#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

digital signature | Breaking Cybersecurity News | The Hacker News

Category — digital signature
FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks

FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks

Jul 03, 2024 Malware / SEO Poisoning
The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. "FakeBat primarily aims to download and execute the next-stage payload, such as IcedID , Lumma , RedLine , SmokeLoader , SectopRAT , and Ursnif ," the company said in a Tuesday analysis. Drive-by attacks entail the use of methods like search engine optimization (SEO) poisoning, malvertising, and nefarious code injections into compromised sites to entice users into downloading bogus software installers or browser updates. The use of malware loaders over the past few years dovetails with the growing use of landing pages impersonating legitimate software websites by passing them off as legitimate installers. This ties into the larger aspect that phishing and social engineering remain one of the threat actors' main ways to acquire initial access. FakeBat , also known as Eu...
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

May 13, 2024 Vulnerability / IoT Security
Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT devices foundational to industrial, healthcare, automotive, financial and telecommunications sectors," Kaspersky  said . Cinterion modems were originally developed by Gemalto before the business was  acquired  by Telit from Thales as part of a deal announced in July 2022. The findings were  presented  at the OffensiveCon held in Berlin on May 11. The list of eight flaws is as follows - CVE-2023-47610  (CVSS score: 8.1) - A buffer overflow vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by ...
How AI Is Transforming IAM and Identity Security

How AI Is Transforming IAM and Identity Security

Nov 15, 2024Machine Learning / Identity Security
In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human identities — now, autonomous systems, APIs, and connected devices also fall within the realm of AI-driven IAM, creating a dynamic security ecosystem that adapts and evolves in response to sophisticated cyber threats. The Role of AI and Machine Learning in IAM AI and machine learning (ML) are creating a more robust, proactive IAM system that continuously learns from the environment to enhance security. Let's explore how AI impacts key IAM components: Intelligent Monitoring and Anomaly Detection AI enables continuous monitoring of both human and non-human identities , including APIs, service acc...
Dropbox Discloses Breach of Digital Signature Service Affecting All Users

Dropbox Discloses Breach of Digital Signature Service Affecting All Users

May 02, 2024 Cyber Attack / Data Breach
Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the "unauthorized access" on April 24, 2024. Dropbox  announced  its plans to acquire HelloSign in January 2019. "The threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings," it  said  in the Form 8-K filing.. "For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication." Even worse, the intrusion also affects third-parties who received or signed a docu...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

Apr 16, 2024 Encryption / Network Security
The maintainers of the  PuTTY Secure Shell (SSH) and Telnet client  are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier  CVE-2024-31497 , with the discovery credited to researchers Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum. "The effect of the vulnerability is to compromise the private key," the PuTTY project  said  in an advisory. "An attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key, and then forge signatures as if they were from you, allowing them to (for instance) log in to any servers you use that key for." However, in order to obtain the signatures, an attacker will have to compromise the server for which the key is used to authenticate to. In a message posted on the Open Sou...
Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice

Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice

Oct 12, 2021
The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the three flaws is as follows — CVE-2021-41830  /  CVE-2021-25633  - Content and Macro Manipulation with Double Certificate Attack CVE-2021-41831  /  CVE-2021-25634  - Timestamp Manipulation with Signature Wrapping CVE-2021-41832  /  CVE-2021-25635  - Content Manipulation with Certificate Validation Attack Successful exploitation of the vulnerabilities could permit an attacker to  manipulate the timestamp  of signed ODF documents, and worse,  alter the contents  of a document or  self-sign a document  with an untrusted signature, which is then tweaked to change the  signature algorithm  to an invalid or un...
Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

May 29, 2021
Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels,"  said  researchers from Ruhr-University Bochum, who have  systematically   analyzed  the security of the PDF specification over the years. The findings were presented at the 42nd IEEE Symposium on Security and Privacy ( IEEE S&P 2021 ) held this week. The two attacks — dubbed  Evil Annotation and Sneaky Signature attacks  — hinge on manipulating the PDF certification process by exploiting flaws in the specification that governs the implementation of digital signatures (aka approval signature) and its more flexible vari...
Signature Validation Bug Let Malware Bypass Several Mac Security Products

Signature Validation Bug Let Malware Bypass Several Mac Security Products

Jun 12, 2018
A years-old vulnerability has been discovered in the way several security products for Mac implement Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers. Josh Pitts, a researcher from security firm Okta, discovered that several third-party security products for Mac—including Little Snitch, F-Secure xFence, VirusTotal, Google Santa, and Facebook OSQuery—could be tricked into believing that an unsigned malicious code is signed by Apple. Code-signing mechanism is a vital weapon in the fight against malware, which helps users identify who has signed the app and also provides reasonable proof that it has not been altered. However, Pitts found that the mechanism used by most products to check digital signatures is trivial to bypass, allowing malicious files bundle with a legitimate Apple-signed code to effectively make the malware look like it has been signed by...
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

Dec 09, 2017
Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus , the vulnerability allows attackers to modify the code of Android apps without affecting their signature verification certificates, eventually allowing them to distribute malicious update for the legitimate apps, which looks and works same as the original apps. The vulnerability ( CVE-2017-13156 ) was discovered and reported to Google by security researchers from mobile security firm GuardSquare this summer and has been patched by Google, among four dozen vulnerabilities, as part of its December Android Security Bulletin . However, the worrisome part is that majority of Android users would not receive these patches for next few month, until their device manufacturers (OEMs) release custom updates for them, apparently leaving a large number of sma...
Expert Insights / Articles Videos
Cybersecurity Resources