The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos  said  in a detailed write-up. "The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account." The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang  published a list of files  from the breach to their data leak site on August 10. The exfiltrated information, according to Talos, included the contents of a Box cloud storage folder that was associated with the compromised employee's account and is not believed to have included any valuabl...

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems. The  new findings  come from Palo Alto Networks' Unit 42 threat intelligence team, which is tracking the double extortion ransomware group under the  constellation-themed moniker   Tropical Scorpius . Cuba ransomware (aka  COLDDRAW ), which was first detected in December 2019, reemerged on the threat landscape in November 2021 and has been attributed to attacks against 60 entities in five critical infrastructure sectors, amassing at least $43.9 million in ransom payments. Of the 60 victims listed on its data leak site, 40 are located in the U.S., indicating a not as global distribution of targeted organizations as other ransomware gangs. "Cuba ransomware is distributed through Hancitor malware, a loader known for dropping or executing stealers,...

Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was the victim of a significant cybersecurity breach where hackers used an attack known as  credential stuffing . It resulted in fraudulent activity tied to customer accounts. Let's look at the Zola breach and why it emphasizes the need for organizations to bolster their password security and protect against various types of password attacks. What happened with the Zola attack? Instead of going after Zola's core business-critical infrastructure, hackers went after customer accounts with the May attack. Attackers used an age-old technique called  credential stuffing  to compromise several Zola customer accounts. With access to the compromised accounts, they attempted to purchase gift ...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform  Device42  that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an  LFI ) or obtain full access to the appliance files and database (through remote code execution)," Bitdefender  said  in a Wednesday report. Even more concerningly, an adversary with any level of access within the host network could daisy-chain three of the flaws to bypass authentication protections and achieve remote code execution with the highest privileges. The issues in question are listed below - CVE-2022-1399  - Remote Code Execution in scheduled tasks component CVE-2022-1400  - Hard-coded encryption key IV in Exago WebReportsApi.dll CVE 2022-1401  - Insufficient validati...

Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. "When a security vulnerability is reported in an action, our team of security researchers will create an advisory to document the vulnerability, which will trigger an alert to impacted repositories," GitHub's Brittany O'Shea and Kate Catlin  said . GitHub Actions  is a continuous integration and continuous delivery (CI/CD) solution that enables users to automate the software build, test, and deployment pipeline. Dependabot  is part of the Microsoft-owned subsidiary's continued efforts to secure the  software supply chain  by  notifying  users that their source code depends on a package with a security vulnerability and helping keep all the dependencies up-to-date. The latest move entails receiving alerts on GitHub Actions and vulnerabilities impacting deve...

A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg  reported  Tuesday. He faces up to 20 years in prison when sentenced. The  verdict  comes nearly three years after Abouammo, along with Ali Alzabarah and Ahmed Almutairi (Ahmed Aljbreen) were  indicted in 2019  for acting as "illegal agents" of Saudi Arabia, with the former also charged with destroying, altering, and falsifying records in a federal investigation. Prosecutors accused Abouammo and Alzabarah, both of whom joined Twitter in 2013, of being enlisted by officials of the Kingdom of Saudi Arabia for  unmasking its critics  on the social media platform. According to court documents, both individuals leveraged their access to internal systems to unauth...

The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an  advisory  about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021. Much of the data about its modus operandi came from incident response activities and industry analysis of a Maui sample that revealed a lack of "several key features" typically associated with ransomware-as-a-service (RaaS) operations. Not only is Maui designed to be manually executed by a remote actor via a command-line interface, it's also notable for not including a ransom note to provide recovery instructions. Subsequently, the Justice Department  announced  the seizure of $500,000 worth of Bitcoin that were extorted from several organizations, including t...

Today's web has made hackers' tasks remarkably easy. For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. Cybercrime has entered a new era where people don't steal just for the thrill of doing it anymore. They make it their business to carry out illegal cyber activities in small groups or individually to earn business from online criminals, selling offensive services like spyware as a service or commercial cybersecurity. For instance, a series of new DDoS for Hire are commoditizing the art of hacking and reducing the barrier to launching  DDoS attacks . Who are Hackers-for-Hire?  Hackers-for-hire are secret cyber experts or groups who specialize in infiltrating organizations to acquire intelligence in one way...

Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated  phishing attack against Twilio . The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards and was ultimately unsuccessful. The text messages pointed to a seemingly legitimate domain containing the keywords "Cloudflare" and "Okta" in an attempt to deceive the employees into handing over their credentials. The wave of over 100 smishing messages commenced less than 40 minutes after the rogue domain was registered via Porkbun, the company noted, adding the phishing page was designed to relay the credentials entered by unsuspecting users to the attacker via Telegram in real-time. This also meant that the attack could defeat 2FA roadblocks, as the Time-based On...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. This means that an adversary could exploit the flaw to drop arbitrary files on a target system that has the utility installed simply by decompressing the file. The vulnerability was  revealed  by SonarSource researcher Simon Scannell in late June. "RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation," the agency  said  in an advisory. Although the flaw affects any Linux application that uses UnRAR to extract an archive file, a successful exploi...

As many as  121 new security flaws  were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues have been listed as publicly known at the time of the release. It's worth noting that the 121 security flaws are in addition to  25 shortcomings  the tech giant addressed in its Chromium-based Edge browser late last month and the previous week. Topping the list of patches is  CVE-2022-34713  (CVSS score: 7.8), a case of remote code execution affecting the Microsoft Windows Support Diagnostic Tool (MSDT), making it the second flaw in the same component after  Follina  (CVE-2022-30190) to be weaponized in  real-world attacks  within three months....

Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "well-organized" and "methodical in their actions." The incident came to light on August 4. "This broad based attack against our employee base succeeded in fooling some employees into providing their credentials," it  said  in a notice. "The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data." The communications giant has  268,000 active customer accounts , and counts companies like Airbnb, Box, Dell, DoorDash, eBay, Glassdoor, Lyft, Salesforce, Stripe, Twitter, ...