-2020-2551 is a  flaw  in the WLS Core Components that allows an unauthenticated attacker with network access to compromise the WebLogic Server. There are currently no public reports documenting in-the-wild attacks leveraging CVE-2023-1671, but Cybernews disclosed in July 2023 that it had identified a subdomain of t

WATCH: The SaaS Security Challenge in 90 Seconds

cyber security
websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Cybersecurity Resources