cyber security | Breaking Cybersecurity News | The Hacker News

Newly discovered security vulnerabilities in ADT's Blue (formerly LifeShield) home security cameras could have been exploited to hijack both audio and video streams. The  vulnerabilities  (tracked as CVE-2020-8101) were identified in the video doorbell camera by Bitdefender researchers in February 2020 before they were eventually addressed on August 17, 2020. LifeShield was acquired by Florida-based ADT Inc. in 2019, with Lifeshield's DIY home security solutions rebranded as Blue as of January 2020. The company's products had a 33.6% market share in the U.S. last year. The security issues in the doorbell camera allow an attacker to Obtain the administrator password of the camera by simply knowing its MAC address, which is used to identify a device uniquely Inject commands locally to gain root access, and Access audio and video feeds using an unprotected  RTSP  (Real-Time Streaming Protocol) server The doorbell is designed to periodically send heartbeat messages t

With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before. "Zoombomb"  became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout  profanities and racial slurs  or flash  pornographic images . Nation-state hacker groups mounted attacks against organizations involved in the coronavirus pandemic response, including the World Health Organization and Centers for Disease Control and Prevention, some in an attempt to politicize the pandemic. Even garden-variety cyber attacks like email phishing, social engineering, and refund theft took on a darker flavor in response to the widespread economic precarity brought on by the pandemic.  "Hackers were mostly trying to take advantage of people's fear by offering medical equipment like thermometers and masks for cheap, low

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Autonomous XDR company Cynet, a provider of an automated breach protection platform and MDR service for even the smallest security teams, is conducting a webinar with well-known vCISO Brian Haugli to understand the common challenges faced by CISOs with small security teams [ register here ]. In the first part of the webinar, Haugli will share the four foundational risks that are common across most companies he helps. He will then discuss the most common pieces of advice he provides across the companies he serves. Haugli will also share a situation

Over the years,  penetration testing  has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat landscape. While there is much to be gained from a single snapshot, additional value can come from long term data collection and year over year comparisons. We can see whether the effects that recent trends have on pen testing are long term, or simply a temporary shift, and how they affect the continuing evolution of penetration testing. For instance, 2020 saw a massive influx of remote work. Unfortunately, the convenience of working safely from home increased the risk of a breach as countless new attack vectors opened up, both from the way employees connected to networks, as well a

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones with near-seamless fluidity, and the best part is that going remote helps companies save their cash in this bootstrapped time.  But while the ability to work from anywhere has truly been essential to keeping businesses and the economy functional, it has opened up new challenges that need to be addressed.  Your Devices Are Your Weakest Link With nearly ⅔ of employees still working remotely to some degree, the boundaries that once separated work and home have been completely washed away. A major ramification of this shift has been an increase in the volume of corporate and non-corporate devices connecting from remote to sensitive

With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth of data they capture. Gartner Research lists data democratization as  one of the top  strategic technology trends to watch out for.  While empowering non-technical users to run ad-hoc reports gives enterprises the ability to get closer to business conditions, it also introduces problems of data governance and privacy compliance. All reports are only as good as the data they're based on, and non-technical users might not be aware of the need for data integrity and security. Even the "experts" at cybersecurity firms have been known to leak files  at alarming rates . Organizations need to implement strong data governance strategies to ensure their data is accurate, reliable and secure, while continuing to provide their employees with the resources they need to realize the full benefits of it. Here&

Sound security budget planning and execution are essential for CIO's/CISO's success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template ( download here ) provide security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame. The dynamic nature of the threat landscape and the possibility of the organization being subject to a critical attack, make an unexpected investment in additional products, staff, or services a highly likely scenario that should be considered. Integrating this factor within the initial planning is a challenge for many CISOs encounters. The Ultimate Security Budget Plan & Track template is an excel spreadsheet that comes pre-packaged with the required formulas to continuously measure, every month, the planned and actual security investments, providing immediate visibility into any mismatch between the tw

