The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security incidents occur. It's not a matter of "if," but of "when." That's why you implemented security products and procedures to optimize the incident response (IR) process. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more challenging task. Feels familiar? In many organizations, leadership is not security savvy, and they aren't interested in the details regarding all the bits and bytes in which the security pro masters.  Luckily, there is a template that security leads can use when presenting to management. It's called the  IR Reporting for Management template , providing CISOs and CIOs with a clear and intuitive tool to report both the ongoing IR process and its conclusion. The IR Reporting for Management template enables CISOs and CIOs to communicate with the two key points that management cares about—assurance that the incid...

Popular video conferencing service Zoom has  resolved  as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol ( XMPP ) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google Project Zero has been credited with discovering and reporting all the four flaws in February 2022. The list of bugs is as follows - CVE-2022-22784  (CVSS score: 8.1) - Improper XML Parsing in Zoom Client for Meetings CVE-2022-22785  (CVSS score: 5.9) - Improperly constrained session cookies in Zoom Client for Meetings CVE-2022-22786  (CVSS score: 7.5) - Update package downgrade in Zoom Client for Meetings for Windows CVE-2022-22787  (CVSS score: 5.9) - Insufficient hostname validation during server switch in Zoom Client for Meetings With Zoom's chat fu...

Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "ctx," a Python module available in the PyPi repository. The other involves "phpass," a PHP package that's been forked on GitHub to distribute a rogue update. "In both cases the attacker appears to have taken over packages that have not been updated in a while," the SANS Internet Storm Center (ISC)  said , one of whose volunteer incident handlers, Yee Ching, analyzed the ctx package. It's worth noting that ctx, prior to the latest release on May 21, 2022, was last published to PyPi on December 19, 2014. On the other hand, phpass hasn't received an update since it was uploaded to Packagist on August 31, 2012. Both the libraries have been removed from PyPi and GitHub . At its core, the modifications are designed to exfiltrate AWS credentials t...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Let's face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is  skyrocketing , and opportunities for the attack have greatly multiplied as lives moved online. All it takes is one password to be compromised for all other users to become victims of a data breach.  To deliver additional security, therefore, digital identities rely on verification plasters. MFA (multi-factor authentication) often falls back to knowledge factors such as password resets and OTP codes, but these are still vulnerable. As long as credentials can be shared or intercepted, they can be misused.  What is needed is a paradigm shift – from knowledge-based credentials to strong possession-factor security that can't be compromised, alongside other verification security such as biometrics. A new possession-factor API now aims to do precisely that, replacing knowledge-based credentials, by using the SIM card for p...

Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma. "Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware," BlackBerry research and intelligence team said in a report shared with The Hacker News. Chaos is a customizable ransomware builder that  emerged  in underground forums on June 9, 2021, by falsely marketing itself as the .NET version of Ryuk despite sharing no such overlaps with the notorious counterpart. The fact that it's offered for sale also means that any malicious actor can purchase the builder and develop their own ransomware strains, turning it into a potent threat. It has since undergone five successive iterations aimed at improving its functionalities: version 2.0 on June 17, version 3.0 on July 5, version 4.0 on August 5, and version 5.0 in early 2022. While the first three variants of Chaos functioned more l...

In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticated software apps taking over different jobs along the attack-chain from initial compromise to ultimate data exfiltration or encryption. The specific tools for each stage are highly specialized and can often be rented as a service, including customer support and subscription models for professional (ab)use. Obviously, this has largely increased both the availability and the potential effectiveness and impact of malware. Sound scary?  Well, it does, but the apparent professionalization actually does have some good sides too. One factor is that certain reused modules commonly found in malware can be used to identify, track, and analyze professional attack software. Ultimately this means that...

Even as the operators of Conti threatened to overthrow the Costa Rican government , the notorious cybercrime gang officially took down its attack infrastructure in favor of migrating their malicious cyber activities to other ancillary operations, including Karakurt and BlackByte. "From the negotiations site, chatrooms, messengers to servers and proxy hosts - the Conti brand, not the organization itself, is shutting down," AdvIntel researchers Yelisey Bogusalvskiy and Vitali Kremez  said  in a report. "However, this does not mean that the threat actors themselves are retiring." The voluntary termination, with the exception of its name-and-shame blog, is said to have occurred on May 19, 2022, while an organizational rejig was happening simultaneously to ensure a smooth transition of the ransomware group's members. AdvIntel said Conti, which is also tracked under the moniker  Gold Ulrick , orchestrated its own demise by utilizing information warfare techniques....