The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: cyber security

Secure Remote Working During COVID-19 — Checklist for CISOs

Secure Remote Working During COVID-19 — Checklist for CISOs

April 07, 2020The Hacker News
Coronavirus crisis introduces a heavy burden on the CISOs with the collective impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noise in the form of attack reports, best practices, tips, and threat landscape analysis. Here we have a new " CISO Checklist for Secure Remote Working " ( download here ) that has been built to assist CISOs in navigating through this noise, providing them with a concise and high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times. The Coronavirus quarantine forces us to face a new reality. It is critical to acknowledge this new reality in order to understand how to successfully confront these changes. Make no mistake – these changed apply to any organization, regardless of its former security posture. For exa
Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

March 31, 2020Ravie Lakshmanan
International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. "At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," Marriott said in a statement . "We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests." The incident exposed guests' personal information such as contact details (name, mailing address, email address, and phone number), loyalty account information (account number and points balance), and additional information such as company, gender, dates of births, room preferences, and language preferences. The ho
Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

March 27, 2020Swati Khandelwal
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report , at least two separate groups of hackers exploited two critical remote command injection vulnerabilities ( CVE-2020-8515 ) affecting DrayTek Vigor enterprise switches, load-balancers, routers and VPN gateway devices to eavesdrop on network traffic and install backdoors. The zero-day attacks started somewhere at the end of last November or at the beginning of December and are potentially still ongoing against thousands of publicly exposed DrayTek switche s, Vigor 2960, 3900, 300B devices that haven't yet been patched with the latest firmware updates released last month. The zero-day vulnerabilities in question can be exploited by any unauthorized remote attackers to inject and execute arbitrary commands on the system, as als
Hackers Used Local News Sites to Install Spyware On iPhones

Hackers Used Local News Sites to Install Spyware On iPhones

March 27, 2020Ravie Lakshmanan
A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky , the " Operation Poisoned News " attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control. Watering-hole attacks typically let a bad actor compromise a specific group of end-users by infecting websites that they are known to visit, with an intention to gain access to the victim's device and load it with malware. The APT group, dubbed "TwoSail Junk" by Kaspersky, is said to be leveraging vulnerabilities present in iOS 12.1 and 12.2 spanning all models from iPhone 6 to the iPhone X, with the attac
Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

March 26, 2020Ravie Lakshmanan
Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun to take advantage of the situation to use coronavirus-related keywords in their app names, descriptions, or in the package names so as to drop malware, perpetrate financial theft and rank higher in Google Play Store searches related to the topic. "Most malicious apps found are bundle threats that range from ransomware to SMS-sending malware, and even spyware designed to clean out the contents of victims' devices for personal or financial data," Bitdefender researchers said in a telemetry analysis report shared with The Hacker News. The find by Bitdefender is the latest in an avalanche of digital threats piggybacking on the coronavirus pandemic. Using Coronavirus-Relat
How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

March 18, 2020The Hacker News
The Coronavirus is hitting hard on the world's economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has also shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution ( learn more here ) to protect employees that are working from home with their personal computers because of the Coronavirus. The researchers identify two main trends – attacks that aim to steal remote user credentials and weaponized email attacks: Remote User Credential Theft The direct impact of the Coronavirus is a comprehensive quarantine policy that compels multiple organizations to allow their workforce to work from home to maintain business continuity. This inevitably entails shifting a significant portion of the wor
TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach

TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach

March 17, 2020Mohit Kumar
Online guitar tutoring website TrueFire has apparently suffered a 'Magecart' style data breach incident that may have potentially led to the exposure of its customers' personal information and payment card information. TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons. Though TrueFire hasn't yet publicly disclosed or acknowledged the breach, The Hacker News learned about the incident after a few affected customers posted online  details of a notification they received from the company last week. The Hacker News also found a copy of the same ' Notice Of Data Breach ' uploaded recently to the website of Montana Department of Justice , specifically on a section where the government shares information on data breaches that also affect Montana residents. Confirming the breach, the notification reveals that an attack
Android Cookie-Stealing Malware Found Hijacking Facebook Accounts

Android Cookie-Stealing Malware Found Hijacking Facebook Accounts

March 13, 2020Ravie Lakshmanan
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed " Cookiethief " by Kaspersky researchers, the Trojan works by acquiring superuser root rights on the target device, and subsequently, transfer stolen cookies to a remote command-and-control (C2) server operated by attackers. "This abuse technique is possible not because of a vulnerability in the Facebook app or browser itself," Kaspersky researchers said. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results." Cookiethief: Hijacking Accounts Without Requiring Passwords Cookies are small pieces of information that's often used by websites to differentiate one user from another, offer continuity around the web, track browsing sessions across different
Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!

Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!

