The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library. "On October 30th ~6:20 PM UTC - LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code," the company said in a statement on X. "This does not impact our dotlottie player and/or SaaS service." LottieFiles is an animation workflow platform that enables designers to create, edit, and share animations in a JSON-based animation file format called Lottie. It's also the developer behind an npm package named lottie-player , which allows for embedding and playing Lottie animations on websites. According to the company, "a large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest ...

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as "the new perimeter", the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data breaches, account takeovers, and credential theft. The "Enterprise Identity Threat Report 2024" ( download here ) is based on exclusive data available only to the LayerX Browser Security platform. This data derives from LayerX's unique visibility into every user action in the browser, across industries. It provides a detailed analysis of emerging risks and uncovered hidden threats. To register to a live webinar to cover the key findings in this report, Click here . Below is a deeper dive into some of the report's most critical findings: 1. The Greatest Risk Comes from 2% of Users Security profe...

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain administrator level access after which malicious plugins could be uploaded and installed," Patchstack security researcher Rafie Muhammad said in an analysis. LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name implies, comes with advanced caching functionality and optimization features. It's installed on over six million sites. The newly identified issue, per Patchstack, is rooted in a function named is_role_simulation and is similar to an earlier flaw that was publicly documented back in August ...

Threat actors linked to North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces , which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy, Silent Chollima, and Stonefly. "We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group," Palo Alto Networks Unit 42 said in a new report published today. "This incident is significant because it marks the first recorded collaboration between the Jumpy Pisces North Korean state-sponsored group and an underground ransomware network." Andariel, active since at least 2009, is affiliated with North Korea's Reconnaissance General Bureau (RGB). It has been previously observed deploying ...

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking , could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said it managed to publish a seemingly harmless browser extension to the Chrome Web Store that could then exploit the flaw when installed on Opera, making it an instance of a cross-browser-store attack. "This case study not only highlights the perennial clash between productivity and security but also provides a fascinating glimpse into the tactics used by modern threat actors operating just below the radar," Nati Tal, head of Guardio Labs, said in a report shared with The Hacker News. The issue has been addressed by Opera as of September 24, 2024, following responsible disclosure. That said, this is not th...

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute an information stealer known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News. "The malvertising campaign leverages nearly a hundred malicious domains, utilized not only for distributing the malware but also for live command and control (C2) operations, allowing threat actors to manage the attack in real-time." SYS01stealer was first documented by Morphisec in early 2023, describing attack campaigns targeting Facebook business accounts using Google ads and fake Facebook profiles that promote games, adult content, and cracked software. Like other stealer malware, the end goal is to steal login credentials, browsing history, and cookies. But it's also focused on obtaining Facebook ad and busin...

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300 times before being taken down from PyPI. "The malware activated automatically upon installation, targeting both Windows and macOS operating systems," Checkmarx said in a new report shared with The Hacker News. "A deceptive graphical user interface (GUI) was used to distract vic4ms while the malware performed its malicious ac4vi4es in the background." The package is designed to unleash its malicious behavior immediately after installation through code injected into its "__init__.py" file that first determines if the target system is Windows or macOS ...

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder supports your compliance goals Intruder's continuous vulnerability scanning and automated reporting help you meet the security requirements of multiple frameworks, including SOC 2, ISO 27001, HIPAA, Cyber Essentials, and GDPR. Here are three core ways Intruder can support you: 1. Making vulnerability management easy Security can be complicated, but your tools shouldn't be. Intruder's always-on platform brings together multiple powerful scanning engines, delivering comprehensive protection that goes beyond traditional vulnerability management. Covering application, cloud, internal, and netwo...

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform. The most severe of the flaws are two shortcomings impacting Lunary, a production toolkit for large language models (LLMs) - CVE-2024-7474 (CVSS score: 9.1) - An Insecure Direct Object Reference (IDOR) vulnerability that could allow an authenticated user to view or delete external users, resulting in unauthorized data access and potential data loss CVE-2024-7475 (CVSS score: 9.1) - An improper access control vulnerability that allows an attacker to update the SAML configuration, thereby making it possible to log in as an unauthorized user and access sensitive information Also discovered in Lunary is anot...

Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: "When you have eliminated the impossible, whatever remains, however improbable, must be the truth." Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution. In cybersecurity, exposure validation mirrors Holmes' approach: Security teams are usually presented with an overwhelming list of vulnerabilities, yet not every vulnerability presents a real threat. Just as Holmes discards irrelevant clues, security teams must eliminate exposures that are unlikely to be exploited or do not pose significant risks. Exposure validation (sometimes called Adversarial Exposure Validation) enables teams to concentrate on the most significant issues and minimize distractions. Similar to Holmes' deductive reasoning, validation of exposures directs organizations towa...