#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

data protection | Breaking Cybersecurity News | The Hacker News

Category — data protection
CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

Oct 23, 2024 Vulnerability / Threat Intelligence
A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities ( KEV ) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result in remote code execution. "An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," Microsoft said in an alert for the flaw. Patches for the security defect were released by Redmond as part of its Patch Tuesday updates for July 2024. The exploitation risk is compounded by the fact that proof-of-concept (PoC) exploits for the flaw are available in the public domain. "The PoC script [...] automates authentication to a target SharePoint site using NTLM, creates a spe...
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Oct 21, 2024 Encryption / Data Protection
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong said . "Remarkably, many of our attacks affect multiple providers in the same way, revealing common failure patterns in independent cryptographic designs." The identified weaknesses are the result of an analysis of five major providers such as Sync, pCloud, Icedrive, Seafile, and Tresorit. The devised attack techniques hinge on a malicious server that's under an adversary's control, which could then be used to target the service providers' users. A brief description of the flaws uncovered in the cloud storage systems is as follows - Sync, in which a maliciou...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
The Ultimate DSPM Guide: Webinar on Building a Strong Data Security Posture

The Ultimate DSPM Guide: Webinar on Building a Strong Data Security Posture

Oct 18, 2024 Webinar / Data Protection
Picture your company's data as a vast, complex jigsaw puzzle—scattered across clouds, devices, and networks. Some pieces are hidden, some misplaced, and others might even be missing entirely. Keeping your data secure in today's fast-evolving landscape can feel like an impossible challenge. But there's a game-changing solution: Data Security Posture Management (DSPM). Think of it as a high-tech, super-powered lens that reveals your entire data puzzle—helping you find every piece, fix vulnerabilities, and secure everything with confidence. Join Our Webinar " Building a Successful Data Security Posture Management Program ," to Unlock the Full Potential of DSPM: Uncover Every Hidden Piece: DSPM shows you exactly where your critical data resides, even the parts you didn't know were there, so you can take control and secure it. Shield Your Data from Threats: Like a vigilant security guard, DSPM detects potential risks and helps you fend off attacks before they cause da...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Oct 16, 2024 Cyber Attack / Banking Trojan
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. "The spear-phishing campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected," Trend Micro said in a new analysis. "The malicious emails often impersonate official tax documents, using the urgency of personal income tax filings to trick users into downloading the malware." The cybersecurity company is tracking the threat activity cluster under the name Water Makara. It's worth pointing out that Google's Threat Analysis Group (TAG) has assigned the moniker PINEAPPLE to a similar intrusion set that delivers the same malware to Brazilian users. Both these campaigns share a point of commonality in that they commence with phishing messages that impersonate official entities su...
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

Oct 16, 2024 Enterprise Security / Vulnerability
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server," GitHub said in an alert. The Microsoft-owned company characterized the flaw as a regression that was introduced as part of follow-up remediation from CVE-2024-4985 (CVSS score: 10.0), a maximum severity vulnerability that was patched back in May 2024. Also fixed by GitHub are two other shortcomings - CVE-2024-9539 (CVSS score: 5.7) - An information disclosure vulnerability that could enable an attacker to ret...
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

Oct 16, 2024 Vulnerability / Data Protection
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain unauthorized access and make modifications. "SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data," CISA said in an advisory. Details of the flaw were first disclosed by SolarWinds in late August 2024, with cybersecurity firm Horizon3.ai releasing additional technical specifics a month later. The vulnerability "allows unauthenticated attackers to remotely read and modify all help desk ticket details – often containing sensitive information like passwords from reset req...
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Oct 10, 2024 Vulnerability / Enterprise Security
Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441 , carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck . "A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary command," SSD Disclosure said in an advisory for the flaw released late last month, stating the vendor has yet to provide a fix or a workaround. The flaw impacts the following versions of Nortek Linear eMerge E3 Access Control: 0.32-03i, 0.32-04m, 0.32-05p, 0.32-05z, 0.32-07p, 0.32-07e, 0.32-08e, 0.32-08f, 0.32-09c, 1.00.05, and 1.00.07. Proof-of-concept (PoC) exploits for the flaw have been released following public disclosure, raising concerns that it could be exploited by threat actors. It's worth noting ...
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

