The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices. The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity firm Eclypsium said in a report shared with The Hacker News. "These devices are both powerful, [and] often highly vulnerable," the researchers  noted . "This has made MikroTik devices a favorite among threat actors who have commandeered the devices for everything from DDoS attacks, command-and-control (aka 'C2'), traffic tunneling, and more." MikroTik devices are an enticing target not least because there are more than two million of them deployed worldwide, posing a huge attack surface that can be leveraged by threat actors to mount an array of intrusions. Indeed, earlier this Septem...

It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.  So how can you take precautions to protect your organization during these times? Why holidays put your company at risk of cyberattack Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.  Most end-users do not think about cybersecurity when surfing the web or receiving emails with holiday deals during the season. As a result, many let their guard down to a certain degree and become preoccupied and dis...

At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a  recent barrage of malicious software  hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to grab Discord access tokens and  environment variables  from users' computers as well as gain full control over a victim's system. "The packages' payloads are varied, ranging from infostealers up to full remote access backdoors," researchers Andrey Polkovnychenko and Shachar Menashe said in a  report  published Wednesday. "Additionally, the packages have different infection tactics, including typosquatting,  dependency confusion  and trojan functionality." The list of packages is below - prerequests-xcode (version 1.0.4) discord-selfbot-v14 (version 12.0.3) discord-lofy (version 11.5.1) discordsystem (version 11.5.1) discord-vilao (version 1.0.0)...

Network security vendor SonicWall is  urging  customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. The flaws impact SMA 200, 210, 400, 410, and 500v products running versions 9.0.0.11-31sv and earlier, 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier. The San Jose-based company credited security researchers Jake Baines (Rapid7) and Richard Warren (NCC Group) for discovering and reporting the shortcomings. The list of  eight security vulnerabilities  identified in its remote access products is as follows - CVE-2021-20038  (CVSS score: 9.8) - SMA100 Series unauthenticated stack-based buffer overflow vulnerability CVE-2021-20039  (CVSS score: 7.2) - SMA 100 Series authenticated command injection vulnerability as root CVE-2021-20040  (CVSS score: 6.5) - SMA 100 Series unau...

Google on Tuesday said it took steps to disrupt the operations of a sophisticated "multi-component" botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin's blockchain as a resilience mechanism. As part of the efforts, Google's Threat Analysis Group (TAG) said it partnered with the CyberCrime Investigation Group over the past year to terminate around 63 million Google Docs that were observed to have distributed the malware, alongside 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts that were associated with its distribution. Google TAG further said it worked with internet infrastructure providers and hosting providers, such as Cloudflare, to dismantle the malware by taking down servers and placing interstitial warning pages in front of the malicious domains. In tandem, the internet giant also announced a lawsuit against two Russ...