The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft has released fixes to address  63 security bugs  in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in addition to  more than 35 security shortcomings  addressed in its Chromium-based Edge browser since the release of Patch Tuesday updates for October 2023. The five zero-days that are of note are as follows - CVE-2023-36025  (CVSS score: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2023-36033  (CVSS score: 7.8) - Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36036  (CVSS score: 7.8) - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2023-36038  (CVSS score: 8.2) - ASP.NET C...

VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as  CVE-2023-34060  (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console)," the company  said  in an alert. "This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present." The virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by  CVE-2023-34060 . Dustin Hartle from IT solutions provider ...

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization ( SEV ) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed  CacheWarp  (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security and the Graz University of Technology. It impacts AMD CPUs supporting all variants of SEV. "For this research, we specifically looked at AMD's newest TEE, AMD SEV-SNP, relying on the experience from previous attacks on Intel's TEE," security researcher Ruiyi Zhang told The Hacker News. "We found the 'INVD' instruction [flush a processor's cache contents] could be abused under the threat model of AMD SEV." SEV, an  extension  to the AMD-V architecture and introduced in 2016, is designed to isolate VMs from the hypervisor by encrypting the me...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

In 2023, the global average cost of a data breach reached  $4.45 million . Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity measures might not be cutting it anymore.  Against this backdrop, businesses must find ways to strengthen their measures to safeguard precious data and critical assets. At the heart of this shift lies a key strategy: continuous monitoring. Understanding Continuous Security Monitoring in Cybersecurity Continuous monitoring is a dynamic approach that encompasses several techniques to fulfil a multi-layered defense strategy. These techniques can include:  Risk-Based Vulnerability Management (RBVM): Continuous vulnerability assessments across your network with remediation prioritiza...

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed  OracleIV . "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv_latest' and containing Python malware compiled as an ELF executable," Cado researchers Nate Bill and Matt Muir  said . The malicious activity starts with attackers using an HTTP POST request to Docker's API to retrieve a malicious image from Docker Hub, which, in turn, runs a command to retrieve a shell script (oracle.sh) from a command-and-control (C&C) server. Oracleiv_latest  purports to be a MySQL image for docker and has been pulled 3,500 times to date. In a perhaps not-so-surprising twist, the image also includes additional instructions to fetch an XMRig miner and its configuration from the same server. That said, the clo...

Have you heard about Dependabot? If not, just ask any developer around you, and they'll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects.  Dependabot not only takes care of the checks for you, but also provides suggestions for modifications that can be approved with just a single click. Although Dependabot is limited to GitHub-hosted projects, it has set a new standard for continuous providers to offer similar capabilities. This automation of "administrative" tasks has become a norm, enabling developers to integrate and deploy their work faster than ever before. Continuous integration and deployment workflows have become the cornerstone of software engineering, propelling the DevOps movement to the forefront of the industry. But a  recent advisory  by security firm Checkmarx sheds light on a concerning incident. Malicious actors have recently attempted to exploit the trust associated with D...

Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind . The activity, detected between July and October 2023, has been  attributed  by Proofpoint to a threat actor it tracks under the name  TA402 , which is also known as Molerats, Gaza Cyber Gang, and shares  tactical overlaps  with a pro-Hamas hacking crew known as  APT-C-23  (aka Arid Viper). "When it comes to state-aligned threat actors, North Korea, Russia, China, and Iran generally reap the lion's share of attention," Joshua Miller, senior threat researcher at Proofpoint, said in a statement shared with The Hacker News. "But TA402, a Middle Eastern advanced persistent threat (APT) group that historically has operated in the interests of the Palestinian Territories, has consistently proven to be an intriguing threat actor capable of highly sophisticated cyber espionage with a focus on intellig...

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. "An important feature that sets it apart is that, unlike previous campaigns, which relied on .NET applications, this one used Delphi as the programming language," Kaspersky  said  in a report published last week. Ducktail , alongside  Duckport  and  NodeStealer , is part of a  cybercrime ecosystem  operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts. Such attacks primarily single out users who may have access to a Facebook Business account. The fraudsters then use the unauthorized access to place advertisements for financial gain, perpetuatin...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday  added  five vulnerabilities to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation - CVE-2023-36844  (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845  (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability CVE-2023-36846  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36847  (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36851  (CVSS score: 5.3) - Juniper Junos OS SRX Series M...

The threat actors behind a new ransomware group called  Hunters International  have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International," Martin Zugec, technical solutions director at Bitdefender,  said  in a report published last week. Hive, once a prolific ransomware-as-a-service (RaaS) operation, was  taken down  as part of a coordinated law enforcement operation in January 2023. While it's common for ransomware actors to regroup, rebrand, or disband their activities following such seizures, what can also happen is that the core developers can pass on the source code and other infrastructure in their possession to another threat actor. Reports about Hunters International as a possible Hi...