The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel—surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems. Dubbed " AIR-FI ," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands" and transmitting information atop these frequencies that can then be intercepted and decoded by nearby Wi-Fi capable devices such as smartphones, laptops, and IoT devices before sending the data to remote servers controlled by an attacker. The findings were published today in a paper titled "AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers" by Dr. Mordechai Guri , the head of R&D at Ben-Gurion University of the Negev's Cyber-Security Research Center, Israel. "The AI...

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. " SoReL-20M " (short for  So phos- Re versing L abs –  20   M illion), as it's called, is a dataset containing metadata, labels, and features for 20 million Windows Portable Executable (.PE) files, including 10 million disarmed malware samples, with the goal of devising machine-learning approaches for better malware detection capabilities. "Open knowledge and understanding about cyber threats also leads to more predictive cybersecurity," Sophos AI group said. "Defenders will be able to anticipate what attackers are doing and be better prepared for their next move." Accompanying the release are a set of  PyTorch  and  LightGBM -based machine learning  models pre-trained...

State-sponsored actors allegedly working for Russia have  targeted  the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to  monitor internal email traffic  as part of a widespread cyberespionage campaign. The Washington Post, citing unnamed sources, said the latest attacks were the work of APT29 or Cozy Bear, the same hacking group that's believed to have orchestrated a breach of US-based cybersecurity firm  FireEye  a few days ago leading to the theft of its Red Team penetration testing tools. The motive and the full scope of what intelligence was compromised remains unclear, but signs are that adversaries tampered with a software update released by Texas-based IT infrastructure provider SolarWinds earlier this year to infiltrate the systems of government agencies as well as FireEye and mount a highly-sophisticated  supply chain attack . "The compromise of Sol...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software—as well as with ability for its affiliates to launch double extortion attacks. The MountLocker ransomware, which only began making the rounds in July 2020, has already gained notoriety for stealing files before encryption and demanding ransom amounts in the millions to prevent public disclosure of stolen data, a tactic known as  double extortion . "The MountLocker Operators are clearly just warming up. After a slow start in July they are rapidly gaining ground, as the high-profile nature of extortion and data leaks drive ransom demands ever higher," researchers from BlackBerry Research and Intelligence Team said. "MountLocker affiliates are typically fast operators, rapidly exfiltrating sensitive documents and encrypting them across key targets in a matter of hours." ...

Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising. "Adrozek," as it's called by the Microsoft 365 Defender Research Team, employs an "expansive, dynamic attacker infrastructure" consisting of 159 unique domains, each of which hosts an average of 17,300 unique URLs, which in turn host more than 15,300 unique malware samples. The campaign — which impacts Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox browsers on Windows — aims to insert additional, unauthorized ads on top of legitimate ads displayed on search engine results pages, leading users to click on these ads inadvertently. Microsoft said the persistent browser modifier malware has been observed since May this year, with over 30,000 devices affected every day at its peak in August. "Cybercriminals abusing affiliate programs is not ...

With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth of data they capture. Gartner Research lists data democratization as  one of the top  strategic technology trends to watch out for.  While empowering non-technical users to run ad-hoc reports gives enterprises the ability to get closer to business conditions, it also introduces problems of data governance and privacy compliance. All reports are only as good as the data they're based on, and non-technical users might not be aware of the need for data integrity and security. Even the "experts" at cybersecurity firms have been known to leak files  at alarming rates . Organizations need to implement strong data governance strategies to ensure their data is accurate, reliable and secure, while continuing to provide their employees with the resources they need to realize the full benefits of it. ...

Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware. Tracked as  APT32  (or Bismuth, OceanLotus, and Cobalt Kitty), the state-aligned operatives affiliated with the Vietnam government have been known for orchestrating sophisticated  espionage campaigns  at least since 2012 with the goal of furthering the country's strategic interests. "Our investigation linked this activity to CyberOne Group, an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, Planet and Diacauso)," Facebook's Head of Security Policy, Nathaniel Gleicher, and Cyber Threat Intelligence Manager, Mike Dvilyanski,  said . Exact evidence trail leading Facebook to attribute the hacking activity to CyberOne Group was not disclosed, but according to a descrip...

Cisco has once again fixed four  previously disclosed critical bugs  in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The vulnerabilities, if successfully exploited, could allow an authenticated, remote attacker to execute arbitrary code on target systems by sending specially-crafted chat messages in group conversations or specific individuals. They were reported to the networking equipment maker on September 25 by Watchcom , three weeks after the Norwegian cybersecurity firm publicly disclosed multiple security shortcomings in Jabber that were found during a penetration test for a client in June. The new flaws, which were uncovered after one of its clients requested a verification audit of the patch, affects all currently supported versions of the Cisco Jabber client (12.1 - 12.9). "Three of the four vulnerabilities Watchcom  disclosed in September  have not been sufficiently...

Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game completely," Check Point Research's Eyal Itkin noted in an analysis published today. "Potentially even more damaging, attackers could remotely take over third-party developer game servers to execute arbitrary code." Valve is a popular US-based video game developer and publisher behind the game software distribution platform Steam and several titles such as Half-Life, Counter-Strike, Portal, Day of Defeat, Team Fortress, Left 4 Dead, and Dota. The four flaws (CVE-2020-6016 through CVE-2020-6019) were uncovered in Valve's Game Networking Sockets ( GNS ) or Steam Sockets libr...

You don't need a college degree to get a well-paid job in IT. But technical recruiters do expect to see key certifications on your résumé.  If you would like to improve your chances of getting hired, " The 2021 All-In-One AWS, Cisco & CompTIA Super Certification Bundle " is worth your attention. This mammoth collection of courses helps you prepare for a long list of certification exams, including Amazon, Cisco, Google, Microsoft, and CompTIA. It delivers over 240 hours of content in total, worth over $4,300. To help out aspiring IT professionals, The Hacker News has partnered with Integrity Training to offer a much better deal. Special Offer  — For a limited time, you can gain  lifetime access to this huge training library for only $99.  That is 97% off the full price! Courses in the package: Amazon Web Services AWS CodePipeline DevOps CI/CD Masterclass 2020 TOTAL: AWS Certified Database Specialty Exam Prep (DBS-C01) AWS Solutions Architect Associate...

The US Federal Trade Commission and a coalition of 48 state attorneys general on Wednesday filed a pair of sweeping antitrust suits against Facebook, alleging that the company abused its power in the marketplace to neutralize competitors through its acquisitions of Instagram and WhatsApp and depriving users of better privacy-friendly alternatives. "Facebook has engaged in a systematic strategy — including its 2012 acquisition of up-and-coming rival Instagram, its 2014 acquisition of the mobile messaging app WhatsApp, and the imposition of anti-competitive conditions on software developers — to eliminate threats to its monopoly," the FTC  said  in its complaint. A  separate lawsuit  filed by New York Attorney General Letitia James also claimed that in illegally acquiring competitors in a predatory manner, the social media company stripped users of the benefits of competition, limited consumer choices, and their access to rivals with better privacy practices. Spec...

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM), cybersecurity firm Intezer said the pandemic-themed phishing emails were employed to deliver the Go version of Zebrocy (or Zekapab) malware. The cybersecurity firm told The Hacker News that the campaigns were observed late last month. Zebrocy is delivered primarily via phishing attacks that contain decoy Microsoft Office documents with macros as well as executable file attachments. First spotted in the wild in 2015 , the operators behind the malware have been found to overlap with GreyEnergy , a threat group believed to be the successor of BlackEnergy aka Sandworm , suggesting its role as a sub-group with links to Sofacy and ...

Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called " AMNESIA:33 " by Forescout researchers, it is a set of 33 vulnerabilities that impact four open-source TCP/IP protocol stacks — uIP, FNET, picoTCP, and Nut/Net — that are commonly used in Internet-of-Things (IoT) and embedded devices. As a consequence of improper memory management,  successful exploitation  of these flaws could cause memory corruption, allowing attackers to compromise devices, execute malicious code, perform denial-of-service (DoS) attacks, steal sensitive information, and even poison DNS cache. In the real world, these attacks could play out in various ways: disrupting the functioning of a power station to result in a blackout or taking smoke a...

FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a  state-sponsored attack  by a "highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. The company said it's actively investigating the breach in coordination with the US Federal Bureau of Investigation (FBI) and other key partners, including Microsoft. It did not identify a specific culprit who might be behind the breach or disclose when the hack exactly took place. However,  The New York Times  and  The Washington Post  reported that the FBI has turned over the investigation to its Russian specialists and that the attack is likely the work of  APT29  (or Cozy Bear) — state-sponsored hackers affiliated with Russia's SVR Foreign Intelligence Service — citing unnamed sources. As of writing, the hacking tools have not been exploited in the wild, nor do they ...

Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final  Patch Tuesday of 2020 , effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity. The December security release addresses issues in Microsoft Windows, Edge browser, ChakraCore, Microsoft Office, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere. Fortunately, none of these flaws this month have been reported as publicly known or being actively exploited in the wild. The fixes for December concern a number of remote code execution (RCE) flaws in Microsoft Exchange (CVE-2020-17132), SharePoint (CVE-2020-17118 and CVE-2020-17121), Excel (CVE-2020-17123), and Hyper-V virtualization software (CVE-2020-17095), as well as a patch for a security feature bypass in Kerberos (CVE-2020-16...

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three security shortcomings were responsibly disclosed to D-Link on August 11, which, if exploited, could allow remote attackers to execute arbitrary commands on vulnerable networking devices via specially-crafted requests and even launch denial-of-service attacks. D-Link DSR-150, DSR-250, DSR-500, and DSR-1000AC and other VPN router models in the DSR Family running firmware version 3.14 and 3.17 are vulnerable to the remotely exploitable root command injection flaw. The Taiwanese networking equipment maker  confirmed  the issues in an advisory on December 1, adding that the patches were under development for two of three flaws, which have now been released to the public at the time of writin...