The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as the social engineering technique is called, involves calling the victims using previously collected information from the fraudulent websites. The caller, who purports to be a support agent for the bank, instructs the individual on the other end of the call to install a security app and grant it extensive permissions, when, in reality, it's malicious software intended to gain remote access or conduct financial fraud. In this case, it leads to the deployment of an Android malware dubbed  Copybara , a mobile trojan first detected in November 2021 and is primarily used to perform on-devic...

As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply chain as a major rising attack surface and one of the top trends to follow in 2022. After all, any software is only as secure as the weakest link in its supply chain. One bad component, any malicious access to your development environment—or any vulnerability in your software's delivery life cycle—and you risk your code's integrity, your customers, and your reputation.  Scribe Security  recently launched a new platform that claims to address these urgent needs by enabling its users to build trust in their software across teams and organizations. According to Scribe Security, SBOM is a ...

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant  said . "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was  first announced  in May 2022 as part of a broader push to support a common passwordless sign-in standard. Passkeys, established by the FIDO Alliance and also backed by  Apple and Microsoft , aim to replace standard passwords with unique digital keys that are stored locally on the device. To that end, creating a passkey requires confirmation from the end-user about the account that will be used to log in to the online service, followed by using their biometric information or the  device   passcode . Signing in to a website on a mobile device is also a simple two-step process th...

In a US SEC (Securities and Exchange Commission)  8-K filing , Omnicell, the healthcare technology provider, revealed that some of its products, services, and internal systems were affected by ransomware.  Upon detecting the incident, the medication management systems provider took immediate action to contain the attack and ensure continued operation. In its  10-Q form  filing, Omnicell disclosed that cyber-attacks or data breaches disrupted its business.  Will you be the next victim? If you overlook the importance of data protection, attackers can get you in no time.  Explore the  impact of the data breach  on the healthcare sector and what preventive measures can be taken against such attacks. Omnicell Announced Data Breach  Founded in 1992, Omnicell is a leading provider of medication management solutions for hospitals, long-term care facilities, and retail pharmacies.  On May 4, 2022 , Omnicell's IT systems and third-party clo...

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related  TIA Portal , while bypassing all four of its  access level protections ," industrial cybersecurity company Claroty  said  in a new report. "A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way." The critical vulnerability, assigned the identifier  CVE-2022-38465 , is rated 9.3 on the CVSS scoring scale and has been addressed by Siemens as part of security updates issued on October 11, 2022. The list of impacted products and versions is below - SIMATIC Drive Controller family (all versions before 2.9.2) SIMATIC ET 200SP Open Controller CPU 1515SP PC2, including SIPLUS variants (...

Microsoft's Patch Tuesday update for the month of October has addressed a total of  85 security vulnerabilities , including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the  actively exploited   ProxyNotShell  flaws in  Exchange Server . The  patches  come alongside  updates to resolve 12 other flaws  in the Chromium-based Edge browser that have been released since the beginning of the month. Topping the list of this month's patches is  CVE-2022-41033  (CVSS score: 7.8), a privilege escalation vulnerability in Windows COM+ Event System Service. An anonymous researcher has been credited with reporting the issue. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the company said in an advisory, cautioning that the shortcom...

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or facilitate the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix  said  in a report published last week. Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K. BazaCall , also called BazarCall, first gained popularity in 2020 for its novel approach of distributing the BazarBackdoor (aka BazarLoader) malware by manipulating potential victims into calling a phone number specified in decoy email messages. These email baits aim to create a false sense of urgency, informing the recipients about renewal of a trial subscription for, say, an antivirus service. The messages also urge them to contact their support desk to cancel the plan, or ...

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub  said  in an advisory published on September 28, 2022. The issue, tracked as CVE-2022-36067 and codenamed Sandbreak, carries a maximum severity rating of 10 on the CVSS vulnerability scoring system. It has been addressed in  version 3.9.11  released on August 28, 2022. vm2 is a  popular Node library  that's used to run untrusted code with allowlisted built-in modules. It's also one of the most widely downloaded software, accounting for nearly 3.5 million downloads per week. The  shortcoming  is rooted in the error mechanism in Node.js to escape the sandbox, according to application security firm Oxeye, which  discov...

The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The  recent executive order  stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for  protecting critical infrastructure against cyber-attack  in the wake of a series of high-profile ransomware attacks such as the one that brought down the Colonial Pipeline.  Those government agencies who wish to take advantage of these funding opportunities must submit a grant proposal by mid-November. Proposals are only being accepted for the sixty days following the program's announcement. Grant recipients can use the funding to invest in new cybersecurity initiatives or to make improvements to existing defenses. Awardees are guaranteed to receive a minimum of $2 million. However, the program's req...

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called  Caffeine  to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns," Mandiant  said  in a new report. Some of the core features offered by the platform comprise the ability to craft customized phishing kits, manage redirect pages, dynamically generate URLs that host the payloads, and track the success of the campaigns. The development comes a little over a month after Resecurity took the wraps off another PhaaS service dubbed  EvilProxy  that's offered for sale on dark web criminal forums. But unlike EvilProxy, whose operators are known to vet prospective customers before activating the subscriptions, Caffeine is notable f...

Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as  CVE-2022-40684  (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative interface via specially crafted HTTP(S) requests. "Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device's logs: user='Local_Process_Access,'" the company  noted  in an advisory. The list of impacted devices is below - FortiOS version 7.2.0 through 7.2.1 FortiOS version 7.0.0 through 7.0.6 FortiProxy version 7.2.0 FortiProxy version 7.0.0 through 7.0.6 FortiSwitchManager version 7.2.0, and FortiSwitchManager version 7.0.0 Updates hav...

A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky . "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro  disclosed  in a technical profile last week. Earth Aughisky, also known as  Taidoor , is a cyber espionage group that's known for its ability to abuse legitimate accounts, software, applications, and other weaknesses in the network design and infrastructure for its own ends. While the Chinese threat actor has been known to primarily target organizations in Taiwan, victimology patterns observed towards late 2017 indicate an expansion to Japan. The most commonly targeted industry verticals include government, telcom, manufacturing, heavy, technology, transportation, and healthcare. Attack chains mounted by the group...