The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft's Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed  Bohrium  in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU  said  in a tweet. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware." According to an  ex parte order  shared by the tech giant, the goal of the intrusions was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance. To halt the malicious activities of Bohrium, Microsoft said it took down 41 ".com," ".info...

"Shifting (security)" left approach in Software Development Life Cycle (SDLC) means starting security earlier in the process. As organizations realized that software never comes out perfectly and are riddled with many exploitable holes, bugs, and business logic vulnerabilities that require going back to fix and patch, they understood that building secure software requires incorporating and consolidating numerous resources. This conclusion led DevOps and R&D leaders to become proactive, acquiring technology to find and close these gaps in advance, with the aim of reducing the cost and effort while improving the quality of their outcomes.  With emerging comprehensive  continuous security validation technology , the demonstrated benefits of 'shifting left' as a fundamental part of SDLC can now be applied to your cybersecurity program, with results far exceeding the purely technical aspects of security posture management.  At the development level, the conceptuali...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing ( NGS ) software. Three of the flaws are rated 10 out of 10 for severity on the Common Vulnerability Scoring System ( CVSS ), with two others having severity ratings of 9.1 and 7.4. The issues impact software in medical devices used for "clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only,"  according to the FDA . "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA  said  in an alert. "An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the c...

A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked as  CVE-2022-30190  (CVSS score: 7.8). No less than 1,000 phishing messages containing a lure document were sent to the targets. "This campaign masqueraded as a salary increase and utilized an RTF with the exploit payload downloaded from 45.76.53[.]253," the company  said  in a series of tweets. The payload, which manifests in the form of a PowerShell script, is Base64-encoded and functions as a downloader to retrieve a second PowerShell script from a remote server named "seller-notification[.]live." "This script checks for virtualization, steals information from local browsers, mail clients and file services, conducts machine re...

Atlassian on Friday rolled out fixes to address a  critical security flaw  affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as  CVE-2022-26134 , the issue is similar to  CVE-2021-26084  — another security flaw the Australian software company patched in August 2021. Both relate to a case of Object-Graph Navigation Language ( OGNL ) injection that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance. The newly discovered shortcoming impacts all supported versions of Confluence Server and Data Center, with every version after 1.3.0 also affected. It's been resolved in the following versions - 7.4.17 7.13.7 7.14.3 7.15.2 7.16.4 7.17.4 7.18.1 According to stats from internet asset discovery platform  Censys , there are about 9,325 services across 8,347 distinct hosts running a vulnerable versi...

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as  CVE-2022-1680 , the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1. "When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus — in the absence of 2FA — take over those accounts," GitLab  said . Having achieved this, a malicious actor can also change the display name and username of the targeted account, the DevOps platform provider cautioned in its...

An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed  LuoYu  has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky  said  in a new report. "Such attacks are especially dangerous and devastating because they do not require any interaction with the target to lead to a successful infection." Known to be active since 2008, organizations targeted by LuoYu are predominantly foreign diplomatic organizations established in China and members of the academic community as well as financial, defense, logistics, and telecommunications companies. LuoYu's use of  WinDealer  was first documented by Taiwanese cybersecurity firm  TeamT5  at the Japan Security Analyst Conference (JSAC) in January 2021. ...

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name "NDSW/NDSX," said that "the malware was one of the top infections" detected in 2021, accounting for more than 61,000 websites. Parrot TDS was  documented  in April 2022 by Czech cybersecurity company Avast, noting that the PHP script had ensnared web servers hosting more than 16,500 websites to act as a gateway for further attack campaigns. This involves appending a piece of malicious code to all JavaScript files on compromised web servers hosting content management systems (CMS) such as WordPress that are in turn said to be breached by taking advantage of weak login credentials and vulnerable plugins. Besides using different obfuscation tactics to conceal the code, the "injected JavaScript may also be found well indent...

Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive applications created by Polonium andd that it notified affected organizations. "The observed activity was coordinated with other actors affiliated with Iran's Ministry of Intelligence and Security (MOIS), based primarily on victim overlap and commonality of tools and techniques," MSTIC  assessed  with "moderate confidence." The adversarial collective is believed to have breached more than 20 organizations based in Israel and one intergovernmental organization with operations in Lebanon since February 2022. Targets of interest included entities in the manufacturing...

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being tracked as  CVE-2022-26134 . "Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server," it  said  in an advisory. "There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix." Specifics of the security flaw have been withheld until a software patch is available. All supported versions of Confluence Server and Data Center are affected, although it's expected that all versions of the enterprise solution are potentially vulnerable. The earliest impacted version is ...

As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization.  Threat detection is about an organization's ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and assets. At scale, threat detection analyzes the entire security infrastructure to identify malicious activity that could compromise the ecosystem. Countless solutions support threat detection, but the key is to have as much data as possible available to bolster your security visibility. If you don't know what is happening on your systems, threat detection is impossible.  Deploying the right security software is critical for protecting you from threats. What do we mean by threat detection software? In the early days of threat detection, software was deployed to protect against different forms of malware. ...

An analysis of  leaked chats  from the notorious  Conti ransomware group  earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals," firmware and hardware security firm Eclypsium  said  in a report shared with The Hacker News. "Such level of access would allow an adversary to cause irreparable damage to a system or to establish ongoing persistence that is virtually invisible to the operating system." Specifically, this includes attacks aimed at embedded microcontrollers such as the Intel  Management Engine  ( ME ), a privileged component that's part of the company's processor chipsets and which can completely bypass the operating system. It's worth noting that the reason for thi...