The Hacker News - Cybersecurity News and Analysis: cybersecurity

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after  FireEye ,  Microsoft , and  CrowdStrike . The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications with privileged access to Microsoft Office 365 and Azure environments." The discovery was made after Microsoft notified Malwarebytes of suspicious activity from a dormant email protection app within its  Office 365 tenant  on December 15, following which it performed a detailed investigation into the incident. "While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," the company's CEO Marcin Kleczynski  said  in a post. "We found no evidence of unauthorized access or compromise in any of o

Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are increasingly relying on virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Helpful Advice for CISOs with Small Security Teams Brian Haugli, a well-known vCISO in the US, recently collaborated with cybersecurity company  Cynet —which provides autonomous XDR platforms tailored to small security teams—to provide a series of educational videos for CISOs with small security teams with relevant information about their challenges and possible solu

Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called " ContentFilterExclusionList ," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network Extension Framework, effectively circumventing firewall protections. This exclusion list has been scrubbed now from macOS 11.2 beta 2. The issue first came to light last October following the release of macOS Big Sur, prompting concerns from security researchers who said the feature was ripe for abuse, adding it could be leveraged by an attacker to exfiltrate sensitive data by piggybacking it on to legitimate Apple apps included on the list and then bypass firewalls and security software. "After lots of bad press and lots of feedback/bug reports to Apple from developers such

Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core  vPro  business-class processors. The hardware-based security enhancements are baked into Intel's vPro platform via its  Hardware Shield  and  Threat Detection Technology  (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU performance. "The joint solution represents the first instance where PC hardware plays a direct role in ransomware defenses to better protect enterprise endpoints from costly attacks," Cybereason  said . Exclusive to vPro, Intel Hardware Shield provides protections against firmware-level attacks targeting the  BIOS , thereby ensuring that the operating system (OS) runs on legitimate hardware as well as minimizing the risk of malicious code injection by locking down memory in the BIOS when the software is running to help prevent planted malware from compromising the OS

Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your internal environment from breaches. The " buyer's guide for securing the internal environment with a small cybersecurity team ," includes a checklist of the most important things to consider when creating or re-evaluating the cybersecurity of your internal environment to ensure your team has it all covered.  The buyer's guide is designed to help you choose the solution that will ensure you get complete visibility, accurately detect and mitigate threats, and make the most of your existing resources and skills. There are three key aspects that stand out when looking for the best way to protect your internal environment with a small team—visibility, automation, and ea

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The discovery was made after the breach was notified by Microsoft, the London-based company  said in an alert  posted on its website, adding it's reached out to the impacted organizations to remediate the issue. The company didn't elaborate on what type of certificate was compromised, but Mimecast offers  seven different digital certificates  based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast. "Approximately 10 percent of our customers use this connection," the company said. "Of those that do, there are indications that a low single digit number of our customers' M365 tenants were targeted." Mimecast is a cloud-based email management service for Microsoft Exchange and Microsoft Office 365

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept (PoC) of the attack on January 2. "The idea of the attack is very simple: You grab the MP3 file of the audio reCAPTCHA and you submit it to Google's own speech-to-text API," Tschacher  said  in a write-up. "Google will return the correct answer in over 97% of all cases." Introduced in 2000, CAPTCHAs (or Completely Automated Public Turing test to tell Computers and Humans Apart) are a type of challenge-response tests designed to protect against automated account creation and service abuse by presenting users with a question that is easy for humans to solve but difficult for computers. reCAPTCHA  is a popular version of the CAPTCHA technology that was acquired by Google in 2009. The search giant released the  third iteration  of re

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as  CVE-2020-29583  (CVSS score 7.8), affects  version 4.60  present in a wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products. EYE researcher  Niels Teusink  reported the vulnerability to Zyxel on November 29, following which the company released a firmware patch (ZLD V4.60 Patch1) on December 18. According to the  advisory  published by Zyxel, the undocumented account ("zyfwp") comes with an unchangeable password that's not only stored in plaintext but could also be used by a malicious third-party to login to the SSH server or web interface with admin privileges. Zyxel said the hardcoded credentials were put in place to deliver automatic firmware

