The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document (" 05-2022-0438.doc ") that was uploaded to VirusTotal from an IP address in Belarus. "It uses Word's external link to load the HTML and then uses the 'ms-msdt' scheme to execute PowerShell code," the researchers  noted  in a series of tweets last week. According to security researcher Kevin Beaumont, who dubbed the flaw "Follina," the maldoc leverages Word's  remote template  feature to fetch an HTML file from a server, which then makes use of the "ms-msdt://" URI scheme to run the malicious payload. The shortcoming has been so named because the malicious sample references 0438, which is the area code of Follina, a municipality in t...

Cybersecurity researchers have disclosed a new ransomware strain called  GoodWill  that compels victims into donating for social causes and provide financial assistance to people in need. "The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK  said  in a report published last week. "The Robin Hood-like group claims to be interested in helping the less fortunate, rather than extorting victims for financial motivations." Written in .NET, the ransomware was first identified by the India-based cybersecurity firm in March 2022, with the infections blocking access to sensitive files by making use of the AES encryption algorithm. The malware is also notable for sleeping for 722.45 seconds to interfere with dynamic analysis. The encryption process is followed by displaying a multiple-paged ransom note that requires the victims to carry out three socially-driven activities to be able to obtain the decryption...

Network credentials and virtual private network (VPN) access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations," the U.S. Federal Bureau of Investigation (FBI)  said  in an advisory published last week. The cyber intrusions against educational institutions involve threat actors leveraging tactics like spear-phishing and ransomware to carry out credential harvesting activities. The gathered credentials are then exfiltrated and sold on Russian cybercrime forums for prices ranging from a few to thousands of U.S. dollars. Armed with this login information, the agency pointed out, adversaries can proceed to conduct brute-force  credential stuffing  attacks to break into victim accounts spanning ...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," had previously pleaded guilty to one count of racketeering conspiracy on October 13, 2021. He joined the gang in August 2011 and remained a member for five-and-a-half years. "Telusma was among the most prolific and active members of the Infraud Organization, purchasing and fraudulently using compromised credit card numbers for his own personal gain," the U.S. Justice Department (DoJ)  said . Infraud, a transnational cybercrime behemoth, operated for more than seven years, advertising its activities under the slogan "In Fraud We Trust," before its online infrastructure was dismantled by U.S. law enforcement authorities in February 2018. The rogue enterprise dabbled in the large-scale acquisition and sale ...

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system privileges. "As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device," the Microsoft 365 Defender Research Team  said  in a report published Friday. The weaknesses, which range from command-injection to local privilege escalation, have been assigned the identifiers CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with CVSS scores between 7.0 and 8.9. Command injection proof-of-concept (POC) exploit code Injecting a simil...

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the browser." The flaw, which  was identified  in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company  Numen Cyber Technology  and has since been quietly fixed by the company. "This vulnerability occurs in the instruction selection stage, where the wrong instruction has been selected and resulting in memory access exception," Wang said . Use-after-free flaws  occur  when previous-freed memory is accessed, inducing undefined behavior and causing a program to crash, use corrupted data, or even achieve e...

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of its integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure," Greg Ose said , adding the attacker then managed to obtain a number of files - A database backup of skimdb.npmjs.com consisting of data as of April 7, 2021, including an archive of user information from 2015 and all private NPM package manifests and package metadata. The archive contained NPM usernames, password hashes, and email addresses for roughly 100,000 users. A set of CSV files encompassing an archive of all names and version numbers of published versions of all NPM private packages as of April 10, 2022, and  A "small subset" of private packages from two organiz...