A Russian hacker who was found guilty of  hacking LinkedIn ,  Dropbox , and Formspring over eight years ago has finally been  sentenced  to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin , 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users. Between March and July 2012, Nikulin hacked into the computers of LinkedIn,  Dropbox, and Formspring , and installed malware on them, which allowed him to remotely download user databases of over  117 Million LinkedIn  users and more than  68 Million Dropbox  users. According to the prosecutor, Nikulin also worked with unnamed co-conspirators of a Russian-speaking cybercriminal forum to sell customer data he stole as a result of his hacks. Besides hacking into the three social media firms, Nikulin

In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb , uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over 4,000 stolen credentials and other sensitive data exposed per cybersecurity company. Even the cybersecurity industry itself is not immune to these problems, as demonstrated in ImmuniWeb's research. Key findings that the research found relating to the leading global cybersecurity companies' exposure on the Dark Web included: 97% of companies have data leaks and other security incidents exposed on the Dark Web. 631,512 verified security incidents were found with over 25% (or 160,529) of those classed as a high or critical risk level+ containing highly sensitive information such as plaintext credentials or PII, including financial or similar data. Hence, on average, there a

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said. Over the past 12 months, the victims were identified through sources such as Shodan , the Common Vulnerabilities and Exposure ( CVE ) database, and the National Vulnerabilities Database (NVD), exploiting the public release of a vulnerability to pick vulnerable targets and further their motives. By compromising legitimate websites and leveraging spear-phishing emails with malicious links pointing to attacker-owned sites in order to gain initial access, the Chinese

An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT) that can steal passwords, documents, browser cookies, email credentials, and other sensitive information. In an analysis published by Cybereason researchers yesterday, the Evilnum group has not only tweaked its infection chain but has also deployed a Python RAT called "PyVil RAT," which possesses abilities to gather information, take screenshots, capture keystrokes data, open an SSH shell and deploy new tools. "Since the first reports in 2018 through today, the group's TTPs have evolved with different tools while the group has continued to focus on fintech targets," the cybersecurity firm said . "These variations include a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT)" to spy

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service. The flaws, tracked as CVE-2020-9490, CVE-2020-11984, CVE-2020-11993, were uncovered by Felix Wilhelm of Google Project Zero, and have since been addressed by the Apache Foundation in the latest version of the software ( 2.4.46 ). The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "mod_uwsgi" module (CVE-2020-11984), potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server. "[A] Malici

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application. According to cybersecurity researcher Mazin Ahmed , who presented his findings at DEF CON 2020 yesterday, the company also left a misconfigured development instance exposed that wasn't updated since September 2019, indicating the server could be susceptible to flaws that were left unpatched. After Ahmed privately reported the issues to Zoom in April and subsequently in July, the company issued a fix on August 3 (version 5.2.4). It's worth noting that for some of these attacks to happen, an attacker would need to have already compromised the victim's device by other means. But that doesn't take away the significance of the flaws. In one scenario, Ahmed uncov

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow , was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD — previou

A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive bitcoin scam. According to the U.S. Department of Justice , Mason Sheppard , aka "Chaewon," 19, from the United Kingdom, Nima Fazeli , aka "Rolex," 22, from Florida and an unnamed juvenile was charged this week with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. Florida news channel WFLA has identified a 17-year-old teen named  Graham Clark of Tampa Bay this week in connection with the Twitter hack, who probably is the juvenile that U.S. Department of Justice mentioned in its press release. Graham Clark has reportedly been charged with 30 felonies of communications and organized fraud for scamming hundreds of people using compromise

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network connection at any given point in time. But since measuring the time taken to execute cryptographic algorithms is crucial to carrying out a timing attack and consequently leak information, the jitter on the network path from the attacker to the server can make it impractical to successfully exploit timing side-channels that rely on a small difference in execution time. The new method, called Timeless Timing Attacks (TTAs) by researchers from DistriNet Research Group and New York University Abu Dhabi, instead leverages multiplexing of network protocols and concurrent execution by applicati