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol's  COVID-19 Cybercrime Analysis Report , based on the feedback of 194 countries, phishing/scam/fraud, malware/ransomware, malicious domains, and fake news have emerged as the biggest digital threats across the world in the wake of the pandemic. Image source: interpol.int There are primarily two reasons for emerging cyber threats in 2020: Most of the population is working, learning, shopping, or running their business from home, where they're using personal devices from the home/public internet connection, which are usually unsafe and hence highly vulnerable to cybercrimes. The cybercriminals are using the COVID-19 theme to exploit people and

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first one is development permissions that don't get changed when something goes live. For example, AWS S3 buckets are often assigned permissive access while development is going on. The issues arise when security reviews aren't carefully performed prior to pushing the code live, no matter if that push is for the initial launch of a platform or for updates. The result is straight-forward; a bucket goes live with the ability for anyone to read and write to and from it. This particular misconfiguration is dangerous; since the application is working and the site is loading for users, there's no visible indication that something is wrong until a threat actor hunting for open buckets stum

The massive state-sponsored  espionage campaign  that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of Microsoft's compromise was first reported by Reuters , which also said the company's own products were then used to strike other victims by leveraging its cloud offerings, citing people familiar with the matter. The Windows maker, however, denied the threat actor had infiltrated its production systems to stage further attacks against its customers. In a statement to The Hacker News via email, the company said — "Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or custom

One of the many features of an Active Directory Password Policy is the  maximum password age . Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limited in configuration settings. Let's take a look at a few best practices that have changed in regards to password aging. What controls can you enforce in regards to password aging using the default Active Directory Password Policy? Are there better tools that organizations can use regarding controlling the maximum password age for Active Directory user accounts? What password aging best practices have changed? Password aging for Active Directory user accounts has long been a controversial topic in security best practices. While many organizations still apply more traditional password aging rules, noted security organizations have provided updated password aging guidance. Microsoft has 

How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet, it can also help web development by enhancing UX through reverse geocoding. Not to mention auto-completing forms to make the likes of checking-out easier. This article examines Geocode API, the premier provider of geocoding services. Read on to learn what the API offers, how it works, and what sets it apart. You'll discover how its free plan grants you access to 350.000 monthly requests! What is Geocoding? Geocoding describes  how to turn a location name or description and convert them into detailed coordinates. It also offers this service in reverse, i.e., convert coordinates into location information. Results can include: GPS coordinates Full address information Accuracy and

In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, " You keep using that word. I do not think it means what you think it means ." It's freely used as a response to someone's misuse or misunderstanding of a word or phrase. "Response Automation" is another one of those phrases that have different meanings to different people. It's bantered around by the security vendor community so much that its precise meaning, when used, is unclear. Many vendors throw the term out without explaining exactly what they mean by the phrase. One vendor's response automation might, and often do, perform very differently from another vendor's response automation capabilities. But, hey, they have "response automation!" A recently published guide is meant to make sense of Response Automation ( Download here ). It discusses the evolution of response automation and distinguishes five increasingly capabl

State-sponsored actors allegedly working for Russia have  targeted  the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to  monitor internal email traffic  as part of a widespread cyberespionage campaign. The Washington Post, citing unnamed sources, said the latest attacks were the work of APT29 or Cozy Bear, the same hacking group that's believed to have orchestrated a breach of US-based cybersecurity firm  FireEye  a few days ago leading to the theft of its Red Team penetration testing tools. The motive and the full scope of what intelligence was compromised remains unclear, but signs are that adversaries tampered with a software update released by Texas-based IT infrastructure provider SolarWinds earlier this year to infiltrate the systems of government agencies as well as FireEye and mount a highly-sophisticated  supply chain attack . "The compromise of SolarWinds' Orion Ne

Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware. Tracked as  APT32  (or Bismuth, OceanLotus, and Cobalt Kitty), the state-aligned operatives affiliated with the Vietnam government have been known for orchestrating sophisticated  espionage campaigns  at least since 2012 with the goal of furthering the country's strategic interests. "Our investigation linked this activity to CyberOne Group, an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, Planet and Diacauso)," Facebook's Head of Security Policy, Nathaniel Gleicher, and Cyber Threat Intelligence Manager, Mike Dvilyanski,  said . Exact evidence trail leading Facebook to attribute the hacking activity to CyberOne Group was not disclosed, but according to a descripti