The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers from Check Point research said in a report published today. Three of the four flaws — tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 — have been fixed by Microsoft as part of its Patch Tuesday update for May 2021, with the fourth patch (CVE-2021-31939) to be issued in June's update rolling out later today. In a hypothetical attack scenario, the researchers said the vulnerability could be triggered as simply as opening a malicious Excel (.XLS) file that's served via a download link or an email. Arising out of parsing mistakes made in legacy code found in Excel 9...

Apple on Monday announced a number of  privacy and security-centric features  to its upcoming versions of  iOS  and  macOS  at its all-online Worldwide Developers Conference. Here is a quick look at some of the big-ticket changes that are expected to debut later this fall: 1  — Decouple Security Patches from Feature Updates:  As  rumored before , users now have a choice between two software update versions in the Settings app. Users can either opt to update to the latest version of iOS 15 for all the latest features and most complete set of security updates or continue on iOS 14 and still get important security updates until they are ready to migrate to the next major version. 2  —  Built-in Two-factor Authenticator:  The new versions of iOS and macOS also come with options that allow users to generate two-factor authentication codes for each of the online accounts saved to iCloud Keychain (Settings > Passwords) without ...

In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins (currently valued at $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The  ransomware attack  also hobbled the pipeline company's fuel supply, prompting the government to issue an  emergency declaration , even as the company shelled out a ransom amount of approximately  75 bitcoins  ($4.4 million as of May 8) to regain access to its systems. A week after the highly publicized incident, the ransomware-as-a-service syndicate disbanded with a May 14 farewell message to affiliates, stating that its internet servers and cryptocurrency stash were  seized  by unknown law enforcement entities. While DarkSide's announcement was perceived as an exit scam, the latest move from DoJ confirms earlier speculations of law enforcement involvem...

The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now,  a new research study  points to a new, human-led direction. ‍ The following discusses insights derived from a study conducted by Secure Code Warrior with Evans Data Corp titled 'Shifting from reaction to prevention: The changing face of application security' (2021) exploring developers attitudes towards secure coding, secure code practices, and security operations.  Read the report. ‍‍In the study, developers and development managers were asked about their common secure coding practices. The top three methods highlighted were: Scanning applications for irregularities or vulnerabilities after they are deployed Scrutinizing write code to inspect for irregularities or vulnerabilities The reuse of pre-approved ...

Security researchers have discovered the first known malware, dubbed " Siloscope ," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers,"  said  Unit 42 researcher Daniel Prizmant. "Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers such as, but not limited to, cryptojackers." Siloscape, first detected in March 2021, is characterized by several techniques, including targeting common cloud applications such as web servers to gain an initial foothold via known vulnerabilities, following which it leverages Windows container escape techniques to break out of the confines of the container and gain remote code execution on the underlying node. A container is an  isolated, lightweight silo  for running an application on the host operating system. The malware...