The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance. The comprises  CVE-2023-28432  (CVSS score: 7.5) and  CVE-2023-28434  (CVSS score: 8.8), the former of which was  added  to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog on April 21, 2023. The two vulnerabilities "possess the potential to expose sensitive information present within the compromised installation and facilitate remote code execution (RCE) on the host where the MinIO application is operational," Security Joes  said  in a report shared with The Hacker News. In the attack chain investigated by the company, the flaws are said ...

X, the social media site formerly known as Twitter, has updated its privacy policy to collect users' biometric data to tackle fraud and impersonation on the platform. "Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes," the company  said . The revised policy is expected to go into effect on September 29, 2023. The social media behemoth told Bloomberg, which  first reported  the development, that the change is limited to premium users and that a biometric matching process "will also help X fight impersonation attempts and make the platform more secure." To that end, users will be given the option to provide government ID and a picture for identity matching or verification using biometric data, the company told the publication. However, there is currently no clarity on how it plans to collect it and for how long such information will be retained in its systems. The policy update is also expected ...

There's been a great deal of AI hype recently, but that doesn't mean the robots are here to replace us. This article sets the record straight and explains how businesses should approach AI. From musing about self-driving cars to fearing AI bots that could destroy the world, there has been a great deal of AI hype in the past few years. AI has captured our imaginations, dreams, and occasionally, our nightmares. However, the reality is that AI is currently much less advanced than we anticipated it would be by now. Autonomous cars, for example, often considered the poster child of AI's limitless future, represent a narrow use case and are not yet a common application across all transportation sectors. In this article, we de-hype AI, provide tools for businesses approaching AI and share information to help stakeholders educate themselves.  AI Terminology De-Hyped AI vs. ML AI (Artificial Intelligence) and ML (Machine Learning) are terms that are often used interchangeably, but the...

Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. "Threat actors have long used fraudulent ads as a vector to target victims with scams, malvertising, and more," WithSecure researcher Mohammad Kazem Hassan Nejad  said . "And with businesses now leveraging the reach of social media for advertising, attackers have a new, highly-lucrative type of attack to add to their arsenal – hijacking business accounts." Cyber attacks targeting Meta Business and Facebook accounts have gained popularity over the past year, courtesy of activity clusters such as  Ducktail  and  NodeStealer  that are known to raid businesses and individuals operating on Facebook. Among the methods employed by cybercriminals to gain unauthorized access to user accounts, social engineering plays a significant role. Victims are approached through various platforms...

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed  MalDoc in PDF  by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF," researchers Yuma Masubuchi and Kota Kino  said . "If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors." Such specially crafted files are called  polyglots  as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC). This entails adding an MHT file created in Word and with a macro attached after the PDF file object. The end result is a valid PDF file that can also be opened in the Word application. Put differently; the PDF document embeds within itself a Word document with ...

A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. "The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to collect personally identifying information (PII) and payment credentials from victims, in the furtherance of identity theft and credit card fraud," Resecurity  said  in an analysis published last week. The cybercrime group, dubbed  Smishing Triad , is also said to be in the business of "fraud-as-a-service," offering other actors ready-to-use smishing kits via Telegram that cost $200 a month. These kits impersonate popular postal and delivery services in the U.S, the U.K, Poland, Sweden, Italy, Indonesia, Malaysia, Japan, and other countries. A stand-out aspect of the activity is the use of breached Apple iCloud accounts as a delivery vector to send package delivery failure ...

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as  CVE-2023-34039 , is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. "A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," VMware said earlier this week. Summoning Team's Sina Kheirkhah, who published the PoC following an analysis of the patch released by VMware, said the root cause can be traced back to a bash script containing a method named refresh_ssh_keys(), which is responsible for overwriting the current SSH keys for the support and ubuntu users in the authorized_keys file. "There is SSH authentication in place; however, VMware forgot to regenerat...

Identity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions. "In recent weeks, multiple U.S.-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller's strategy was to convince service desk personnel to reset all multi-factor authentication (MFA) factors enrolled by highly privileged users," the company  said . The adversary then moved to abuse the highly privileged Okta Super Administrator accounts to impersonate users within the compromised organization. The campaign, per the company, took place between July 29 and August 19, 2023. Okta did not disclose the identity of the threat actor, but the tactics exhibit all the hallmarks of an activity cluster known as  Muddled Libra , which is said to share some degree of overlap with Scattered Spider and Scatter Swine. Central to the attacks is a comme...

Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER , said it stands out for the way the toolset and infrastructure is employed. "Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software, and finally ransomware payloads," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical breakdown of the activity. "The ransomware payload of choice appears to be a newer variant of Mimic ransomware called FreeWorld." Initial access to the victim host is achieved by brute-forcing the MS SQL server, using it to enumerate the database and leveraging the xp_cmdshell configuration option to run shell commands and conduct reconnaissance. The next stage entails taking steps to impair system firewall and establish persistence by connecting to a remote SMB share...

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed  Infamous Chisel  and attributed to a Russian state-sponsored actor called Sandworm, has  capabilities  to "enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information." Some aspects of the malware were  uncovered  by the Security Service of Ukraine (SBU) earlier in August, highlighting unsuccessful attempts on part of the adversary to penetrate Ukrainian military networks and gather valuable intelligence. It's said that Russian forces captured tablets used by Ukraine on the battlefield, using them as a foothold to remotely disseminate the malware to other devices by using the Android Debug Bridge ( ADB ) command-line tool. Sandworm, also known b...

A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called  SuperBear . The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs  said  in a new report. The LNK file, upon execution, launches a PowerShell command to execute a Visual Basic script that, in turn, fetches the next-stage payloads from a legitimate but compromised WordPress website. This includes the Autoit3.exe binary ("solmir.pdb") and an AutoIt script ("solmir_1.pdb") that's launched using the former. The AutoIt script, for its part, performs process injection using a  process hollowing technique , in which malicious code is inserted into a process that's in a suspended state. In this case, an instance of Explorer.exe is spawned to inject a never-before-seen RAT referred...

As cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive data. Surprisingly, one of the most potent weapons in their arsenal is not malicious code but simply stolen or weak usernames and passwords. This article explores the seriousness of compromised credentials, the challenges they present to security solutions, and the importance of implementing robust measures to protect Active Directory (AD) environments. Additionally, we introduce Silverfort Unified Identity Protection , a comprehensive solution that offers enhanced security for AD environments against the misuse of compromised credentials. The Power of Stolen Credentials: Full Access to Any Resource  In the world of cyberattacks, stolen usernames and passwords are a highly effective means of gaining unauthorized access to networks and systems. They grant adversaries an entry point, allowing them subsequent access to sensitive on-prem and cloud reso...