#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacking | Breaking Cybersecurity News | The Hacker News

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

Mar 03, 2021
Exactly a month after  patching  an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild. Chrome 89.0.4389.72, released by the search giant for Windows, Mac, and Linux on Tuesday, comes with a total of 47 security fixes, the most severe of which concerns an "object lifecycle issue in audio." Tracked as CVE-2021-21166, the security flaw is one of the two bugs reported last month by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate object lifecycle flaw, also identified in the audio component, was reported to Google on February 4, the same day the stable version of Chrome 88 became available. With no additional details, it's not immediately clear if the two security shortcomings are related. Google acknowledged that an exploit for the vulnerability exists in the wild but stopped short of s
Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

Mar 02, 2021
SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research. "While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the two ransomware to the same author,"  Intezer Lab  researcher Joakim Kennedy said in a malware analysis published today revealing the attackers' tactics on the dark web. First identified in July 2019,  QNAPCrypt  (or  eCh0raix ) is a ransomware family that was found to target Network Attached Storage (NAS) devices from Taiwanese companies QNAP Systems and Synology. The devices were compromised by brute-forcing weak credentials and exploiting known vulnerabilities with the goal of encrypting files found in the system. The ransomware has since been tracked to a Russian cybercrime
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

Feb 19, 2021
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of  MassLogger  — a .NET-based malware with capabilities to hinder static analysis — building on similar campaigns undertaken by the same actor against users in Bulgaria, Lithuania, Hungary, Estonia, Romania, and Spain in September, October, and November 2020. MassLogger was first spotted in the wild last April, but the presence of a new variant implies malware authors are constantly retooling their arsenal to evade detection and monetize them. "Although operations of the Masslogger trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain," researchers with Cisco Talos  said  on W
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies

Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies

Feb 10, 2021
In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a substitution attack, takes advantage of the fact that a piece of software may include components from a mix of private and public sources. These external package dependencies, which are fetched from public repositories during a build process, can pose an attack opportunity when an adversary uploads a higher version of a private module to the public feed, causing a client to automatically download the bogus "latest" version without requiring any action from the developer. "From one-off mistakes made by developers on their own machines, to misconfigured internal or cloud-based build servers, to systemically vulnerable development pipelines, one thing was clear: squatting val
Why Human Error is #1 Cyber Security Threat to Businesses in 2021

Why Human Error is #1 Cyber Security Threat to Businesses in 2021

Feb 04, 2021
Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis. Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting companies. Just one variation, the CEO Fraud email scam, cost UK businesses alone £14.8m in 2018. Working From Home Staff working from home are outside the direct oversight of IT support teams and often struggle to deal with cyber threats and appropriately protect company information. Failing to update software and operating systems, sending data over insecure networks, and increasing reliance on email and online messaging has made employees far more susceptible to threats ranging from malware to phishing. Human Error While technical solutions like spam filters and mobile device management syste
Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

Feb 02, 2021
The Office of the Washington State Auditor (SAO) on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion's File Transfer Appliance (FTA) service, which allows organizations to share sensitive documents with users outside their organization securely. "During the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion's file transfer service," the SAO  said  in a statement. The accessed information is said to have contained personal details of Washington state residents who filed unemployment insurance claims in 2020, as well as other data from local governments and state agencies. The exact information that may have been compromised include: Full name Social securi
Sigma Rules to Live Your Best SOC Life

Sigma Rules to Live Your Best SOC Life

Feb 02, 2021
Security Operations is a 24 x 7 job. It does not stop for weekends or holidays or even that much-needed coffee break after the first hour of the shift is complete. We all know this. Every SOC engineer is hoping for some rest at some point. One of my favorite jokes when talking about Security Operations is "3 SOC engineers walked into a bar…" That the joke. No SOC engineers have time to do that. They get it. They laugh. So why is this all true? Let us explore that a little bit. Demand for experienced SOC engineers far surpasses the available talent. Event volume levels boggle the imagination compared to even just a few years ago. Utilization of tools to their utmost capability has often not been a priority.  In the Security Operations space, we have been using SIEM's for many years with varying degrees of deployments, customization, and effectiveness. For the most part, they have been a helpful tool for Security Operations. But they can be better. Like any tool, t
Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

Feb 01, 2021
A "severe" vulnerability in GNU Privacy Guard (GnuPG)'s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware and software systems. No other versions of Libgcrypt are affected by the vulnerability. "There is a  heap buffer overflow  in libgcrypt due to an incorrect assumption in the block buffer management code," Ormandy  said . "Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs." GnuPG addressed the weakness almost immediately within a day after disclosure, while urging users to  stop using  the vulnerable version. The latest version can be dow
Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide

Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide

Jan 29, 2021
A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information. In a  new report  published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250 public-facing web servers since early 2020 that have been hacked by the threat actor to gather intelligence and steal the company's databases. The orchestrated intrusions hit a slew of companies located in the U.S., the U.K., Egypt, Jordan, Lebanon, Saudi Arabia, Israel, and the Palestinian Authority, with a majority of the victims representing telecom operators (Etisalat, Mobily, Vodafone Egypt), internet service providers (SaudiNet, TE Data), and hosting and infrastructure service providers (Secured Servers LLC, iomart). First documented in 2015,  Volatile Cedar  (or Lebanese Cedar) has been known to penetrate a large number
New Attack Could Let Remote Hackers Target Devices On Internal Networks

