technology | Breaking Cybersecurity News | The Hacker News

Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named  Unsaflok  by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based company in September 2022. "When combined, the identified weaknesses allow an attacker to unlock all rooms in a hotel using a single pair of forged keycards," they  said . Full technical specifics about the vulnerabilities have been withheld, considering the potential impact, and are expected to be made public in the future. The issues impact more than three million hotel locks spread across 13,00 properties in 131 countries. This includes the models Saflok MT, and Quantum, RT, Saffire, and Confidant series devices, which are used in combination with the System 6000, Ambiance, and Communit

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. " TheMoon , which  emerged  in  2014 , has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen Technologies  said . Faceless,  detailed  by security journalist Brian Krebs in April 2023, is a malicious residential proxy service that's offered its anonymity services to other threat actors for a negligible fee that costs less than a dollar per day. In doing so, it allows the customers to route their malicious traffic through tens of thousands of compromised systems advertised on the service, effectively concealing their true origins. The Faceless-backed infrastructure has been assessed to be used by operators of malware such as  SolarMarker  and  IcedID  to connect to their comm

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to expensive cyberattacks and potential breaches. However, new technologies using automation and AI have revolutionized the process, making regular network pentesting easy and affordable. We're now in the golden era of pentesting, where every company can assess the security of their networks without breaking the bank.  Automating pen testing is a game-changer   Automation in cybersecurity is becoming a big deal and it's only going to get bigger. Nowadays, we need automation to help deal with the fact that there just aren't enough cybersecurity pros to go around. Businesses can't keep

In June 2017, a  study  of more than 3,000 Massachusetts Institute of Technology (MIT) students  published  by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends' email addresses in exchange for free pizza. "Whereas people say they care about privacy, they are willing to relinquish private data quite easily when incentivized to do so," the research said, pointing out a what's called the privacy paradox. Now, nearly seven years later, Telegram has introduced a new feature that gives some users a free  premium membership  in exchange for allowing the popular messaging app to use their phone numbers as a relay for sending one-time passwords (OTPs) to other users who are attempting to sign in to the platform. The feature, called Peer-to-Peer Login (P2PL), is currently being tested in selected countries for Android users of Telegram. It was first spotted by  tginfo  in February 2024 (via  @AssembleDebug ). A

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi Lumelsky, Guy Kaplan, and Gal Elbaz  said  in a Tuesday disclosure. "This flaw has been under active exploitation for the last seven months, affecting sectors like education, cryptocurrency, biopharma, and more." The campaign, ongoing since September 2023, has been codenamed  ShadowRay  by the Israeli application security firm. It also marks the first time AI workloads have been targeted in the wild through shortcomings underpinning the AI infrastructure. Ray is an  open-source, fully-managed compute framework  that allows organizations to build, train, and

Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality, player experience, and the game's reputation. Despite the prevalence of DDoS attacks on the game, the majority of incidents go unreported, leaving a gap in awareness and protection. This article explains what happens to a Minecraft server during a DDoS attack and how to protect against such attacks. For an in-depth version of the article,  check out this white paper . When Creepers Breach: What Happens When an Attack Is Successful When a Minecraft server is hit with a DDoS attack, players may have problems with logging in to servers, loading worlds, navigating biomes, using tools, and chatting. They can also experience general lags, disconnections, timeouts, or server crashes. These in-game disruptions can ruin the gaming experience for players while causing financial and reputational losses to

The  ThreatLocker® Zero Trust Endpoint Protection Platform  implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error. With the capabilities of the ThreatLocker® Zero Trust Endpoint Protection Platform implemented into their cybersecurity strategy, organizations in any industry around the world can check off the requirements of most compliance frameworks and sleep better at night knowing they are protected from the most devastating of cyberattacks, such as ransomware. ThreatLocker has shared a  free downloadable asset  to equip IT professionals with cybersecurity compliance best practices. This article aims to elaborate on, and provide a basic over of, the asset. Complexities Across Compliance Frameworks Cybersecurity compliance frameworks exis

