The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to despair," according to McAfee's lawyer Javier Villalba, Reuters  reported . Security personnel at the Brians 2 prison tried to revive McAfee, but he was eventually declared dead, per  Associated Press . News of his death comes after Spain's National Court approved his extradition to the U.S. to face federal criminal tax evasion charges. McAfee worked for NASA, Xerox, and Lockheed Martin before launching the world's first commercial antivirus software in 1987. He later resigned from the namesake security firm in 1994. The former cybersecurity tycoon turned fugitive was detained in Spain last October for " willful failure to file tax returns ," with the U.S. Depar...

A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs  said  in a Tuesday analysis. "The potentially compromised victims aligned with the government and power utility verticals." Some of the victims include a foreign government organization, a power transmission organization, and a power generation and transmission organization. The covert operation is said to have begun at least in January 2021. The intrusions are notable for a number of reasons, not least because in addition to its highly-targeted nature, the tactics, techniques, and procedures (TTPs) adopted by the adversary rely on repurposed open-source code and the use of compromised dom...

It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked. Ransomware attacks are on the rise, and they've become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks would cost the world over $260 billion. A new whitepaper from XDR provider Cynet demonstrates how the company's platform can help organizations mitigate the impact of ransomware ( download here ). Today, attackers have shown themselves to be less interested in ignoring the most vulnerable sectors, such as health care providers and hospitals. With a parallel increase in the number of variants – Wastedlocker, FTCode, Tycooon, TrickBot, REvil, and many others – it's becoming harder to defend against the growing threat of ransomware. Ransomware operates by using a variety of infection and encryption techniques to steal or barricade companies' files behind hard paywalls. Even t...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to  updating  Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches rolled out by Mozilla for several  security vulnerabilities  addressed in Firefox 89. Chief among the rectified issues is a new fingerprinting attack that came to light last month. Dubbed  scheme flooding , the vulnerability enables a malicious website to leverage information about installed apps on the system to assign users a permanent unique identifier even when they switch browsers, use incognito mode, or a VPN. Put differently, the  weakness  takes advantage of custom URL schemes in apps as an attack vector, allowing a bad actor to track a device's user ...

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as  CVE-2021-20019  (CVSS score: 5.3), the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure. It's worth noting that SonicWall's decision to hold back the patch comes amid  multiple   zero-day   disclosures  affecting its remote access VPN and email security products that have been exploited in a series of in-the-wild attacks to deploy backdoors and a new strain of ransomware called FIVEHANDS. Howevere, there is no evidence that the flaw is being exploited in the wild. Memory Dump PoC...

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE). "Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for a supply-chain attack," Positive Security co-founder Fabian Bräunlein  said  in a technical write-up published today. "The native PlingStore application is affected by an RCE vulnerability, which can be triggered from any website while the app is running." The Pling-based app stores impacted by the flaw include — appimagehub.com store.kde.org gnome-look.org xfce-look.org pling.com PlingStore allows users to search and install Linux software, themes, icons, and other add-ons that may not be available for download through the distribution's software center.  T...

Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called " DarkRadiation " that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in  Bash  script and targets Red Hat/CentOS and Debian Linux distributions," researchers from Trend Micro  said  in a report published last week. "The malware uses OpenSSL's AES algorithm with CBC mode to encrypt files in various directories. It also uses Telegram's API to send an infection status to the threat actor(s)." As of writing, there's no information available on the delivery methods or evidence that the ransomware has been deployed in real-world attacks. The findings come from an analysis of a collection of hacking tools hosted on the unidentified threat actor's infrastructure (IP address "185.141.25.168") in a...