The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three security shortcomings were responsibly disclosed to D-Link on August 11, which, if exploited, could allow remote attackers to execute arbitrary commands on vulnerable networking devices via specially-crafted requests and even launch denial-of-service attacks. D-Link DSR-150, DSR-250, DSR-500, and DSR-1000AC and other VPN router models in the DSR Family running firmware version 3.14 and 3.17 are vulnerable to the remotely exploitable root command injection flaw. The Taiwanese networking equipment maker  confirmed  the issues in an advisory on December 1, adding that the patches were under development for two of three flaws, which have now been released to the public at the time of writin...

There seems to be a new ransomware story every day - a new ransomware attack, a new ransomware technique, criminals not providing encryption keys after receiving ransom payments, private data being publicly released by ransomware attackers—it never ends. Just last month, the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a report warning of an imminent threat of ransomware attacks on US hospitals and health care providers. The list of ransomware variants is long and growing, including Maze, Ragnar Locker, Netlocker, Wastedlocker, FTCode, Tycoon, TrickBot, REvil, and many more. Ransomware uses a variety of techniques to infect systems and ultimately steal and/or encrypt a company's files. Many of the techniques are known, but new, unknown techniques can arrive at any moment. SMEs Are Particularly Vulnerable A recent whitepaper about new ways XDR platform protects from ransomware [ download here ] n...

A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by  Oskars Vegeris , a security engineer from Evolution Gaming, on August 31, 2020, before they were addressed at the end of October. Microsoft did not assign a CVE to this vulnerability, stating "it's currently Microsoft's policy to not issue CVEs on products that automatically updates without user's interaction." "No user interaction is required, exploit executes upon seeing the chat message," Vegeris explained in a technical write-up. The result is a "complete loss of confidentiality and integrity for end users — access to private chats, files, internal network, private keys and personal data outside MS Teams," the researcher added. Worse, the RCE is cross-platform — af...

The US National Security Agency (NSA) on Monday issued an  advisory  warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the  VMware flaw  or when these attacks started were not disclosed. The development comes two weeks after the virtualization software company publicly disclosed the flaw—affecting VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector products for Windows and Linux—without releasing a patch and three days after releasing a software update to fix it. In late November, VMware pushed  temporary workarounds  to address the issue, stating permanent patches for the flaw were "forthcoming." But it wasn't until December 3rd the escalation-of-privileges bug was entirely resolved. That same day, the US Cybersecurity and Infrastructure...

A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant—developed by a sanctioned Iranian threat actor—that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations. In  September , the US Department of the Treasury imposed sanctions on APT39 (aka Chafer, ITG07, or Remix Kitten) — an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) — for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. Coinciding with the sanctions, the Federal Bureau of Investigation (FBI) released a public threat analysis  report  describing several tools used by Rana Intelligence Computing Company, which operated as a front for the malicious cyber activities conducted by the APT39 group. Fo...