The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team  said  in a series of tweets. The new wave of attacks, which the company spotted last week, commences with spam emails sent from compromised email accounts with "Outgoing Payments" in the subject line, luring the recipients into opening malicious PDF documents that claim to be remittances, but in reality, connect to a rogue domain to download the STRRAT malware. Besides establishing connections to a command-and-control server during execution, the malware comes with a range of features that allow it to collect browser passwords, log keystrokes, and run remote command...

Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. "By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users' private data was exposed," Check Point researchers said in an analysis published today and shared with The Hacker News. "In some cases, this type of misuse only affects the users, however, the developers were also left vulnerable. The misconfigurations put users' personal data and developer's internal resources, such as access to update mechanisms, storage, and more at risk." The findings come from an examination of 23 Android apps available in the official Google Play Store, some of which have downloads ranging from 10,000 to 10 million, such as Astro Guru , iFax, Logo Maker , Screen Recorder , and T'Leva . According to Check Point, the issues stem from mi...

If there's one thing all great SaaS platforms share in common, it's their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on (SSO) providers. With SSO at the helm, users don't have to remember separate passwords for each app or hide the digital copies of the credentials in plain sight. SSO also frees up the IT's bandwidth from handling recurring password reset requests while improving productivity for everyone in your organization. However, there is also a level of risk that comes with SSO capability.  How to protect against SSO fails Real-Life Risks Involved in SSO  While SSO facilitates ease of access to a great extent, it also comes with some amount of imminent risk. SSO is a good enabler of efficiency, but not the end-all security solution with its own flaws that allow for bypass. There's a specific class of vulnerability that Adam Roberts from the NCC Group detected in several SSO...

An investigation undertaken in the aftermath of the  Oldsmar water plant hack  earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack. "This malicious code seemingly targeted water utilities, particularly in Florida, and more importantly, was visited by a browser from the city of Oldsmar on the same day of the poisoning event," Dragos researcher Kent Backman  said  in a write-up published on Tuesday. The site, which belongs to a Florida-based general contractor involved in building water and wastewater treatment facilities, had no bearing on the intrusion, the American industrial cybersecurity firm said. Watering hole attacks typically allow an adversary to compromise a specific group of end-users by compromising a carefully selected website, which members of that group are known to visit, with an intention to gain access to the victim's system a...

Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days. "There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," the search giant  said  in an updated alert. The four flaws impact  Qualcomm Graphics  and  Arm Mali GPU Driver  modules — CVE-2021-1905  (CVSS score: 8.4) - A use-after-free flaw in Qualcomm's graphics component due to improper handling of memory mapping of multiple processes simultaneously. CVE-2021-1906  (CVSS score: 6.2) - A flaw concerning inadequate handling of address deregistration that could lead to new GPU address allocation failure. CVE-2021-28663  (CVSS score: NA) - A vulnerability in Arm Mali GPU kernel that could permit a non-privileged user to make improper ope...