The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

There's something about craftsmanship. It's personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings. The story of data centers is one of going from craftsmanship – where every individual machine is a pet project, maintained with great care – to mass production with big server farms where individual units are completely disposable. In this article, we take a look at how data centers have changed shape over the decades. We examine the implications for data center workloads, and for the people that run them – who have now lost their pet systems. We'll also review the cybersecurity implications of the new data center landscape. Pet system with a big purpose For any sysadmin who started their career before the advent of virtualization and other cloud and automation technologies, systems were finely crafted pieces of hardware – and ...

ASUSTOR network-attached storage (NAS) devices have become the  latest   victim  of Deadbolt ransomware, less than a month after similar attacks singled out  QNAP NAS appliances . In response to the infections, the company has released firmware updates ( ADM 4.0.4.RQO2 ) to "fix related security issues." The company is also urging users to take the following actions to keep data secure – Change your password Use a strong password Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively Change web server ports (Default ports are 80 and 443) Turn off Terminal/SSH and SFTP services and other services you do not use, and Make regular backups and ensure backups are up to date The attacks primarily affect internet-exposed ASUSTOR NAS models running ADM operating systems including, but not limited to, AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T.  Much like the intrusions targeting QNAP NAS devices, the threat ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  warned  of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its  Known Exploited Vulnerabilities Catalog . On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8, 2022 to reduce their exposure to potential cyberattacks. Tracked as  CVE-2022-23131  (CVSS score: 9.8) and  CVE-2022-23134  (CVSS score: 5.3), the shortcomings could lead to the compromise of complete networks, enabling a malicious unauthenticated actor to escalate privileges and gain admin access to the Zabbix Frontend as well as make configuration changes. Thomas Chauchefoin from SonarSource has been credited with discovering and reporting the two flaws, which affect Zabbix Web Frontend versions up to and including 5.4.8, 5.0.18 and 4.0.36. The issues...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called  Cyclops Blink  that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices," the agencies  said . "In common with VPNFilter, Cyclops Blink deployment also appears indiscriminate and widespread." The  joint government advisory  comes from the U.K. National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) in the U.S. Sandworm , aka Voodoo Bear, is the name assigned to a  highly advanced adversary  operating out of Russia that's known to be active since at least ...

Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper " HermeticWiper " (aka  KillDisk.NCV ), with one of the malware samples compiled on December 28, 2021, implying that preparations for the attacks may have been underway for nearly two months. "The wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd," ESET said in a series of tweets. "The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper reboots [the] computer." Specifically, HermeticWiper is delivered via the benign but signed EaseUS partition management driver that then proceeds to impair the first 512 bytes, the Master Boot Record ( MBR ) for every phys...

Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy , suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API calls), and in the subroutines used to decrypt encrypted text," cybersecurity firm Sophos  said  in a report shared with The Hacker News. The commonalities were uncovered following two unrelated incidents targeting an unnamed media company and a regional government agency. In both cases, the deployment of Entropy was preceded by infecting the target networks with Cobalt Strike Beacons and Dridex, granting the attackers remote access. Despite consistency in some aspects of the twin attacks, they also varied significantly with regards to the initial access vector used to worm their way ins...

Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group , an advanced persistent threat (APT) with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency (NSA). Dubbed " Bvp47 " owing to numerous references to the string "Bvp" and the numerical value "0x47" used in the encryption algorithm, the backdoor was extracted from Linux systems "during an in-depth forensic investigation of a host in a key domestic department" in 2013. The defense research group codenamed the attacks involving the deployment of Bvp47 "Operation Telescreen," with the implant featuring an "advanced covert channel behavior based on TCP SYN packets, code obfuscation, system hiding, and self-destruction design." Bvp47 is said to have been used on more than 287 targets in the academia, economic development, military, science, and telecom s...