The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point , the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by sending a specially crafted audio file. "The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user's multimedia data, including streaming from a compromised machine's camera," the researchers said in a report shared with The Hacker News. "In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations." The vulnerabilities, dubbed ALHACK, are rooted in an audio coding format originally developed and open-sourced by Apple i...

A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the environment in less than 72 hours from the initial compromise," Varonis security researcher, Nadav Ovadia,  said  in a post-mortem analysis of the incident.  Hive, which was  first observed  in June 2021, follows the lucrative ransomware-as-a-service (RaaS) scheme adopted by other cybercriminal groups in recent years, enabling affiliates to deploy the file-encrypting malware after gaining a foothold into their victims' networks. ProxyShell  — tracked as CVE-2021-31207, CVE-2021-34523, and CVE-2021-34473 — involves a combination of security feature bypass, privilege escalation, and remote code execution in the Microsoft Exchange Server, effectively granting the attacker...

The Five Eyes nations have released a  joint cybersecurity advisory  warning of increased  malicious attacks  from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S.  said . "Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners." The  advisory  follows  another alert  from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and su...

Google Project Zero called 2021 a "record year for in-the-wild 0-days," as  58 security vulnerabilities  were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020. "The large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits," Google Project Zero security researcher  Maddie Stone   said . "Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces," Stone added. The tech giant's in-house security team characterized the exploits as similar to previous and publicly known vulnerabilities, with only two of them markedly different for the technical sophistication and use of logic bugs to escape the sandbox. B...

Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic. Tracked as  CVE-2022-20685 , the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source Snort project releases earlier than 2.9.19 as well as version 3.1.11.0. Maintained by Cisco,  Snort  is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) that offers real-time network traffic analysis to spot potential signs of malicious activity based on predefined rules. "The vulnerability, CVE-2022-20685, is an integer-overflow issue that can cause the Snort Modbus OT preprocessor to enter an infinite  while loop ," Uri Katz, a security researcher with Claroty,  said  in a report published last week. "A successful exploit keep...

Are you a CISO, CIO, or IT Director? In your role, you're responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization's security program.  But getting buy-in from leadership can be difficult when they are a non-technical audience. On top of managing your organization's breach protection activity 24/7, you have to find time to figure out how to effectively articulate the risks, potential impacts, and appropriate steps necessary in a way that will convince leadership to invest in the resources required to keep your organization safe. Compounding this is the fact that, while you are focused on things like malware, exploits, and network traffic – your leadership is primarily concerned with operational loss and calculated risk.  How do you bridge the gap and help leadership understand your priorities and your team's business impact? You must identify the security i...

Identity and access management provider Okta on Tuesday said it concluded its probe into the  breach  of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang and that it was far more limited in scope. Stating that the "impact of the incident was significantly less than the maximum potential impact" the company had previously shared last month, Okta  said  the intrusion impacted only two customer tenants, down from 366 as was initially assumed. The  security event  took place on January 21 when the LAPSUS$ hacking group gained unauthorized remote access to a workstation belonging to a Sitel support engineer. But it only became public knowledge nearly two months later when the adversary  posted  screenshots of Okta's internal systems on their Telegram channel. In addition to accessing two active customer tenants within the SuperUser application — which is used to perform basic management functions — the hacker group is sai...