The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence with a total of approximately 130,000 unique bots spread across 179 countries since November 2021," researchers from Lumen's Black Lotus Labs  said  in a report. Emotet, prior to its  takedown  in late January 2021 as part of a coordinated law enforcement operation dubbed "Ladybird," had infected no fewer than 1.6 million devices globally, acting as a conduit for cybercriminals to install other types of malware, such as banking trojans or ransomware, onto compromised systems. The malware  officially resurfaced  in November 2021  using TrickBot  as a delivery vehicle, with the latter  shuttering its at...

Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome ( CVE-2022-26143 ) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations. "Approximately 2,600 Mitel MiCollab and MiVoice Business Express collaboration systems acting as PBX-to-Internet gateways were incorrectly deployed with an abusable system test facility exposed to the public Internet," Akamai researcher Chad Seaman said in a joint advisory . "Attackers were actively leveraging these systems to launch reflection/amplification DDoS attacks of more than 53 million packets per second (PPS)." DDoS reflection attacks typically involve spoofing the IP address of a vic...

Three high-impact security vulnerabilities have been disclosed in  APC Smart-UPS devices  that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed  TLStorm , the flaws "allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks," Ben Seri and Barak Hadad, researchers from IoT security company Armis, said in a report published Tuesday. Uninterruptible power supply ( UPS ) devices function as emergency backup power providers in mission-critical environments such as medical facilities, server rooms, and industrial systems. Most of the afflicted devices, totaling over 20 million, have been identified so far in healthcare, retail, industrial, and government sectors. TLStorm consists of a trio of critical flaws that can be triggered via unauthenticated network packets without requiring any user interaction, meaning it's a zero-click att...

The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.  Just as it wasn't raining when Noah built the ark, companies must face the fact that they need to prepare - and educate the organization on - a well-thought-out response plan if a successful cyberattack does occur. Obviously, the worst time to plan your response to a cyberattack is when it happens. With so many companies falling victim to cyberattacks, an entire cottage industry of Incident Response (IR) services has arisen. Thousands of IR engagements have helped surface best practices and preparedness guides to help those that have yet to fall victim to a cyberattack.  Recently, cybersecurity company Cynet provided an  Incident Response plan Word templat...

APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application ( CVE-2021-44207 ) as well as the now infamous zero-day in Log4j ( CVE-2021-44228 )," researchers from Mandiant  said  in a report published Tuesday, calling it a "deliberate campaign." Besides web compromises, the persistent attacks also involved the weaponization of exploits such as deserialization , SQL injection , and directory traversal vulnerabilities, the cybersecurity and incident response firm noted. The  prolific  advanced persistent threat, also known by the monikers Barium and Winnti, has a  track record  of targeting organizations in both the public and private sectors to orchestrate espionage activity i...

Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System ( CPS ) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu  said  the shortcomings, when chained together, can lead to "an unauthenticated attacker gaining root on these devices." Pascom Cloud Phone System is an integrated collaboration and communication solution that allows businesses to host and set up private telephone networks across different platforms as well as facilitate the monitoring, maintenance, and updates associated with the virtual phone systems. The set of three flaws includes those stemming from an arbitrary path traversal in the web interface, a server-side request forgery ( SSRF ) due to an outdated third-party dependency ( CVE-2019-18394 ), and a post-authentication command injection using a daemon service ("exd.pl"). In other words, the vulnerabilities can...