The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC  Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking)," firmware and hardware security company Eclypsium  said  in a report shared with The Hacker News. BMCs are privileged independent systems within servers that are used to control low-level hardware settings and manage the host operating system, even in scenarios when the machine is powered off. These capabilities make BMCs an enticing target for threat actors looking to plant persistent malware on devices that can survive operating system reinstalls and hard drive replacements. Some of the major server manufacturers that are known to have used MegaRAC BMC include AMD, Ampere C...

A new data wiper malware called  CryWiper  has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, [it] does not actually encrypt, but purposefully destroys data in the affected system," Kaspersky researchers Fedor Sinitsyn and Janis Zinchenko  said  in a write-up. Additional details of the attacks were shared by the Russian-language news publication  Izvestia . The intrusions have not been attributed to a specific adversarial group so far. A C++-based malware, CryWiper is configured to establish persistence via a scheduled task and communicate with a command-and-control (C2) server to initiate the malicious activity. Besides terminating processes related to database and email servers, the malware is equipped with capabilities to delete shadow copies of files and modify the Windows Registry to prevent RDP connections in...

In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This dramatically increases the need to define an exposure management strategy. To keep up with business needs while effectively assessing and managing cybersecurity risk, there are two primary elements that organizations should consider regarding their external attack surface: its  size  and its  attractiveness to attackers . While organizations are typically focused on accounting for the size of their attack surface, its attractiveness is not typically top of mind, though it may have a significant impact on risk. Attack Surface Size How many assets are accessible from the outside world?  There is a delicate balance between business needs and security. While there are good r...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number (VIN), researcher Sam Curry said in a  Twitter thread  last week. SiriusXM's Connected Vehicles (CV) Services are  said  to be used by more than 10 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota. The system is  designed  to enable a wide range of safety, security, and convenience services such as automatic crash notification, enhanced roadside assistance, remote door unlock, remote engine start, stolen vehicle recovery assistance, turn-by-turn navigation, and integration with smart home devices, among others. T...

The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents," researchers Callum Roxan, Paul Rascagneres, and Robert Jan Mora  said . The North Korean government is known to adopt a three-pronged approach by employing malicious cyber activity that's orchestrated to collect intelligence, conduct attacks, and generate illicit revenue for the sanctions hit nation. The threats are collectively tracked under the name  Lazarus Group  (aka Hidden Cobra or  Zinc ). "North Korea has conducted cyber theft against financial institutions and cryptocurrency exchanges worldwide, potentially stealing hundreds of millions of dollars, probably to fund ...

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier  CVE-2022-23093 , impacts all supported versions of FreeBSD and concerns a  stack-based buffer overflow  vulnerability in the  ping service . "ping reads raw IP packets from the network to process responses in the pr_pack() function," according to an  advisory  published last week. "The pr_pack() copies received IP and  ICMP  headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet." As a consequence, the destination buffer could be overflowed by up to 40 bytes when the IP option headers are present. The FreeBSD Project noted that the ping ...

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as  CVE-2022-4262 , concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution. According to the NIST's National Vulnerability Database, the flaw  permits  a "remote attacker to potentially exploit heap corruption via a crafted HTML page." Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse. CVE-2022-4262 is the fourth actively exploited type confusion flaw in Chrome that Google has addressed since the start of the year. It's also ...

Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first  discovered and reported  by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the Android Partner Vulnerability Initiative ( AVPI )  reads . "The 'android' application runs with a highly privileged user id – android.uid.system – and holds system permissions, including permissions to access user data." This effectively means that a rogue application signed with the same certificate can gain the highest level of privileges as the Android operating system, permitting it to harvest all kinds of sensitive information from a compromised device. The list of malicious Android app packages that have abused the certificates is below - com....

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency  said . GX Works3  is an  engineering workstation  software used in ICS environments, acting as a mechanism for uploading and downloading programs from/to the controller, troubleshooting software and hardware issues, and performing maintenance operations. The wide range of functions also makes the platform an attractive target for threat actors looking to compromise such systems to commandeer the  managed PLCs . Three of the 10 shortcomings relate to cleartext storage of sensitive data, four relate to the use of a...

Old technology solutions – every organization has a few of them tucked away somewhere.  It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago.  This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went under, then there's no longer any support for the software – which means that the accounting solution only works on some older operating system that isn't supplied with updates either. How valuable is it to  keep older solutions like this running ? Well, organizations don't enjoy running old legacy systems just for the pleasure of it, but they're often forced to keep them running because it's their only option, or at least the only cost-effective option available to them. If it works, it works…? From a purely functional perspective, there is usually no problem with old te...

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed " Hell's Keychain " by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure." Successful exploitation of the bug could enable a malicious actor to remotely execute code in customers' environments and even read or modify data stored in the PostgreSQL database. "The vulnerability consists of a chain of three exposed secrets (Kubernetes service account token, private container registry password, CI/CD server credentials) coupled with overly permissive network access to internal build servers," Wiz researchers Ronen Shustin and Shir Tamari  said . Hell's Keychain commences with an SQL inject...

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy  Redigo , according to cloud security firm  Aqua . Tracked as CVE-2022-0543 (CVSS score: 10.0), the weakness pertains to a case of sandbox escape in the Lua scripting engine that could be leveraged to attain remote code execution. This is not the first time the flaw has come under active exploitation, what with Juniper Threat Labs uncovering attacks perpetrated by the  Muhstik botnet  in March 2022 to execute arbitrary commands. The Redigo infection chain is similar in that the adversaries scan for exposed Redis servers on port 6379 to establish initial access, following it up by downloading a shared library "exp_lin.so" from a remote...