March 12, 2020Mohit Kumar
Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware , which can propagate itself from one vulnerable computer to another automatically. The vulnerability, tracked as CVE-2020-0796 , in question is a remote code execution flaw that impacts Windows 10 version 1903 and 1909, and Windows Server version 1903 and 1909. Server Message Block (SMB), which runs over TCP port 445, is a network protocol that has been designed to enable file sharing, network browsing, printing services, and interprocess communication over a network. The latest vulnerability, for which a patch update ( KB4551762 ) is now available on the Microsoft website, exists in the way SMBv3 protocol handles requests with compression headers, making it possible for unauthenticated remote attackers to execute malicious code on target servers or clients with SYSTEM privileges. Compre
Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

March 11, 2020Wang Wei
Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II (the virus), which causes COVID-19 (the disease), is becoming an opportunity for them to likewise spread malware or launch cyber attacks. Reason Cybersecurity recently released a threat analysis report detailing a new attack that takes advantage of internet users' increased craving for information about the novel coronavirus that is wreaking havoc worldwide. The malware attack specifically aims to target those who are looking for cartographic presentations of the spread of COVID-19 on the Internet, and trickes them to download and run a malicious application that, on its front-end, shows a map loaded from a legit online source but in the background compromises the computer. New Threat With An Old Malware Component The latest threat, designed to steal information from unwitting victims, was first spotted by MalwareHunterTeam last week and h
Use This Ultimate Template to Plan and Monitor Your Cybersecurity Budgets

Use This Ultimate Template to Plan and Monitor Your Cybersecurity Budgets

March 11, 2020The Hacker News
Sound security budget planning and execution are essential for CIO's/CISO's success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template ( download here ) provide security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame. The dynamic nature of the threat landscape and the possibility of the organization being subject to a critical attack, make an unexpected investment in additional products, staff, or services a highly likely scenario that should be considered. Integrating this factor within the initial planning is a challenge for many CISOs encounters. The Ultimate Security Budget Plan & Track template is an excel spreadsheet that comes pre-packaged with the required formulas to continuously measure, every month, the planned and actual security investments, providing immediate visibility into any mismatch between the tw
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

March 11, 2020Ravie Lakshmanan
Shortly after releasing its monthly batch of security updates , Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 ( SMBv3 ) network communication protocol. It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only, but, for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw. The yet-to-be patched flaw (tracked as CVE-2020-0796 ), if exploited successfully, could allow an attacker to execute arbitrary code on the target SMB Server or SMB Client. The belated acknowledgment from Microsoft led some researchers to call the bug " SMBGhost ." "To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

March 11, 2020Ravie Lakshmanan
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio — that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity. However, unlike last month , none of the vulnerabilities the tech giant patched this month are listed as being publicly known or under active attack at the time of release. It's worth highlighting that the patch addresses critical flaws that could be potentially exploited by bad actors to execute malicious code by specially crafted LNK files and word documents. Titled "LNK Remote Code Execution Vulnerability" ( CVE-2020
L1ght Looks to Protect Internet Users from Toxic and Predatory Behavior

L1ght Looks to Protect Internet Users from Toxic and Predatory Behavior

March 11, 2020The Hacker News
Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant. However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such as the spread of harmful content and predatory behavior. Most current discussions on cybersecurity revolve around organizations needing to protect customer data or for individual users to prevent their sensitive data from being intercepted. However, given the prevalence of toxic behavior, it's about time the cybersecurity community also gives internet safety, especially for children and younger users, its due attention. Israel-based startup L1ght aims to curb the spread of bad behavior online. It uses artificial intelligence (AI) and machine learning (ML) to detect harmful content, hate speech, bullying, and other predatory behavior in social networks, communication applications, and online video games. The firm
Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

March 10, 2020Mohit Kumar
Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh (TRR) that refreshes adjacent rows when a victim row is accessed more than a threshold. But it turns out 'Target Row Refresh,' promoted as a silver bullet to mitigate rowhammer attacks, is also insufficient and could let attackers execute new hammering patterns and re-enable the bit-flip attacks on the latest hardware as well. TRRespass: The Rowhammer Fuzzing Tool Tracked as CVE-2020-10255 , the newly reported vulnerability was discovered by researchers at VUSec Lab, who today also released ' TRRespass ,' an open source black box many-sided RowHammer fuzzin
Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

March 10, 2020Wang Wei
Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving international police and private tech companies across 35 countries. The operation was conducted successfully after researchers successfully broke the domain generation algorithm (DGA) implemented by the Necurs malware, which helped it remain resilient for a long time. DGA is basically a technique to unpredictably generate new domain names at regular intervals, helping malware authors to continuously switch the location of C&C servers and maintain undisrupted digital communication with the infected machines. "We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective r
LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk

LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk

March 10, 2020Mohit Kumar
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551 , dubbed " Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system. According to experts at Bitdefender and academic researchers from a couple of universities, the new attack is particularly devastating in multi-tenant environments such as enterprise workstations or cloud servers in the datacenter. And
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.