The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive personal data from patient databases. "Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted from Tasy's database, give unauthorized access, or create a denial-of-service condition," CISA  said  in a medical bulletin issued on November 4. Used by over 950 healthcare institutions primarily in Latin America, Philips Tasy EMR is designed as an  integrated healthcare informatics  solution that enables centralized management of clinical, organizational and administrative processes, including incorporating analytics, billing, and inventory and supply management for medical prescriptions. The  SQL injection  flaws — CVE-2021-39375 and CVE-2021-39376 — affect Tas...

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts. The two libraries in question are " coa ," a parser for command-line options, and " rc ," a configuration loader, both of which were  tampered  by an  unidentified threat actor  to include "identical" password-stealing malware. All versions of coa starting with 2.0.3 and above — 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1, and 3.1.3 — are impacted, and users of the affected versions are advised to downgrade to 2.0.2 as soon as possible and check their systems for suspicious activity, according to a GitHub advisory  published  on November 4. In a similar vein, versions 1.2.9, 1.3.9, and 2.3.9 of rc have been found laced with malware, with an  independent alert  ...

Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in digital intrusions attributed to a cyber-espionage group named Gamaredon , linking the members to Russia's Federal Security Service (FSB). Calling the hacker group "an FSB special project, which specifically targeted Ukraine," the Security Service of Ukraine (SSU)  said  the perpetrators "are officers of the 'Crimean' FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014." The names of the five individuals the SSU alleges are part of the covert operation are Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych, and Sushchenko Oleh Oleksandrovych. Since its inception in 2013, the Russia-linked  Gamaredon  group (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) has been re...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  published  a  catalog  of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "aggressive" timeframes. "These vulnerabilities pose significant risk to agencies and the federal enterprise," the agency  said  in a binding operational directive (BOD) issued Wednesday. "It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents." About 176 vulnerabilities identified between 2017 and 2020, and 100 flaws from 2021 have made their way to the initial list, which is expected to be updated with additional actively exploited vulnerabilities as and when they become known provided they have been assigned Common Vu...

The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands. On top of that, the State Department is offering bounties of up to $5 million for intel and tip-offs that could result in the arrest and/or conviction in any country of individuals who are conspiring or attempting to participate in intrusions affiliated with the transnational organized crime syndicate. "In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals," the State Department  said  in a statement. "The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware." The development comes in response to DarkSide's high-pr...

Cisco Systems has released  security updates  to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as  CVE-2021-40119 , the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite. "An attacker could exploit this vulnerability by connecting to an affected device through SSH," the networking major explained in an advisory, adding "A successful exploit could allow the attacker to log in to an affected system as the root user." Cisco said the bug was discovered during internal security testing. Cisco Policy Suite Releases 21.2.0 and later will also automatically create new SSH keys during installation, while requiring a manual process to change the default SSH keys for devices being upgraded from 21.1.0. Also addressed by Cisco a...

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication ( TIPC ) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne  said  in a report published today and shared with The Hacker News. TIPC is a transport layer  protocol   designed  for nodes running in dynamic cluster environments to reliably communicate with each other in a manner that's more efficient and fault-tolerant than other protocols such as TCP. The vulnerability identified by SentinelOne has to do with insufficient validation of user-supplied sizes for a new message type called "...