The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug stemming from a stack-based buffer overflow (CVE-2019-12266), and a case of unauthenticated access to the contents of the SD card (no CVE). Successful exploitation of the bypass vulnerability could allow an outside attacker to fully control the device, including disabling recording to the SD card and turning on/off the camera, not to mention chaining it with CVE-2019-12266 to view the live audio and video feeds. Romanian cybersecurity firm Bitdefender, which  discovered the shortcomings , said it reached out to the vendor way back in May 2019, following which Wyze released patches to fix...

Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack," Assaf Morag, a data analyst at Aqua Security,  said  in a report. The new ransomware sample, which the cloud security firm detected after it was trapped in one of its honeypot servers, is said to have been executed after the unnamed adversary gained access to the server and downloaded the necessary tools required to carry out the encryption process by opening a terminal. Aqua Security characterized the attack as "simple and straightforward," unlike other traditional ransomware-as-a-service (RaaS) schemes, add...

A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which  masquerades  as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns. "Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites," Google's Threat Analysis Group (TAG)  said  in a new report, using it to siphon credentials entered by unsuspected victims to a remote server. Among other groups  using the war as a lure  in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include  Mustang Panda  and  Scarab  as well as nation-state actors...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher  briefly leaked  a  proof-of-concept  (PoC)  exploit  on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit ( JDK ) versions 9 and later and is a bypass for another vulnerability tracked as  CVE-2010-1622 , enabling an unauthenticated attacker to execute arbitrary code on the target system. Spring is a  software framework  for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform. "In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system," researchers Anthony Weems and Dallas Kaman  said . "However, exploitation of different configurations will require the at...

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company  said  in an advisory published on March 29, 2022. "If exploited, the vulnerability allows attackers to conduct denial-of-service attacks." Tracked as  CVE-2022-0778  (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices. QNAP, which is currently investigating its line-up, said it affects the following operating system versions – QTS 5.0.x and later QTS 4.5.4 and later QTS 4.3.6 and later QTS 4.3.4 and later QTS 4.3.3 and later QTS 4.2.6 and later QuTS hero h5.0.x and later QuTS hero h4.5.4 and later, and QuTScloud c5.0.x To date, t...

A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov  said  in a report published Tuesday. Based on the  Oski Stealer  and first discovered in June 2021,  Mars Stealer  is said to be constantly under development and available for sale on over 47 underground forums, darknet sites, and Telegram channels, costing only $160 for a lifetime subscription. Information stealers allow adversaries to vacuum personal information from compromised systems, including stored credentials and browser cookies, which are then sold on criminal marketplaces or used as a springboard for launching further attacks. The release of Mars Stealer last year has also ...

A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system ( CVE-2022-27254 ) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart). "A hacker can gain complete and unlimited access to locking, unlocking, controlling the windows, opening the trunk, and starting the engine of the target vehicle where the only way to prevent the attack is to either never use your fob or, after being compromised (which would be difficult to realize), resetting your fob at a dealership," Berry  explained  in a GitHub post. The underlying issue is that the remote key fob on the a...

For anyone with interest in  cybersecurity , learning Python is a must. The language is used extensively in white hat hacking, and professionals use  Python  scripts to automate tests. It also has a use in the "soft" side of cybersecurity — like scraping the web for compromised data and detecting bugs.  Featuring nine full-length video courses,  The Complete 2022 Python Programmer Bundle  helps you come to grips with this powerful programming language. The included training is worth $1,791 altogether. But thanks to a special price drop, readers of The Hacker News can  get the bundle today for just $39 . Special Offer — This library of Python video training includes 46 hours of content, and you can get lifetime access today  for just $39 ! When each new year of computer science talent arrives at MIT and Stanford, one of the first languages they learn is Python.  Why? Well, it's relatively easy to read. But just as importantly, it's super...

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as of writing – posting images of extracted data and credentials belonging to the company's DevOps infrastructure. The screenshots depict a folder listing for what appears to be different companies from across the world, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Facebook, Stifel, among others. Also shared is a torrent file purported to contain around 70GB of Globant's source code as well as administrator passwords associated with the firm's Atlassian suite, including Confluence and Jira, and the Crucible code review tool. As malware research group  VX-Underground  points out, the passwords are not only easily guessable, but they...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DoE) are jointly warning of attacks against internet-connected uninterruptible power supply (UPS) devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet," the agencies  said  in a bulletin published Tuesday. UPS devices, in addition to offering power backups in mission-critical environments, are also equipped with an internet of things (IoT) capability, enabling the administrators to carry out power monitoring and routine maintenance. But as is often the case, such features can also open the door to malicious attacks. To mitigate against such threats, CISA and DoE are advising organizations to enumerate and disconnect all UPS systems from the internet and gate them behind a...

SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as  CVE-2022-22274  (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that could be triggered by sending a specially crafted HTTP request, leading to remote code execution or DoS. The flaw impacts 31 different SonicWall Firewall devices running versions 7.0.1-5050 and earlier, 7.0.1-R579 and earlier, and 6.5.4.4-44v-21-1452 and earlier. ZiTong Wang of Hatlab has been credited with reporting the issue. The network security company  said  it's not aware of any instance of active exploitation in the wild leveraging the weakness, and that no proof-of-concept (PoC) or malicious use of the vulnerability has been publicly reported to date. That said,...

A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Transparent Tribe has been a highly active APT group in the Indian subcontinent," Cisco Talos researchers  said  in an analysis shared with The Hacker News. "Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage." Last month, the advanced persistent threat expanded its malware toolset to compromise Android devices with a backdoor named  CapraRAT  that exhibits a high "degree of crossover" with CrimsonRAT. The latest set of attacks detailed by Cisco Talos involves making use of fake domains that mimic legitimate government and related organizations to deliver the malicious payloads, including a Pytho...