The data wiping malware called  AcidPour  may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence. "AcidPour's expanded capabilities would enable it to better disable embedded devices including networking, IoT, large storage (RAIDs), and possibly ICS devices running Linux x86 distributions," security researchers Juan Andres Guerrero-Saade and Tom Hegel  said . AcidPour is a variant of  AcidRain , a wiper that was used to render Viasat KA-SAT modems operable at the onset of the Russo-Ukrainian war in early 2022 and cripple Ukraine's military communications. It also builds upon the latter's features, while targeting Linux systems running on x86 architecture. AcidRain, on the other hand, is compiled for MIPS architecture. Where AcidRain w

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are  repurposing legitimate services  for malicious ends. "Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or legitimate," Cisco Talos researcher Craig Jackson  said  last week. While adversaries have used popular cloud-based services such as Google Drive, OneDrive, Dropbox, SharePoint, DocuSign, and Oneflow to host phishing documents in the past, the latest development marks an escalation designed to evade email security controls. DDP services allow users to upload and share PDF

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [...] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/strings, it's a largely different codebase," Guerrero-Saade  noted . AcidRain  first came to light  in the early days of the Russo-Ukrainian war, with the malware deployed against KA-SAT modems from U.S. satellite company Viasat. An ELF binary compiled for MIPS architectures, it is capable of wiping the filesystem and different known storage device files by recursively iterating over common directories for most Linux distributions. The cyber attack was  subsequently attributed  to Russia by the Five Eyes nations, along with Ukraine and the European Union. AcidPour, as the

Fortra has released details of a now-patched critical security flaw impacting its  FileCatalyst  file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended 'uploadtemp' directory with a specially crafted POST request," the company  said  in an advisory last week. "In situations where a file is successfully uploaded to web portal's DocumentRoot, specially crafted JSP files could be used to execute code, including web shells." The vulnerability, the company said, was first reported on August 9, 2023, and addressed two days later in FileCatalyst Workflow version 5.1.6 Build 114 without a CVE identifier. Fortra was  authorized  as a CVE Numbering Authorit

Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to  new research  published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users' consent and hijack accounts on third-party websites like GitHub. ChatGPT plugins , as the name implies, are tools designed to run on top of the large language model (LLM) with the aim of accessing up-to-date information, running computations, or accessing third-party services. OpenAI has since also introduced  GPTs , which are bespoke versions of ChatGPT tailored for specific use cases, while reducing third-party service dependencies. As of March 19, 2024, ChatGPT users  will no longer  be able to install new plugins or create new conversations with existing plugins. One of the flaws unearthed by Salt

A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev , an Ontario resident, was  originally arrested  in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with doing so." News of Vasiliev's jail term was  first reported  by CTV News.  The defendant, who had his home searched by Canadian law enforcement authorities in August and October 2022, is said to have kept a list of "prospective or historical" victims and screenshots of communications exchanged with "LockBitSupp" on the Tox messaging platform. The raid also uncovered a text file with instructions to deploy LockBit ransomware, the ransomware source code, and a control panel used by the e-crime group to deliver the file-locking malware.

Being a CISO is a balancing act: ensuring organizations are secure without compromising users' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the  Cato SASE Cloud platform  to balance these factors without compromise. This article details how CISOs are leveraging Cato across different touchpoints of their  SASE  and SSE transition journey. It shows the top 3 achievements CISOs can accomplish: visibility, real-time threat prevention, and data sovereignty. Read and discover how it's done. Since Cato is easy to deploy, adopt and manage, you can soon benefit from these capabilities as well. To read a more in-depth explanation of these findings, click  here . Achievement #1: Comprehensive Visibility Sites can be quickly onboarded using Cato's zero-touch Socket edge SD-WAN devices or IPSEC tunnels. At the same time, remote users can easily download the Ca