Oct 10, 2024 Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to a case of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests," Fortinet noted in an advisory for the flaw back in February 2024. As is typically the case, the bulletin is sparse on details related to how the shortcoming is being exploited in the wild, or who is weaponizing it and against whom. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the vendor-provided mitigations by Oc...
Social Media Accounts: The Weak Link in Organizational SaaS Security

Social Media Accounts: The Weak Link in Organizational SaaS Security

Oct 09, 2024 SaaS Security / Identity Security
Social media accounts help shape a brand's identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants as it can quickly spiral to include reputational damage and financial losses.  With the impact this high, the need for deep understanding of social media risks as well as how to protect an organization's social media account are more crucial than ever. This article dives into the details of social media accounts, how social media can be misused and how to protect oneself. Understanding the Layers of Social Media Access Platforms like Facebook, Instagram, and LinkedIn typically have two layers of access.  The Public Facing Page : where brands post content and engage with users. ...
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

Oct 04, 2024 Website Security / Vulnerability
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting ( XSS ) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was addressed in version 6.5.1 on September 25, 2024, following responsible disclosure by Patchstack Alliance researcher TaiYou. "It could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request," Patchstack said in a report.  The flaw stems from the manner in which the plugin the "X-LSCACHE-VARY-VALUE" HTTP header value is parsed without adequate sanitization and output escaping, thereby allowing for injection of arbitrary web scripts. That said, it's worth poi...
Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Oct 02, 2024 Email Security / Vulnerability
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519 , a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to execute arbitrary commands on affected installations. "The emails spoofing Gmail were sent to bogus addresses in the CC fields in an attempt for Zimbra servers to parse and execute them as commands," Proofpoint said in a series of posts on X. "The addresses contained Base64 strings that are executed with the sh utility." The critical issue was addressed by Zimbra in versions 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1 released on September 4, 2024. A security researcher named lebr0nli (Alan Li) has been credited with discovering and reporting the short...
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Oct 01, 2024 Generative AI / Data Protection
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security concerns, many have been forced to choose between unrestricted GenAI usage to banning it altogether. A new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to help organizations navigate the challenges of GenAI usage in the workplace. The guide offers practical steps for security managers to protect sensitive corporate data while still reaping the productivity benefits of GenAI tools like ChatGPT. This approach is intended to allow companies to strike the right balance between innovation and security. Why Worry About ChatGPT? The e...
A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

Sep 30, 2024 SaaS Backup / Microsoft 365
Imagine a sophisticated cyberattack cripples your organization's most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock ticks down on a ransom demand that threatens to destroy your data forever. How did this happen, and more importantly, how can you prevent it from happening? Microsoft 365 (M365) is the lifeblood of countless organizations worldwide, offering a seamless, cloud-based platform for communication, collaboration and data management. Over 400 million users rely on Microsoft 365 for everything from document creation and management to video conferencing 1 . While M365 has empowered businesses to undergo digital transformation and remain competitive with its support for distributed, hybrid and remote w...
Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

Sep 25, 2024 Data Protection / Online Tracking
Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy-Preserving Attribution (PPA) without explicitly seeking users' consent. "Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said . "In essence, the browser is now controlling the tracking, rather than individual websites." Noyb also called out Mozilla for allegedly taking a leaf out of Google's playbook by "secretly" enabling the feature by default without informing users. PPA, which is currently enabled in Firefox version 128 as an experimental feature, has its parallels in Google's Privacy Sandbox project in Chrome. The initiative, now abandoned by Google , sought to replace third-party tracking cookies with a set of APIs baked into the web browser that advertisers can t...
Expert Tips on How to Spot a Phishing Link

Expert Tips on How to Spot a Phishing Link

Sep 25, 2024 Cyber Awareness / Threat Detection
Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links: 1. Check Suspicious URLs  Phishing URLs are often long, confusing, or filled with random characters. Attackers use these to disguise the link's true destination and mislead users.  The first step in protecting yourself is to inspect the URL carefully. Always ensure it begins with "HTTPS," as the "s" indicates a secure connection using an SSL certificate.  However, keep in mind that SSL certificates alone are not enough. Cyber attackers have increasingly used legitimate-looking HTTPS links to distribute malicious content. This is why you should be suspicious of links that are overly complex or look like a jumble of characters.  Tools like ANY.RUN's Safebrowsing allow users to check suspicious links in a secure and isolated environment ...
Expert Insights / Articles Videos
Cybersecurity Resources