The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company  said  in a write-up detailing its investigation, adding the adversary "accessed and downloaded a limited number of our source code repositories, as the threat actor is reported to have done with other victims of the SolarWinds Orion supply chain attack." But Mimecast said the source code downloaded by the attackers was incomplete and would be insufficient to build and run any aspect of the Mimecast service and that it did not find signs of any tampering made by the threat actor to the build process associated with the executables that are distributed to its customers.  On January 12, Mimecast  disclosed  that "a sophisticated th...

It's not every day that one of the best-known independent cybersecurity individuals joins a cybersecurity company. The two are generally on opposite sides of the coin, with little crossover. After all, they're usually concerned with different parts of the cybersecurity puzzle – one providing platforms and tools to defend organizations, the other keeping them accountable and looking for blind spots in even the best security tools. That seems to be changing, however, with a recent appointment. Cynet, an Autonomous XDR provider that recently closed a Series C funding round worth $40 million, announced that it has hired Chris Roberts as their Chief Security Strategist. Roberts is world-renowned in counter-threat intelligence, as well as in vulnerability and threat research fields, thanks to decades of experience. As part of his efforts at Cynet, Roberts will be focusing his work on helping empower and connect security professionals from organizations outside of the Fortune 200...

A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence. Graham Ivan Clark, 18, will also serve an additional three years on probation. The development comes after the U.S. Department of Justice (DoJ)  charged  Mason Sheppard (aka Chaewon), Nima Fazeli (aka Rolex), and Clark (then a juvenile) with conspiracy to commit wire fraud and money laundering. Specifically, 30 felony charges were filed against Clark, including one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to computer or electronic device without authority. On July 15, 2020, Twitter  suffered  one of the biggest security lapses in its history after the atta...

Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems. According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates. The changes were first reported by  the 9to5Mac  website. While Google's Android has had monthly security patches rolled out that are completely divorced from the OS-related updates, iOS has traditionally bundled security updates along with an upgrade to the latest version of the OS. For instance, Apple rolled out iOS 14.4.1 earlier this month just to address one security vulnerability in WebKit that could have allowed adversaries to run arbitrary code on devices via malicious web content. But with this new setting called "Install Security Updates" added to the software update menu, it's expected that Apple will let users choose between either installing the entire iOS update or just the...

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers," Palo Alto Networks' Unit 42 Threat Intelligence Team  said  in a write-up. The rash of vulnerabilities being exploited include: VisualDoor  - a SonicWall SSL-VPN remote command injection vulnerability that came to light earlier this January CVE-2020-25506  - a D-Link DNS-320 firewall remote code execution (RCE) vulnerability CVE-2021-27561 and CVE-2021-27562  - Two vulnerabilities in Yealink Device Management that allow an unauthenticated attacker to run arbitrary commands on the server with root privileges CVE-2021-22502  - an RCE flaw in Micro Focus Operation Bridge Reporter (OBR), a...

Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread  ProxyLogon Exchange Server  cyberattacks. Called Exchange On-premises Mitigation Tool ( EOMT ), the PowerShell-based script serves to mitigate against current known attacks using CVE-2021-26855, scan the Exchange Server using the  Microsoft Safety Scanner  for any deployed web shells, and attempt to remediate the detected compromises. "This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update," Microsoft  said . The development comes in the wake of indiscriminate attacks against unpatched Exchange Servers across the world by more than ten advanced persistent threat actors — most of the government-backed cyberespionage groups — to plant backdoors, coin miners, and...