#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

attack vector | Breaking Cybersecurity News | The Hacker News

Category — attack vector
GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

Aug 13, 2024 Vulnerability / Hardware Security
A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as opposed to a side-channel or transient execution attack. "This vulnerability allows unprivileged attackers, even those with limited access, to read and write any part of the computer's memory and to control peripheral devices like network cards," the researchers said . "GhostWrite renders the CPU's security features ineffective and cannot be fixed without disabling around half of the CPU's functionality." CISPA found that the CPU has faulty instructions in its vector extension, an add-on to the RISC-V ISA designed to handle larger data values than the base Instru...
Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Dec 28, 2023 Cloud Security / Data Protection
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the  Fluent Bit  logging container could combine that access with high privileges required by  Anthos Service Mesh  (on clusters that have enabled it) to escalate privileges in the cluster," the company  said  as part of an advisory released on December 14, 2023. Palo Alto Networks Unit 42, which discovered and reported the shortcoming, said adversaries could weaponize it to carry out "data theft, deploy malicious pods, and disrupt the cluster's operations." There is no evidence that the issue has been exploited in the wild. It has been addressed in the following versions of Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM) - 1.25.16-gke.1020000 1.26.10-gke.1235000 1.27.7-gke.1293000 1.28.4-gke.1083000 1.17.8-asm.8 ...
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Dec 04, 2024Risk Management / Zero Trust
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

Nov 15, 2023 Ransomware / Vulnerability
Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as  CVE-2023-46604  (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month. The vulnerability has since  come under   active exploitation  by ransomware outfits to deploy ransomware such as HelloKitty and a strain that shares similarities with TellYouThePass as well as a remote access trojan called SparkRAT. According to  new findings  from VulnCheck, threat actors weaponizing the flaw are  relying  on a public proof-of-concept ( PoC ) exploit originally disclosed on October 25, 2023. The attacks have been found to use  ClassPathXmlApplicationContext , a class that's part of the...
cyber security

The AppSec & R&D Playbook: How to Align Security and Innovation

websiteBackslashApplication Security
AppSec vs. R&D? Bridge the gap with clear steps to streamline workflows and foster collaboration.
Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

Feb 03, 2023 Attack Vector / Endpoint Security
In a continuing sign that threat actors are adapting well to a  post-macro world , it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,  RedLine Stealer , Agent Tesla,  DOUBLEBACK , Quasar RAT, XWorm,  Qakbot ,  BATLOADER , and  FormBook . Enterprise security firm Proofpoint said it detected over 50 campaigns leveraging OneNote attachments in the month of January 2023 alone. In some instances, the email phishing lures contain a OneNote file, which, in turn, embeds an HTA file that invokes a PowerShell script to retrieve a malicious binary from a remote server. Other scenarios entail the execution of a rogue VBScript that's embedded within the OneNote document and concealed behind an image that appears as a seemingly harmless button. The VBScript, for its part, is designed to drop a PowerShell...
Gaming Platforms as an attack vector against remote systems

Gaming Platforms as an attack vector against remote systems

Mar 18, 2013
Little more than a year ago I wrote about the possibility to attack gaming platform to compromise large audience of gamers in stealthy way, the access to millions of machines represent a dream for every attackers and I hypnotized its repercussion in cyber warfare domains. Gaming platform are usually complex systems equipped with the latest technology and the idea to exploit them as possible attack vectors cultivated by many governments. Researchers at ReVuln, Luigi Auriemma and Donato Ferrante , presented at Black Hat Europe 2013 in Amsterdam how to convert local bugs and features in remotely exploitable security vulnerabilities by using the popular EA Origin 3 platform as an attack vector against remote systems. EA Origin is one of the biggest gaming related digital delivery platforms with more than 40 million the access it to purchase games for any kind of platform, from mobile to PC. Before describe the discovery of the two Italian experts let's give analy...
Expert Insights / Articles Videos
Cybersecurity Resources