The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's  website  ("ca.gov.vn") to insert a spyware tool called  PhantomNet  or Smanager. According to ESET's telemetry, the breach happened from at least July 23 to August 16, 2020, with the  two installers  in question — "gca01-client-v2-x32-8.3.msi" and "gca01-client-v2-x64-8.3.msi" for 32-bit and 64-bit Windows systems — tampered to include the backdoor. "The compromise of a certification authority website is a good opportunity for APT groups, since visitors are likely to have a high level of trust in a state organization responsible for digital signatures...

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the  espionage campaign  likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process. "The source code of the affected library was directly modified to include malicious backdoor code, which was compiled, signed, and delivered through the existing software patch release management system," ReversingLabs' Tomislav Pericin said. Cybersecurity firm FireEye earlier this week  detailed  how multiple SolarWin...

Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of  Ryuk  and  Egregor  ransomware have involved the use of  SystemBC  backdoor to laterally move across the network and fetch additional payloads for further exploitation. Affiliates are typically threat actors responsible for gaining an initial foothold in a target network. "SystemBC is a regular part of recent ransomware attackers' toolkits," said Sophos senior threat researcher and former Ars Technica national security editor Sean Gallagher. "The backdoor can be used in combination with other scripts and malware to perform discovery, exfiltration and lateral movement in an automated way across multiple targets. These SystemBC capabilities were originally intended for mass exploitation, but they h...

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic. The findings form the basis of a new " 5G Standalone core security research " published by London-based cybersecurity firm Positive Technologies today, exactly six months after the company released its " Vulnerabilities in LTE and 5G Networks 2020 " report in June detailing high impact flaws in LTE and 5G protocols. "Key elements of network security include proper configuration of equipment, as well as authentication and authorization of network elements," Positive Technologies said. "In the absence of these elements, the network becomes vulnerable [to] subscriber denial of service due to exploitation of vulnera...

How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet, it can also help web development by enhancing UX through reverse geocoding. Not to mention auto-completing forms to make the likes of checking-out easier. This article examines Geocode API, the premier provider of geocoding services. Read on to learn what the API offers, how it works, and what sets it apart. You'll discover how its free plan grants you access to 350.000 monthly requests! What is Geocoding? Geocoding describes  how to turn a location name or description and convert them into detailed coordinates. It also offers this service in reverse, i.e., convert coordinates into location information. Results can include: GPS coordinates Full address information Accuracy and ...

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was  exploited to insert malware  and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its  advisory  page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to secure their environments. The malware, dubbed SUNBURST (aka Solorigate), affects Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020. "Based on our investigation, we are not aware that this vulnerability affects other versions—including future versions—of Orion Platform products," the company said. "We have scanned the code of all our software products for markers similar to those used in the attack on our Orion Platform products identified above, and we have found no evidence that other versions of our Orion Platform products or ou...

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called " Gitpaste-12 ," which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL. The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020. Now according to Juniper, the  second wave of attacks  began on November 10 using payloads from a different GitHub repository, which, among others, contains a Linux crypto-miner ("ls"), a file with a list of passwords for brute-force attempts ("pass"), and a local privilege escalation exploit for x86_64 Linux systems. Th...