The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The developers who create the software, applications and programs that drive digital business have become the lifeblood of many organizations. Most modern businesses would not be able to (profitably) function, without competitive applications and programs, or without 24-hour access to their websites and other infrastructure. And yet, these very same touchpoints are also often the gateway that hackers and other nefarious users employ in order to steal information, launch attacks and springboard to other criminal activities such as fraud and ransomware.  Successful attacks remain prevalent, even though spending on cybersecurity in most organizations is way up, and even though movements  like DevSecOps  are shifting security towards those developers who are the lifeblood of business today. Developers understand the importance of security, and overwhelmingly want to deploy secure and quality code, but software vulnerabilities continue to be exploited.  Why? For the ...

Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a  legitimate driver  that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researcher Kasif Dekel  said  in a report shared with The Hacker News. Tracked as CVE-2022-26522 and CVE-2022-26523, the flaws reside in a legitimate anti-rootkit kernel driver named aswArPot.sys and are said to have been introduced in Avast version 12.1, which was released in June 2016. Specifically, the shortcomings are rooted in a socket connection handler in the kernel driver that could lead to privilege escalation by running code in the kernel from a non-administrator user, potentially causing the operating system to crash and display a blue screen of death ( BSo...

Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. The company, in an  updated notification , revealed that a compromised token was abused to breach the database and "exfiltrate the hashed and salted passwords for customers' user accounts." As a consequence, Salesforce said it's resetting all Heroku user passwords and ensuring that potentially affected credentials are refreshed. It also emphasized that internal Heroku credentials were rotated and extra detections have been put in place. The attack campaign, which GitHub  discovered  on April 12, related to an unidentified actor leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM. The timeline of events as shared by the cloud platform is as follows - April 7, 2022  - Threa...

An ElasticSearch server instance that was left open on the Internet without a password contained sensitive financial information about loans from Indian and African financial services. The leak, which was discovered by researchers from information security company UpGuard, amounted to 5.8GB and consisted of a total of 1,686,363 records. "Those records included personal information like name, loan amount, date of birth, account number, and more," UpGuard  said  in a report shared with The Hacker News. "A total of 48,043 unique email addresses were in the collection, some of which were for the product administrators, corporate clients, and collection agents assigned to each case." The exposed instance, used as data storage for a  debt collection platform  called ENCollect, was detected on February 16, 2022. The leaky server has since been rendered non-accessible to the public as of February 28 following intervention from the Indian Computer Emergency Response Tea...

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software ( NFVIS ) that could permit an attacker to fully compromise and take control over the hosts. Tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, the vulnerabilities "could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM," the company  said . Credited for discovering and reporting the issues are Cyrille Chatras, Pierre Denouel, and Loïc Restoux of Orange Group. Updates have been released in version 4.7.1. The networking equipment company said the flaws affect Cisco Enterprise NFVIS in the default configuration. Details of the three bugs are as follows - CVE-2022-20777  (CVSS score: 9.9) - An issue with insufficient guest restrictions that allows an authenticated, remote attacker to escape from the guest VM ...

Cloud security and application delivery network ( ADN ) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the  43 issues addressed , one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is  CVE-2022-1388 , which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of authentication check, potentially allowing an attacker to take control of an affected system. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory. "There is no data plane exposure; this is a control plane issue only." The security vulnerability, which the company said was discovered internally, affects BIG-IP products with the following versions - 16.1.0 - 16.1.2 15.1.0 ...

The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the  Division of Enforcement  to Crypto Assets and Cyber Unit and plans to infuse 20 additional positions with the goal of investigating wrongdoing in the crypto markets. The goal, per the agency, is to tackle cryptocurrency fraud and crackdown on  malicious actors  attempting to profit from crypto marketplaces. The Cyber Unit was  instituted  in September 2017 with a focus on addressing cyber-based threats and protecting retail investors. But given the dramatic evolution of the digital assets markets in recent years, the new unit is expected to focus on securities law violations pertaining to - Crypto asset offerings Crypto asset exchanges Crypto asset lending and staking products Decentral...