The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems. According to a report published by CyberArk researcher Eran Shimony today and shared with The Hacker News, the high privileges often associated with anti-malware products render them more vulnerable to exploitation via file manipulation attacks, resulting in a scenario where malware gains elevated permissions on the system. The bugs impact a wide range of antivirus solutions, including those from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender, each of which has been fixed by the respective vendor. Chief among the flaws is the ability to delete files from arbitrary locations, allowing the attacker to delete any file in the system, as well as a file corruption vulnerability that permits a bad ac...

Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track down other exploits developed by them. By deploying this technique, the researchers were able to link 16 Windows local privilege escalation (LPE) exploits to two zero-day sellers "Volodya" (previously called "BuggiCorp") and "PlayBit" (or "luxor2008"). "Instead of focusing on an entire malware and hunting for new samples of the malware family or actor, we wanted to offer another perspective and decided to concentrate on these few functions that were written by an exploit developer," Check Point Research's Itay Cohen and Eyal Itkin noted. Fingerprinting an...

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET  said  in a Wednesday analysis. First detailed by Qihoo 360 in 2017 under the moniker  Two-tailed Scorpion (aka APT-C-23 or Desert Falcon), the mobile malware has been deemed "surveillanceware" for its abilities to spy on the devices of targeted individuals, exfiltrating call logs, contacts, location, messages, photos, and other sensitive documents in the process. In 2018, Symantec discovered a  newer variant  of t...

A Russian hacker who was found guilty of  hacking LinkedIn ,  Dropbox , and Formspring over eight years ago has finally been  sentenced  to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin , 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users. Between March and July 2012, Nikulin hacked into the computers of LinkedIn,  Dropbox, and Formspring , and installed malware on them, which allowed him to remotely download user databases of over  117 Million LinkedIn  users and more than  68 Million Dropbox  users. According to the prosecutor, Nikulin also worked with unnamed co-conspirators of a Russian-speaking cybercriminal forum to sell customer data he stole as a result of his hacks. Besides hacking in...

Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws,  discovered  by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect Line's mbCONNECT24, two of the popular remote maintenance tools used in automotive, energy, oil & gas, metal, and packaging sectors to connect to industrial assets from anywhere across the world. Six Flaws in B&R Automation's SiteManager and GateManager According to an  advisory published by the US Cybersecurity and infrastructure Security Agency (CISA) on Wednesday, successful exploitation of the B&R Automation vulnerabilities could allow for "arbitrary information disclosure, manipulation, and a denial-of-service condition." The flaws, ranging from p...