The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is  CVE-2022-20650  (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data. "An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device," Cisco said. "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system." The flaw impacts Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, and Nexus 9000 Series Switches in standalone NX-OS mode running Cisco NX-OS Software that have the NX-API feature enabled. Also patched are two high-severity den...

TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that's used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaigns is "partially due to a big shift from Trickbot's operators, including working with the operators of Emotet," researchers from Intel 471  said  in a report shared with The Hacker News. The last set of attacks involving TrickBot were registered on December 28, 2021, even as command-and-control (C2) infrastructure associated with the malware has continued to serve additional plugins and  web injects  to infected nodes in the botnet. Interestingly, the decrease in the volume of the campaigns has also been accompanied by the TrickBot gang working closely with the  operators of Emotet , which witnessed a resurgence late last year after a 10-month-long break following ...

There's something about craftsmanship. It's personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings. The story of data centers is one of going from craftsmanship – where every individual machine is a pet project, maintained with great care – to mass production with big server farms where individual units are completely disposable. In this article, we take a look at how data centers have changed shape over the decades. We examine the implications for data center workloads, and for the people that run them – who have now lost their pet systems. We'll also review the cybersecurity implications of the new data center landscape. Pet system with a big purpose For any sysadmin who started their career before the advent of virtualization and other cloud and automation technologies, systems were finely crafted pieces of hardware – and ...

ASUSTOR network-attached storage (NAS) devices have become the  latest   victim  of Deadbolt ransomware, less than a month after similar attacks singled out  QNAP NAS appliances . In response to the infections, the company has released firmware updates ( ADM 4.0.4.RQO2 ) to "fix related security issues." The company is also urging users to take the following actions to keep data secure – Change your password Use a strong password Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively Change web server ports (Default ports are 80 and 443) Turn off Terminal/SSH and SFTP services and other services you do not use, and Make regular backups and ensure backups are up to date The attacks primarily affect internet-exposed ASUSTOR NAS models running ADM operating systems including, but not limited to, AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T.  Much like the intrusions targeting QNAP NAS devices, the threat ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  warned  of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its  Known Exploited Vulnerabilities Catalog . On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8, 2022 to reduce their exposure to potential cyberattacks. Tracked as  CVE-2022-23131  (CVSS score: 9.8) and  CVE-2022-23134  (CVSS score: 5.3), the shortcomings could lead to the compromise of complete networks, enabling a malicious unauthenticated actor to escalate privileges and gain admin access to the Zabbix Frontend as well as make configuration changes. Thomas Chauchefoin from SonarSource has been credited with discovering and reporting the two flaws, which affect Zabbix Web Frontend versions up to and including 5.4.8, 5.0.18 and 4.0.36. The issues...

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called  Cyclops Blink  that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices," the agencies  said . "In common with VPNFilter, Cyclops Blink deployment also appears indiscriminate and widespread." The  joint government advisory  comes from the U.K. National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) in the U.S. Sandworm , aka Voodoo Bear, is the name assigned to a  highly advanced adversary  operating out of Russia that's known to be active since at least ...

Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper " HermeticWiper " (aka  KillDisk.NCV ), with one of the malware samples compiled on December 28, 2021, implying that preparations for the attacks may have been underway for nearly two months. "The wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd," ESET said in a series of tweets. "The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper reboots [the] computer." Specifically, HermeticWiper is delivered via the benign but signed EaseUS partition management driver that then proceeds to impair the first 512 bytes, the Master Boot Record ( MBR ) for every phys...