The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to easy-to-remember passwords, or use the same password for every account and application.  Password reuse is both common and risky.  65% of users  admit to reusing their credentials across multiple sites. Another analysis of identity exposures among employees of Fortune 1000 companies found a  64% password reuse rate  for exposed credentials. Pair these findings with the fact that a vast majority  (80%) of all data breaches  are sourced from lost or stolen passwords, and we have a serious problem. In short, a breached password from one system can be used to compromise another. So, what does this all mean for your o...

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of  103 flaws  in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from  18 security vulnerabilities  addressed in its Chromium-based Edge browser since the second Tuesday of September. The two vulnerabilities that have been weaponized as zero-days are as follows - CVE-2023-36563  (CVSS score: 6.5) - An information disclosure vulnerability in Microsoft WordPad that could result in the leak of NTLM hashes CVE-2023-41763  (CVSS score: 5.3) - A privilege escalation vulnerability in Skype for Business that could lead to exposure of sensitive information such as IP addresses or port numbers (or both), enabling threat actors to gain access to internal networks "To exploit this vulnerability, an attacker would first have to log on to the system. An atta...

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as  Storm-0062  (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server," the company  noted  in a series of posts on X (formerly Twitter). "Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application." CVE-2023-22515 , rated 10.0 on the CVSS severity rating system, allows  remote attackers  to create unauthorized Confluence administrator accounts and access Confluence servers. The flaw has been addressed in the following versions - 8.3.3 or later 8.4.3 or later, and 8.5.2 (Long Term Suppor...

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The  layer 7 attacks  were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as  CVE-2023-44487 , and carries a CVSS score of 7.5 out of a maximum of 10. While the attacks aimed at Google's cloud infrastructure peaked at  398 million requests per second  (RPS), the ones that struck AWS and Cloudflare exceeded a volume of 155 million and 201 million RPS, respectively. HTTP/2 Rapid Reset refers to a zero-day flaw in the HTTP/2 protocol that can be exploited to carry out DDoS attacks. A significant feature of HTTP/2 is multiplexing requests over a single TCP connection, which manifests in the form of concurrent streams. What's more, a client that wants to abor...

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it  rolled out support  for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms. "This means the next time you sign in to your account, you'll start seeing prompts to create and use passkeys, simplifying your future sign-ins," Google's Sriram Karra and Christiaan Brand  said . "It also means you'll see the ' skip password when possible ' option toggled on in your Google Account settings." Passkeys are a new form of authentication that entirely eliminate the need for usernames and passwords, or even provide any additional authentication factor. In other words, it's a passwordless login mechanism that leverages public-key cryptography to authenticate users' access to websites and apps, with the private key saved securely in the device and the public key stored in the server. Each passkey is unique and...

Certain online risks to children are on the rise, according to a recent report from Thorn , a technology nonprofit whose mission is to build technology to defend children from sexual abuse. Research shared in the  Emerging Online Trends in Child Sexual Abuse 2023 report , indicates that minors are increasingly taking and sharing sexual images of themselves. This activity may occur consensually or coercively, as youth also report an increase in risky online interactions with adults. "In our digitally connected world, child sexual abuse material is easily and increasingly shared on the platforms we use in our daily lives," said John Starr, VP of Strategic Impact at Thorn. "Harmful interactions between youth and adults are not isolated to the dark corners of the web. As fast as the digital community builds innovative platforms, predators are co-opting these spaces to exploit children and share this egregious content." These trends and others shared in the Emerging O...

A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the manufacturing, IT, and biomedical sectors in Taiwan. The Symantec Threat Hunter Team, part of Broadcom, attributed the attacks to an advanced persistent threat (APT) it tracks under the name  Grayling . Evidence shows that the campaign began in February 2023 and continued until at least May 2023. Also likely targeted as part of the activity is a government agency located in the Pacific Islands, as well as entities in Vietnam and the U.S. "This activity stood out due to the use by Grayling of a distinctive DLL side-loading technique that uses a custom decryptor to deploy payloads," the company  said  in a report shared with The Hacker News. "The motivation driving this activity appears to be intelligence gathering." The initial foothold to victim environments is said to have been achieved by exploiting public-facing infrastructure, ...

A sophisticated  Magecart  campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries. "In this campaign, all the victim websites we detected were directly exploited, as the malicious code snippet was injected into one of their first-party resources," Akamai security researcher Roman Lvovsky  said  in a Monday analysis. This involves inserting the code directly into the HTML pages or within one of the first-party scripts that were loaded as part of the website. The attacks are realized through a multi-stage chain, in which the loader code retrieves the main payload during runtime in order to capture the sensitive information entered by visitors on checkout pages and exfiltrate it to a remote server. ...

A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as  CVE-2023-43641  (CVSS score: 8.8), the  issue  is described as a case of memory corruption in libcue, a library designed for parsing  cue sheet files . It impacts versions 2.2.1 and prior. libcue is incorporated into Tracker Miners , a search engine tool that's included by default in GNOME and indexes files in the system for easy access. The problem is rooted in an out-of-bounds array access in the track_set_index function that allows for achieving code execution on the machine simply by tricking a victim into clicking a malicious link and downloading a .cue file. "A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage," according to a  description  of the vulnerability in the National Vulnerability Database (NV...

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month,  said  adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials." CVE-2023-3519  (CVSS score: 9.8), addressed by Citrix in July 2023, is a critical code injection vulnerability that could lead to unauthenticated remote code execution. Over the past few months, it has been  heavily   exploited  to  infiltrate vulnerable devices  and gain persistent access for follow-on attacks. In the latest attack chain discovered by IBM X-Force, the operators sent a specially crafted web request to trigger the exploitation of CVE-2023-3519 and deploy a PHP-based web shell. The access afforded by the web shell is subseque...

An ad fraud botnet dubbed  PEACHPIT  leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed  BADBOX , which also entails selling off-brand mobile and connected TV (CTV) devices on popular online retailers and resale sites that are backdoored with an  Android malware strain  called  Triada . "The PEACHPIT botnet's conglomerate of associated apps were found in 227 countries and territories, with an estimated peak of 121,000 devices a day on Android and 159,000 devices a day on iOS," HUMAN  said . The infections are said to have been realized through a collection of 39 apps that were installed more than 15 million times. Devices fitted with the BADBOX malware allowed the operators to steal sensitive data, create residential proxy exit peers, and commit ad fraud through the bogus apps. It's currently not c...