The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft is urging Azure users to  update  the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core. The issue, tracked as  CVE-2021-26701  (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn't impacted by the flaw. Built on the .NET Common Language Runtime (CLR),  PowerShell  is a cross-platform task automation utility that consists of a command-line shell, a scripting language, and a configuration management framework. "A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed," the company  noted in an advisory  published earlier this April, adding that the problem resides in the " System.Text.Encodings.Web " package, which provides types for encoding and escaping strings for use in JavaScript, HTML, and URLs....

Amidst the massive  supply-chain ransomware attack  that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack. The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday  revealed  it had alerted Kaseya to a number of zero-day vulnerabilities in its VSA software (CVE-2021-30116) that it said were being exploited as a conduit to deploy ransomware. The non-profit entity said the company was in the process of resolving the issues as part of a coordinated vulnerability disclosure when the July 2 attacks took place. More specifics about the flaws were not shared, but DIVD chair Victor Gevers  hinted  that the zero-days are trivial to exploit. At least 1,000 businesses are said to have been affected by the attacks, with victims identified in no less than 17 countries, including the U.K., South Africa, Ca...

Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts," researchers from Dr. Web  said . "The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions." The offending apps masked their malicious intent by disguising as photo-editing, optimizer, fitness, and astrology programs, only to trick victims into logging into their Facebook accounts and hijack the entered credentials via a piece of JavaScript code received from an adversary-controlled server. The list...

Threat actors behind the notorious REvil cybercrime operation appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. "Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA software," the company's CEO Fred Voccola  said  in a statement shared late Friday. Following the incident, the IT and security management services company said it took immediate steps to shut down its SaaS servers as a precautionary measure, in addition to notifying its on-premises customers to shut down their VSA servers to prevent them from being compromised. Voccola also said the company has identified the source of the vulnerability and that it's readying a patch to mitigate the ongoing issues. In the interim, the company also noted it intends to ...

Whether you are looking to turn into a full-time developer or simply increasing your earnings in your current niche, learning to code can be a smart move. It is a well-known fact that recruiters strive to recruit people with technical skills, and these skills are a great way to build your own startup. Featuring 13 courses,  The Master Learn to Code 2021 Certification Bundle  is a great way to get started. This bundle covers a range of popular programming languages and frameworks — and  it’s now only $34.99  at The Hacker News Deals. Every large company today makes decisions based on data, whether it is financial or marketing. Moreover, they are able to predict future trends with  sophisticated algorithms  and build computer programs that automate their daily tasks. With over 119 hours of hands-on training provided in this bundle, you will learn to handle all of these projects. The instructions in these video tutorials will set you up with a thorough und...