The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said. "We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the Windows maker  disclosed  in an update. "The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated." The development is the latest in the far-reaching  espionage saga  that came to light earlier in December following revelations by cybersecurity firm FireEye that attac...

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher  Sreeram KL , for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. Many of Google's products, including Google Docs, come with a " Send feedback " or "Help Docs improve" option that allows users to send feedback along with an option to include a screenshot — something that's automatically loaded to highlight specific issues. But instead of having to duplicate the same functionality across its services, the feedback feature is deployed in Google's main website ("www.google.com") and integrated to other domains via an iframe element that loads the pop-up's content from "feedback.googleusercontent.com." Th...

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, Manulife, and EQ Bank. Also included in the list is an Indian banking firm ICICI Bank. AutoHotkey  is an open-source custom scripting language for Microsoft Windows aimed at providing easy hotkeys for macro-creation and software automation that allows users to automate repetitive tasks in any Windows application. The multi-stage infection chain commences with a malware-laced Excel file that's embedded with a Visual Basic for Applications (VBA)  AutoOpen  macro, which is subsequently used to drop and execute the downloader client script ("adb.ahk") via a legitimate portable AHK...

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an  advisory  published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw (CVE-2020-10148) that could allow a remote attacker to execute unauthenticated API commands, thus resulting in a compromise of the SolarWinds instance. "The authentication of the API can be bypassed by including specific parameters in the  Request.PathInfo  portion of a URI request to the API, which could allow an attacker to execute unauthenticated API commands," the advisory states. "In particular, if an attacker appends a PathInfo parameter of 'WebResource.adx,' 'ScriptResource.adx,' 'i18n.ashx,' or 'Skipi18n' to a request to a Solar...

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber and fraud offences, the UK National Crime Agency (NCA)  said . Of the 21 arrested — all men aged between 18 and 38 — nine have been detained on suspicion of Computer Misuse Act offences, nine for Fraud offences, and three are under investigation for both. The NCA also seized over £41,000 in bitcoin from the arrested individuals. Earlier this  January , the US Federal Bureau of Investigation (FBI), the NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland jointly  seized the domain  of WeLeakInfo.com. Launched in 2017, the service provided its users a search engine to access the personal i...