The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. "Devices supporting the Bluetooth  Core  and  Mesh Specifications  are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing," the Carnegie Mellon CERT Coordination Center  said  in an advisory published Monday. The two Bluetooth specifications define the standard that allows for many-to-many communication over the short-range wireless technology to facilitate data transfer between devices in an ad-hoc network. The Bluetooth Impersonation AttackS, aka BIAS , enable a malicious actor to establish a secure connection with a victim, without having to know and authenticate the long-term key shared between the victims, thus effectively bypassing Bluetooth's authentication mechani...

Apple on Monday rolled out security updates for  iOS ,  macOS ,  tvOS ,  watchOS , and  Safari  web browser to fix multiple vulnerabilities, including an actively exploited zero-day flaw in macOS Big Sur and expand patches for two previously disclosed zero-day flaws.  Tracked as CVE-2021-30713, the zero-day concerns a permissions issue in Apple's Transparency, Consent, and Control ( TCC ) framework in macOS that maintains a database of each user's consents. The iPhone maker acknowledged that the issue may have been exploited in the wild but stopped short of sharing specifics. The company noted that it rectified the problem with improved validation. However, in a separate report, mobile device management company Jamf said the bypass flaw was being actively exploited by XCSSET, a malware that's been out in the wild since August 2020 and known to propagate via modified  Xcode IDE projects  hosted on GitHub repositories and plant malicious p...

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "medium-high" likelihood to the Lazarus Group (aka APT38 or Hidden Cobra), researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed " CryptoCore ," targeted crypto exchanges in Israel, Japan, Europe, and the U.S., resulting in the theft of millions of dollars worth of virtual currencies. The  findings  are a consequence of piecing together artifacts from a series of isolated but similar reports detailed by  F-Secure , Japanese CERT  JPCERT/CC , and  NTT Security  over the past few months. Since emerging on the scene in 2009,  Hidden Cobra  actors have used their offensive cyber capabilities to carry out espionage and cyber cryptocurrency heists against businesses and critical infrastructure. The adversary's targeting aligns wi...

As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful. These include phishing emails to harvest credentials and gain easy access to business-critical environments. Hackers are also using ransomware to hold your data hostage, demanding a ransom payment in exchange for a decryption key that unlocks your stolen data.  When dealing with a cyberattack, there are practical steps you want to follow. What do these steps include? Quickly contain and isolate critical systems Report the hack to your customers and business stakeholders Engage the help of law enforcement Enact your disaster recovery and business continuity plans Analyze the attack, and remediate Quickly contain and isolate critical systems This first step is necessary: quickly contain and isolate critical systems. There is a chance that if you discover ransomware ...

Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. "In a telco setting, where a telco is monitoring thousands of sites, if a customer site is fully compromised, an attacker can use the vulnerabilities to compromise the telco, and then every other monitored customer site," Adi Ashkenazy, CEO of Australian cybersecurity firm Skylight Cyber, told The Hacker News via email. Nagios is an open-source IT infrastructure tool analogous to SolarWinds Network Performance Monitor (NPM) that offers monitoring and alerting services for servers, network cards, applications, and services. The issues, which consist of a mix of authenticated remote code execution (RCE) and privilege escalation flaws, were discovered and reported to Nagios in October 2020, following which they were  remediated  in  November . Chief among th...

The U.S. Department of Justice (DoJ) indicted an employee of the Federal Bureau of Investigation (FBI) for illegally removing numerous national security documents and willfully retaining them at her personal residence during a 13-year period from June 2004 to December 2017.  The federal indictment charged Kendra Kingsbury, 48, with two counts of having unauthorized possession of documents relating to the national defense, according to an  unsealed indictment  that was made public on Friday. Kingsbury worked as an intelligence analyst in the FBI's Kansas City Division for more than 12 years, until her suspension in 2017. "The breadth and depth of classified national security information retained by the defendant for more than a decade is simply astonishing,"  said  Alan E. Kohler, Jr. Assistant Director of the FBI's Counterintelligence Division, in a statement. Stating that Kingsbury knew she was not authorized to remove and retain access to these sensitive ...

The adversary behind Conti ransomware targeted no fewer than 16 healthcare and first responder networks in the U.S. within the past year, totally victimizing over 400 organizations worldwide, 290 of which are situated in the country. That's according to a new  flash alert  issued by the U.S. Federal Bureau of Investigation (FBI) on Thursday. "The FBI identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year," the agency said. Ransomware attacks have worsened over the years, with recent targets as varied as state and local governments, hospitals, police departments, and critical infrastructure.  Conti  is one of many ransomware strains that have capitulated on that trend, commencing its operations in July 2020 as a private Ransomware-as-a-Service (RaaS), in addition to jumping on the double e...