The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the strengths and weaknesses of each approach, but let's wind it back a second for those who aren't sure why they should even do internal scanning in the first place. Why should you perform internal vulnerability scanning? While  external vulnerability scanning  can give a great overview of what you look like to a hacker, the information that can be gleaned without access to your systems can be limited. Some serious vulnerabilities can be discovered at this stage, so it's a must for many organizations, but that's not where hackers stop.  Techniques like phishing, targeted malware,...

Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as  CVE-2022-25845  (CVSS score: 8.1), the  issue  relates to a case of  deserialization of untrusted data  in a supported feature called "AutoType." It was patched by the project maintainers in  version 1.2.83  released on May 23, 2022. "This vulnerability affects all Java applications that rely on Fastjson versions 1.2.80 or earlier and that pass user-controlled data to either the JSON.parse or JSON.parseObject APIs without specifying a specific  class  to deserialize," JFrog's Uriya Yavnieli  said  in a write-up. Fastjson  is a Java library that's used to convert Java Objects into their  JSON  representation and vice versa.  AutoType , the function vulnerable to the flaw, is enabled by default and...

A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled  FluBot . The information stealing trojan, codenamed  MaliBot  by F5 Labs, is as feature-rich as its  counterparts , allowing it to steal credentials and cookies, bypass multi-factor authentication (MFA) codes, and abuse Android's Accessibility Service to monitor the victim's device screen. MaliBot is known to primarily disguise itself as cryptocurrency mining apps such as Mining X or The CryptoApp that are distributed via fraudulent websites designed to attract potential visitors into downloading them. It also takes another leaf out of the mobile banking trojan playbook in that it employs smishing as a distribution vector to proliferate the malware by accessing an infected smartphone's contacts and sending SMS messages containing links to the malware. "M...

Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication. Assigned the CVE identifier CVE-2022-20798 , the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper authentication checks when an affected device uses Lightweight Directory Access Protocol ( LDAP ) for external authentication. "An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device," Cisco noted in an advisory. "A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device." The flaw, which it said was identified during the resolution of a technical assistance center (TAC) case, impacts ESA and Secure Email and Web Manager running vulnerable ...

A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed  Panchan  by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "harvests SSH keys to perform lateral movement." The feature-packed botnet, which relies on a basic list of default SSH passwords to carry out a  dictionary attack  and expand its reach, primarily functions as a cryptojacker designed to hijack a computer's resources to mine cryptocurrencies. The cybersecurity and cloud service company noted it first spotted Panchan's activity on March 19, 2022, and attributed the malware to a likely Japanese threat actor based on the language used in the administrative panel baked into the binary to edit the mining configuration. Panchan is known to deploy and execute two miners, XMRig and nbhash, on the host ...

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed  Hertzbleed  by a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling ( DVFS ), a power and thermal management feature employed to conserve power and reduce the amount of heat generated by a chip. "The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second)," the researchers said. This can have significant security implications on cryptographic libraries even when implemented correctly as  constant-time code  to prevent timing-based side channels, effectively enabling an attacker to leverage t...

Breaches don't just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact,  43%  of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses ( 83% ), however, don't have the financial resources to recover if they are a victim of an attack.  These small security teams were getting lost in the shuffle...until now.  The rise of XDR  As the threat landscape changes and bad actors continue to evolve their tactics, the industry is responding with new solutions and approaches to the way we do cybersecurity. The most recent evolution of cybersecurity technology is extended detection and response (XDR). There's no doubt you've heard of it. But do you have a firm grasp on what it really is and its unique value? If you shook your head "no" – you aren't alone. Industry exper...

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak. The botnet is said to have created a flood of more than 212 million HTTPS requests within less than 30 seconds from over 1,500 networks in 121 countries, including Indonesia, the U.S., Brazil, Russia, and India. Roughly 3% of the attack came through Tor nodes. The attack "originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things...

Microsoft finally released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are  55 other flaws , three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five more shortcomings were resolved in the Microsoft Edge browser. Tracked as  CVE-2022-30190  (CVSS score: 7.8), the  zero-day bug  relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool (MSDT) when it's invoked using the "ms-msdt:" URI protocol scheme from an application such as Word. The vulnerability can be trivially exploited by means of a specially crafted Word document that downloads and loads a malicious HTML file through Word's remote template feature. The HTML file ultimately permits the attacker to load and execute PowerShell code within Windows. "An attacker who successfully exploits thi...

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information," SonarSource  said  in a report shared with The Hacker News. Tracked as  CVE-2022-27924  (CVSS score: 7.5), the issue has been characterized as a case of "Memcached poisoning with unauthenticated request," leading to a scenario where an adversary can inject malicious commands and siphon sensitive information. This is made possible by poisoning the IMAP route cache entries in the Memcached server that's used to look up Zimbra users and forward their HTTP requests to appropriate backend services. Memcached is an in-memory key-value sto...