The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287 , is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity firm Onapsis, which uncovered the flaw . "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory . "The confidentiality, integr...

Following vulnerability disclosure in the Mitron app , another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos. The Indian video sharing app, called Chingari, is available for Android and iOS smartphones through official app stores, designed to let users record short-form videos, catch up on the news, and connect with other users via a direct message feature. Originally launched in November 2018, Chingari has witnessed a huge surge in popularity over the past few days in the wake of India's ban on Chinese-owned apps late last month, crossing 10 million downloads on the Google Play Store in under a month. The Indian government recently banned 59 apps and services , including ByteDance's TikTok, Alibaba Group's UC Browser and UC News, and Tencent's WeChat over priv...

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older. To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking a Zoom user into performing some typical action like opening a received document file. No security warning is triggered or shown to the user at the time of the attack. The vulnerability has been discovered by a researcher who reported it to Acros Security, who then reported the flaw to the Zoom security team earlier today. The researcher wishes to remain anonymous. Although the flaw is present in all supported versions of the Zoom client for Windows, it is only exploitable on systems running Windows 7 and older Windows systems due to some specific system characteristics. "This vulnerability is only exploitable on Windows 7 and earlier Windows versions. It is likely also explo...

Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge. In a report published by Check Point research today, the malware — infamously called Joker (or Bread) — has found another trick to bypass Google's Play Store protections: obfuscate the malicious DEX executable inside the application as Base64 encoded strings, which are then decoded and loaded on the compromised device. Following responsible disclosure by Check Point researchers, the 11 apps ( list and hashes here ) in question were removed by Google from the Play Store on April 30, 2020. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections," said Check Point 's Aviran Hazum, who identified the new modus operandi of Joker malware. "Although Google removed the malicious apps from the P...

In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as the top incident responders. Now that the competition is over (however, the challenge website is still open for anyone who wants to practice solving the challenges), Cynet makes the detailed solutions available as a free resource for knowledge and inspiration. Providing the thought process and detailed steps to solve each of the challenges will serve as a training aid and knowledge base for incident responders. The Fine Art of Forensic Investigation The core of any IR processes is the forensic investigation. It uncovers the critical path from the initial stage of suspicion or l...

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products. Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers . Citrix confirmed that the aforementioned issues do not impact other virtual servers, such as load balancing and content switching virtual servers. Among the affected Citrix SD-WAN WANOP appliances include models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. The networking vendor also reiterated that these vulnerabilities were not connected to a previously fixed zero-day NetScaler flaw (tagged as CVE-2019-19781 ) that allowed bad actors to perform arbitrary code execution even without proper authentication. It also said there's no evidence ...

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta , is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits , and other stealthy malware techniques such as process hiding . The project is named after Warsaw's Freta Street , the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I. "Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every us...