The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "On 29th of June 2021, law enforcement took down DoubleVPN," the agencies said in a seizure notice splashed on the now-defunct site. "Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN's owners failed to provide the services they promised." The criminal investigation was conducted by agencies from Bulgaria, Canada, Germany, Italy, Sweden, Switzerland, the Netherlands, U.K., and the U.S., alongside authorities from Eurojust and Europol's European Cybercrime Centre (EC3). DoubleVPN is said to have been heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and...

Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems. Today, there are hundreds of groups devoted to infiltrating almost every industry, constantly devising more sophisticated methods to attack organizations. It's even more troubling to note that some groups have started to collaborate, creating complex and stealthy tactics that leave even the best security teams scrambling to respond. Such is the case noted by XDR Provider Cynet, as the company observes in its newest Research Webinar ( register here ). Cynet's research team noted that two of the most infamous attack groups – Lunar Spider and Wizard Spider – have started working together to infect organizations with ransomware. The development is certainly troubling, and the ...

A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as  CVE-2021-1675 , the security issue could grant remote attackers full control of vulnerable systems.  Print Spooler  manages the printing process in Windows, including loading the appropriate printer drivers and scheduling the print job for printing, among others. Print Spooler flaws are concerning, not least because of the wide attack surface, but also owing to the fact that it runs at the highest privilege level and is capable of dynamically loading third-party binaries. The Windows maker addressed the vulnerability as part of its Patch Tuesday update on June 8, 2021. But almost two weeks later, Microsoft revised the flaw's impact from an elevation of privilege to remote code execution (RCE) as well as upgraded the severity level from Im...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

GitHub on Tuesday launched a technical preview of a new AI-powered  pair programming  tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot , as the code synthesizer is called, has been developed in collaboration with  OpenAI , and leverages Codex, a new AI system that's trained on publicly available source code and natural language with the goal of translating comments and code written by a user into auto-generated code snippets. "GitHub Copilot draws context from the code you're working on, suggesting whole lines or entire functions," GitHub CEO Nat Friedman  said  in a blog post. "It helps you quickly discover alternative ways to solve problems, write tests, and explore new APIs without having to tediously tailor a search for answers on the internet." Despite its function as an AI-based autocomplete for writing boilerplate code, the Micr...

An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an  analysis  published Friday. "By mounting this exploit, the attacker can grant access to themselves over SSH (public key authentication) so then they can login as the root user." Google Compute Engine ( GCE ) is an infrastructure-as-a-service (IaaS) component of Google Cloud Platform that enables users to create and launch virtual machines (VMs) on demand. GCE provides a method for storing and retrieving metadata in the form of the  metadata server , which offers a central point to set metadata in the form of key-value pairs that's then provided to virtual machines at runtime. According to the researcher, the issue is a consequence of weak pseudo-random ...

Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity – username/email and password – has long outlived its usefulness. This is how multi-factor or two-factor authentication (MFA or 2FA) has come into play, to patch up vulnerabilities of the so-called knowledge-based model, usually by SMS passcode to verify possession of a mobile phone number. The simplicity of SMS-based verification has taken apps by storm – it's the default option, as most users have a mobile phone. Yet bad actors have learned how to exploit this verification method, leading to the menace of  SIM swap fraud , which is alarmingly easy to pull off and rising rapidly in incidents. There's been no lack of effort in finding a more secure factor that is still universal. For example, b...

Google on Monday announced  new measures  for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and Safety team said. As part of the changes, individual users and businesses in possession of Google Play developer accounts will be asked to specify an account type (personal or organization), a contact name, their physical address, as well as verifying the email address and phone number provided during account creation. In addition, the search giant is also mandating users of Google Play Console to sign in using Google's 2-Step Verification to prevent account takeover attacks. According to the timeline shared by Google, developer account owners will be able to declare their account t...