The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that's used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems. PHP Everywhere is  used  to flip the switch on PHP code across WordPress installations, enabling users to insert and execute PHP-based code in the content management system's Pages, Posts, and Sidebar. The three issues, all rated 9.9 out of a maximum of 10 on the CVSS rating system, impact versions 2.0.3 and below, and are as follows - CVE-2022-24663  - Remote Code Execution by Subscriber+ users via shortcode CVE-2022-24664  - Remote Code Execution by Contributor+ users via metabox, and CVE-2022-24665  - Remote Code Execution by Contributor+ users via gutenberg block Successful exploitation of the three vulnerabilities could result in the execution of malicious PHP code that could be leveraged to achieve a complete site tak...

The U.S. Justice Department (DoJ) on Tuesday  announced  the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the  hack  of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "stolen funds through a labyrinth of cryptocurrency transactions," with the law enforcement getting hold of over $3.6 billion in cryptocurrency by following the money trails, resulting in the "largest financial seizure ever." Prosecutors charged the couple not for the hack itself, but rather for receiving the stolen bitcoin into a digital wallet under their ownership, a part of which was laundered to conceal the activities and the movement of the money. In 2019, Israeli authorities apprehended two brothers, Eli and Assaf Gigi, over their supposed involvement in the 2016 security breach. "Bitfinex will work with the Do...

Alarming research reveals the stress and strains the average cybersecurity team experiences on a daily basis. As many as  70% of teams  report feeling emotionally overwhelmed by security alerts. Those alerts come at such high volume, high velocity, and high intensity that they become an extreme source of stress. So extreme, in fact, that people's home lives are negatively affected. Alert overload is bad for those who work in cybersecurity. But it's even worse for everyone who depends on cybersecurity.  This is a gigantic issue in the industry, yet few people even acknowledge it, let alone deal with it. Cynet aims to correct that in this guide ( download here ), starting by shining a light on the cause of the problem and the full extent of its consequences and then offering a few ways lean security teams can pull their analysts out of the ocean of false positives and get them back to shore. It includes tips on how to reduce alerts using automation and shares guidance for...

An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed  Marlin  as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed "Out to Sea"  — to a threat actor called  OilRig  (aka APT34), while also conclusively connecting its activities to a second Iranian group tracked under the name  Lyceum  (Hexane aka  SiameseKitten ). "Victims of the campaign include diplomatic organizations, technology companies, and medical organizations in Israel, Tunisia, and the United Arab Emirates," ESET noted in its  T3 2021 Threat Report  shared with The Hacker News. Active since at least 2014, the hacking group is known to strike Middle Eastern governments and a variety of business verticals, including chemical, energy, financial, and telecommunications. In April 2021, the actor targeted a Lebanese e...

The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET's  T3 2021 Threat Report  shared with The Hacker News, the intrusions paved the way for the deployment of Cobalt Strike Beacon on compromised systems, followed by leveraging the foothold to drop additional malware for gathering information about the hosts and other machines in the same network. Also tracked under the names The Dukes, Cozy Bear, and Nobelium, the advanced persistent threat group is an infamous cyber-espionage group that has been active for more than a decade, with its attacks targeting Europe and the U.S., before it gained widespread attention for the  supply‐chain compromise  of SolarWinds, leading to further infections in several downstream entities, including U.S. government agencies in 2020. The spear-phishing attacks commen...

Microsoft on Tuesday rolled out its monthly security updates with  fixes for 51 vulnerabilities  across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated Important and one is rated Moderate in severity, making it one of the rare Patch Tuesday updates without any fixes for Critical-rated vulnerabilities. This is also in addition to  19 more flaws  the company addressed in its Chromium-based Edge browser. None of the security vulnerabilities are listed as under active exploit, while of the flaws —  CVE-2022-21989  (CVSS score: 7.8) — has been classified as a publicly disclosed zero-day at the time of the release. The issue concerns a privilege escalation bug in Windows Kernel, with Microsoft warning of potential attacks exploiting the shortcoming. "Successful exploitation of this vulnerability requires an attacker to...

An advanced persistent threat (APT) hacking group operating with motives that likely align with Palestine has embarked on a new campaign that takes advantage of a previously undocumented implant called NimbleMamba . The intrusions leveraged a sophisticated attack chain targeting Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline, enterprise security firm Proofpoint  said  in a report, attributing the covert operation to a threat actor tracked as Molerats (aka TA402). Notorious for continuously updating their malware implants and their delivery methods, the APT group was most recently linked to an  espionage offensive  aimed at human rights activists and journalists in Palestine and Turkey, while a previous attack exposed in June 2021 resulted in the deployment of a backdoor called  LastConn . But the lull in the activities has been offset by the operators actively working to retool their arsenal, resulting in the developm...