The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET  said  in a Wednesday analysis. First detailed by Qihoo 360 in 2017 under the moniker  Two-tailed Scorpion (aka APT-C-23 or Desert Falcon), the mobile malware has been deemed "surveillanceware" for its abilities to spy on the devices of targeted individuals, exfiltrating call logs, contacts, location, messages, photos, and other sensitive documents in the process. In 2018, Symantec discovered a  newer variant  of t...

A Russian hacker who was found guilty of  hacking LinkedIn ,  Dropbox , and Formspring over eight years ago has finally been  sentenced  to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin , 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users. Between March and July 2012, Nikulin hacked into the computers of LinkedIn,  Dropbox, and Formspring , and installed malware on them, which allowed him to remotely download user databases of over  117 Million LinkedIn  users and more than  68 Million Dropbox  users. According to the prosecutor, Nikulin also worked with unnamed co-conspirators of a Russian-speaking cybercriminal forum to sell customer data he stole as a result of his hacks. Besides hacking in...

Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws,  discovered  by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect Line's mbCONNECT24, two of the popular remote maintenance tools used in automotive, energy, oil & gas, metal, and packaging sectors to connect to industrial assets from anywhere across the world. Six Flaws in B&R Automation's SiteManager and GateManager According to an  advisory published by the US Cybersecurity and infrastructure Security Agency (CISA) on Wednesday, successful exploitation of the B&R Automation vulnerabilities could allow for "arbitrary information disclosure, manipulation, and a denial-of-service condition." The flaws, ranging from p...

Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago. Tracked as CVE-2020-3566 and CVE-2020-3569 , details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software that is installed on a range of Cisco's carrier-grade and data center routers. Both DoS vulnerabilities resided in Cisco IOS XR Software's Distance Vector Multicast Routing Protocol (DVMRP) feature and existed due to incorrect implementation of queue management for Internet Group Management Protocol (IGMP) packets on affected devices. IGMP is a communication protocol typically used by hosts and adjacent routers to efficiently use resources for multicasting applications when supporting streaming content such as online video streaming and gaming. "These vulnerabilities affect any Cisco device th...

Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks to Palmerworm (aka BlackTech) — likely a  China-based  advanced persistent threat (APT) — Symantec's Threat Hunter Team  said  the first wave of activity associated with this campaign began last year in August 2019, although their ultimate motivations still remain unclear. "While we cannot see what Palmerworm is exfiltrating from these victims, the group is considered an espionage group and its likely motivation is considered to be stealing information from targeted companies," the cybersecurity firm said. Among the multiple victims infected by Palmerworm, the media, electronics, and finance companies were all based in Taiwan, while an engineering company in Japan and a construction firm in China were also targeted. In addition to using custom malware to com...

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called  Zerologon —that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the  Netlogon Remote Control  Protocol for Domain Controllers. In other words, the underlying vulnerability ( CVE-2020-1472 ) could be exploited by an attacker to compromise Active Directory services, and eventually, the Windows domain without requiring any authentication. What's worse is that a proof-of-concept exploit for this flaw was released to the public last week, and immediately after, attackers started exploiting the weakness against unpatched systems in the wild. As described in our  coverage  based on a technical analysis published by Cynet security researchers, the underlying issue is Microsoft's im...

Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed " Operation SideCopy " by Indian cybersecurity firm  Quick Heal , the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay under the radar by "copying" the tactics of other threat actors such as the  SideWinder . Exploiting Microsoft Equation Editor Flaw The campaign's starting point is an email with an embedded malicious attachment — either in the form of a ZIP file containing an LNK file or a Microsoft Word document — that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw ( CVE-2017...

What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, the difference runs deeper. In a nutshell, a pen-test is performed to discover exploitable vulnerabilities and misconfigurations that would potentially serve unethical hackers. They primarily test the effectiveness of security controls and employee security awareness. The purpose of a red team exercise, in addition to discovering exploitable vulnerabilities, is to exercise the operational effectiveness of the security team, the blue team. A red team exercise challenges the blue team's capabilities and supporting technology to detect, respond, and recover from a breach. The objective is to improve their incident management and response procedures. The challenge with pen-testing and red te...

Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company , FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists. FinSpy, also known as FinFisher, can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, to gain spying capabilities, including secretly turning on their webcams and microphones, recording everything the victim types on the keyboard, intercepting calls, and exfiltration of data. According to the human rights organization Amnesty International , the newly discovered campaign is not linked to 'NilePhish,' a hacking group known for attacking Egyptian NGOs in a ser...

Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's for the very first time when source code for Microsoft's operating system has been leaked to the public. Several reports suggest that the collection of torrent files, which weigh 43GB in size, also said to include the source code for Windows Server 2003 and several Microsoft's older operating systems, including: Windows 2000 Windows CE 3  Windows CE 4  Windows CE 5  Windows Embedded 7 Windows Embedded CE Windows NT 3.5 Windows NT 4 MS-DOS 3.30  MS-DOS 6.0 The torrent download also includes the alleged source code for various Windows 10 components that  appeared in 2017 ...

As the pandemic continues to accelerate the shift towards working from home, a  slew of digital threats  have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network , over 200,000 businesses that have deployed the Fortigate VPN solution—with default configuration—to enable employees to connect remotely are vulnerable to man-in-the-middle (MitM) attacks, allowing attackers to present a valid SSL certificate and fraudulently take over a connection. "We quickly found that under default configuration the SSL VPN is not as protected as it should be, and is vulnerable to MITM attacks quite easily," SAM IoT Security Lab's Niv Hertz and Lior Tashimov said. "The Fortigate SSL-VPN client only verifies that the CA was issued by Fortigate (or another trusted CA), therefore an attacker can easily present a certificate issued to a differ...

Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a  critical vulnerability  in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What's more worrisome is that the flaw not only lets attackers perform actions on behalf of the user within the Instagram app—including spying on victim's private messages and even deleting or posting photos from their accounts—but also execute arbitrary code on the device. According to an  advisory  published by Facebook, the heap overflow security issue (tracked as CVE-2020-1895 , CVSS score: 7.8) impacts all versions of the Instagram app prior to 128.0.0.26.128, which was released on February 10 earlier this year. "This [flaw] turns the device into a tool for spying on targeted users without their knowledge, as well as enablin...