The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Secure Access Service Edge (or SASE)  has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform. The capabilities that SASE delivers aren't new and include  SD-WAN , threat prevention, remote access, and others that were available from multiple vendors over the years.  So, what is, in fact, new about SASE? This is the main topic for our discussion with Yishay Yovel, Chief Marketing Office at  Cato Networks , one of the first companies that entered the SASE market. THN: Cato had been a big proponent of SASE. Why is SASE important to end customers? Yishay:  SASE is a wake-up call for our industry and IT organizations. IT infrastructure got fragmented with many point solutions that, in turn, created complexity, rigidity, high cost, and increased risk. These are systemic issues. Each point pr...

A week after the US government issued an advisory about a "global intelligence gathering mission" operated by North Korean  state-sponsored hackers , new findings have emerged about the threat group's spyware capabilities. The APT — dubbed " Kimsuky " (aka Black Banshee or Thallium) and believed to be active as early as 2012 — has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework. "The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe," Cybereason researchers said in an  analysis  yesterday. Last week, the FBI and department...

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company  released  86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users. The zero-day flaw, tracked as  CVE-2020-16009 , was reported by Clement Lecigne of Google's Threat Analysis Group (TAG) and Samuel Groß of Google Project Zero on October 29. The company also warned that it "is aware of reports that an exploit for CVE-2020-16009 exists in the wild." Google hasn't made any details about the bug or the exploit used by threat actors public so as to allow a majority of users to install the updates and prevent other adversaries from developing their own exploits leveraging the flaw. But Ben Hawkes, Google Project Zero's technical lead,  said  CVE-2020-16009 concerned an "inappropriate implementation" of its ...

Many businesses are currently looking at how to bolster security across their organization as the pandemic and remote work situation continues to progress towards the end of the year. As organizations continue to implement security measures to protect business-critical data, there is an extremely important area of security that often gets overlooked –  passwords . Weak passwords have long been a security nightmare for your business. This includes reused and  pwned  passwords. What are these? What tools are available to help protect against their use in your environment? Different types of dangerous passwords There are many different types of dangerous passwords that can expose your organization to tremendous risk. One way that cybercriminals compromise environments is by making use of breached password data. This allows launching  password spraying  attacks on your environment. Password spraying involves trying only a few passwords against a large number of...

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called  NAT Slipstreaming , the method involves sending the target a link to a malicious site (or a legitimate site loaded with malicious ads) that, when visited, ultimately triggers the gateway to open any TCP/UDP port on the victim, thereby circumventing browser-based port restrictions. The findings were revealed by privacy and security researcher Samy Kamkar over the weekend. "NAT Slipstreaming exploits the user's browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse," Kamkar said in ...