New Attack Could Let Remote Hackers Target Devices On Internal Networks

Jan 27, 2021
A newly devised variant of the  NAT Slipstreaming attack  can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the  new attack  (CVE-2020-16043 and CVE-2021-23961) builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal network from the Internet. First  disclosed  by security researcher Samy Kamkar in late October 2020, the JavaScript-based attack relied on luring a user into visiting a malicious website to circumvent browser-based port restrictions and allow the attacker to remotely access TCP/UDP services on the victim's device, even those that were protected by a firewall or NAT. Although partial mitigations were released on November 11 to thwart the attack in  Chrome 87 ,  Firefox 84 , and  Safari  by preventing connections on port 5060 or 5061, Armis researchers Ben Seri and Gregory Vishnipolsky r
In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

Jan 27, 2021
Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021. But at the end of the year,  news of a massive breach  of IT monitoring software vendor SolarWinds introduced a new complication – the possibility of a wave of secondary data breaches and cyber-attacks. And because SolarWinds' products have a presence in so many business networks, the size of the threat is massive. So far, though, most of the attention is getting paid to large enterprises like Microsoft and Cisco (and the US Government), who were the primary target of the SolarWinds breach. What nobody's talking about is the rest of the 18,000 or so SolarWinds clients who may have been affected. For them
TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

Jan 26, 2021
Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, a successful exploitation of the vulnerability could have resulted in data leakage and privacy violation, Check Point Research said in an analysis shared with The Hacker News. TikTok has deployed a fix to address the shortcoming following responsible disclosure from Check Point researchers. The newly discovered bug resides in TikTok's " Find friends " feature that allows users to sync their contacts with the service to identify potential people to follow. The contacts are uploaded to TikTok via an HTTP request in the form of a list that consists of hashed contact names and the corresponding phone numbe
Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges

Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges

Jan 25, 2021
Over the years,  penetration testing  has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat landscape. While there is much to be gained from a single snapshot, additional value can come from long term data collection and year over year comparisons. We can see whether the effects that recent trends have on pen testing are long term, or simply a temporary shift, and how they affect the continuing evolution of penetration testing. For instance, 2020 saw a massive influx of remote work. Unfortunately, the convenience of working safely from home increased the risk of a breach as countless new attack vectors opened up, both from the way employees connected to networks, as well a
Importance of Application Security and Customer Data Protection to a Startup

Importance of Application Security and Customer Data Protection to a Startup

Jan 21, 2021
When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources. Understandably, the  application security importance  may be pushed at the bottom of your things-to-do list. One other reason to ignore web application protectioncould be your belief that only large enterprises are prone to data breaches, and your startup is hardly noticeable to become a target. Well, these eye-opening  statistics  prove otherwise. 43% of security attacks target small businesses New small businesses witnessed a 424% rise in security breaches in 2019 60% of small businesses close within six months of cyberattacks SMEs can lose more than $2.2 million a year to cyberattacks How Can Cyber Breaches Impact Your Startup? Unless you belong to the category of data security startups ,  which are thoroughly familiar with the importance of a secure web app, your startup can f
New Educational Video Series for CISOs with Small Security Teams

New Educational Video Series for CISOs with Small Security Teams

Jan 19, 2021
Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are increasingly relying on virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Helpful Advice for CISOs with Small Security Teams Brian Haugli, a well-known vCISO in the US, recently collaborated with cybersecurity company  Cynet —which provides autonomous XDR platforms tailored to small security teams—to provide a series of educational videos for CISOs with small security teams with relevant information about their challenges and possible solu
Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Jan 12, 2021
Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages. The vendor, who goes by the name of " Triangulum " in a number of darknet forums, is alleged to be a 25-year-old man of Indian origin, with the individual opening up shop to sell the malware three years ago on June 10, 2017, according to an analysis published by Check Point Research today. "The product was a mobile RAT, targeting Android devices and capable of exfiltration of sensitive data from a C&C server, destroying local data – even deleting the entire OS, at times," the researchers said. An Active Underground Market for Mobile Malware Piecing together Triangulum's trail of activities, t
Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor

Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor

Jan 12, 2021
As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. Called " Sunspot ," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop. "This highly sophisticated and novel code was designed to inject the Sunburst malicious code into the SolarWinds Orion Platform without arousing the suspicion of our software development and build teams," SolarWinds' new CEO Sudhakar Ramakrishna  explained . While  preliminary evidence  found that operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, the latest findings reveal a new timeline that establishes the first brea
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys

New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys

Jan 08, 2021
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it. The vulnerability (tracked as CVE-2021-3011 ) allows the bad actor to extract the encryption key or the  ECDSA  private key linked to a victim's account from a FIDO Universal 2nd Factor (U2F) device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections. "The adversary can sign in to the victim's application account without the U2F device, and without the victim noticing," NinjaLab researchers Victor Lomne and Thomas Roche  said  in a 60-page analysis. "In other words, the adversary created a clone of the U2F device for the victim's application account. This c
Cybersecurity Resources