The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak. The botnet is said to have created a flood of more than 212 million HTTPS requests within less than 30 seconds from over 1,500 networks in 121 countries, including Indonesia, the U.S., Brazil, Russia, and India. Roughly 3% of the attack came through Tor nodes. The attack "originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things...

Microsoft finally released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are  55 other flaws , three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five more shortcomings were resolved in the Microsoft Edge browser. Tracked as  CVE-2022-30190  (CVSS score: 7.8), the  zero-day bug  relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool (MSDT) when it's invoked using the "ms-msdt:" URI protocol scheme from an application such as Word. The vulnerability can be trivially exploited by means of a specially crafted Word document that downloads and loads a malicious HTML file through Word's remote template feature. The HTML file ultimately permits the attacker to load and execute PowerShell code within Windows. "An attacker who successfully exploits thi...

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information," SonarSource  said  in a report shared with The Hacker News. Tracked as  CVE-2022-27924  (CVSS score: 7.5), the issue has been characterized as a case of "Memcached poisoning with unauthenticated request," leading to a scenario where an adversary can inject malicious commands and siphon sensitive information. This is made possible by poisoning the IMAP route cache entries in the Memcached server that's used to look up Zimbra users and forward their HTTP requests to appropriate backend services. Memcached is an in-memory key-value sto...

In 2017, The Australian Cyber Security Center (ACSC) published a set of mitigation strategies that were designed to help organizations to protect themselves against cyber security incidents. These strategies, which became known as  the Essential Eight , are designed specifically for use on Windows networks, although variations of these strategies are commonly applied to other platforms. What is the Essential Eight?  The Essential Eight is essentially a cyber security framework that is made up of objectives and controls (with each objective including multiple controls). Initially, the Australian government only mandated that companies adhere to four of the security controls that were included in the first objective. Starting in June of 2022 however, all 98 non-corporate Commonwealth entities (NCCEs) are going to be  required to comply with the entire framework . Non-Australians take note  Although the Essential Eight is specific to Australia, organizations outsid...

Microsoft has incorporated additional improvements to address the recently disclosed  SynLapse  security vulnerability in order to meet comprehensive  tenant isolation   requirements  in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client certificate to access other tenants' information. "This means that if an attacker could execute code on the  integration runtime , it is never shared between two different tenants, so no sensitive data is in danger," Orca Security said in a technical report detailing the flaw. In a statement shared with The Hacker News regarding the protections deployed, Microsoft said it fully mitigated different attack paths to the vulnerability across all integration runtime types. The tech giant stated that it "contained and closely monitored the backend certificate...

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub," researchers from cloud security firm Aqua  said  in a Monday report. Travis CI is a  continuous integration  service used to build and test software projects hosted on cloud repository platforms such as GitHub and Bitbucket. The issue, previously reported in 2015 and  2019 , is rooted in the fact that the  API  permits access to historical logs in cleartext format, enabling a malicious party to even "fetch the logs that were previously unavailable via the API." The l...

A new covert Linux kernel rootkit named  Syslogk  has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a  magic network traffic packet . "The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect," Avast security researchers David Álvarez and Jan Neduchal  said  in a report published Monday. Adore-Ng, an  open-source rootkit  available since 2004, equips the attacker with full control over a compromised system. It also facilitates hiding processes as well as custom malicious artifacts, files, and even the kernel module, making it harder to detect. "The module starts by hooking itself into various file systems. It digs up the inode for the root filesystem, and replaces that inode's  readdir()  function pointer with one of its own," LWN.net  noted  at...