The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "mirai_ptea" that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks. Chinese security firm Netlab 360  pinned  the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021. The Mirai botnet, since  emerging on the scene  in 2016, has been linked to a string of large-scale DDoS attacks, including one against  DNS service provider Dyn  in October 2016, causing major internet platforms and services to remain inaccessible to users in Europe and North America. Since then,  numerous   variants  of  Mirai  have  sprung up  on the threat landscape, in part due to the availability of its source code on the Internet. Mirai_ptea is no exception. No...

In yet another instance of software supply chain attack, unidentified hackers breached the website of  MonPass , one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries. The trojanized client was available for download between February 8, 2021, and March 3, 2021, said Czech cybersecurity software company Avast in a  report  published Thursday. In addition, a public webserver hosted by MonPass was infiltrated potentially as many as eight separate times, with the researchers uncovering eight different web shells and backdoors on the compromised server. Avast's investigation into the incident began after it discovered the backdoored installer and the implant on one of its customers' systems. "The malicious installer is an unsigned [Portable Executable] file," the researchers said. "It starts by downloading the legitimate version of the installer from the MonPass official website. This legitimate versi...

Google has launched an  updated version of Scorecards , its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis. "With so much software today relying on open-source projects, consumers need an easy way to judge whether their dependencies are safe," Google's Open Source Security Team  said  Thursday. "Scorecards helps reduce the toil and manual effort required to continually evaluate changing packages when maintaining a project's supply chain." Scorecards  aims to automate analysis of the security posture of open source projects as well as use the security health metrics to proactively improve the security posture of other critical projects. To date, the tool has been scaled up to evaluate security criteria for over 50,000 open source projects. Some of the new additions include checks for contributions from mali...

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the U.K.'s National Cyber Security Centre (NCSC) formally attributed the incursions to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The  threat actor  is also tracked under various monikers, including  APT28  (FireEye Mandiant),  Fancy Bear  (CrowdStrike),  Sofacy  (Kaspersky),  STRONTIUM  (Microsoft), and  Iron Twilight  (Secureworks). APT28 has a track record of leveraging password spray and brute-force login attempts to plunder valid credentials that enable future surveillance or intrusion oper...

Microsoft on Thursday officially confirmed that the " PrintNightmare " remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw. The company is tracking the security weakness under the identifier  CVE-2021-34527 , and has assigned it a severity rating of 8.8 on the CVSS scoring system. All versions of Windows contain the vulnerable code and are susceptible to exploitation. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," Microsoft said in its advisory. "An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user righ...