The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively. An old school phenomenon  Shadow IT is not new. There have been countless examples of widespread shadow IT use over the years. In the early 2000s, for example, many organizations were reluctant to adopt Wi-Fi for fear that it could undermine their security efforts. However, users wanted the convenience of wireless device usage and often deployed wireless access points without the IT department's knowledge or consent. The same thing happened when the iPad first became popular. IT departments largely prohibited iPads from being used with business data because of the inability to apply group policy settings and other security controls to the devices. Even so, users often ignored IT ...

A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate. Sebastien Vachon-Desjardins , who was  extradited to the U.S.  on March 10, 2022, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. The 34-year-old IT consultant from Gatineau, Quebec, was initially apprehended in January 2021 following a coordinated  law enforcement operation  to dismantle the dark web infrastructure used by the NetWalker ransomware cybercrime group to publish data siphoned from its victims. The takedown also brought its activities to a standstill. A search warrant executed at Vachon-Desjardins's home in Canada resulted in the seizure of 719 bitcoin, valued at approximately $28.1 million at the time, and $790,000 in Canadian currency. In February 2022, the ...

The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the  Ronin bridge attack  in March 2022. The finding comes as Harmony  confirmed  that its Horizon Bridge, a  platform  that allows users to move cryptocurrency across different blockchains, had been breached last week. The incident involved the exploiter carrying out multiple transactions on June 23 that extracted tokens stored in the bridge and subsequently making away with about $100 million in cryptocurrency. "The stolen crypto assets included Ether (ETH), Tether (USDT), Wrapped Bitcoin (WBTC) and BNB," blockchain analytics company Elliptic  said  in a new report. "The thief immediately used Uniswap – a decentralized exchange (DEX) – to convert much of these assets into a total of 85,837 ETH." Days later, on June 27, the culprit is said to have begun moving f...

Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other stealers sold on the dark web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of," security researcher Joakim Kennedy said in a report shared with The Hacker News. The malware's modus operandi, however, mirrors its counterparts in that it extracts the cookie information from the web browser's database files in the user's profile folder. The reasoning given behind targeting content creators is that it uses one of the installed browsers on the infected machine to gather YouTube channe...

A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. Following responsible disclosure on May 4, 2022, the shortcoming was addressed by RarLab as part of  version 6.12  released on May 6. Other versions of the software, including those for Windows and Android operating systems, are not impacted. "An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive," SonarSource researcher Simon Scannell  said  in a Tuesday report. "If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arb...

Cybersecurity researchers from Palo Alto Networks Unit 42  disclosed  details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed  FabricScape  ( CVE-2022-30137 ), could only be weaponized on containers that are configured to have  runtime access . It has been  remediated  as of June 14, 2022, in  Service Fabric 9.0 Cumulative Update 1.0 . Azure Service Fabric  is Microsoft's platform-as-a-service ( PaaS ) and a container orchestrator solution used to build and deploy microservices-based cloud applications across a cluster of machines. "The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource's host SF node and the entire cluster," Microsoft  said  as part of the coordinated disclosure process. "Though the bug exi...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to  add  a Linux vulnerability dubbed  PwnKit  to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. The issue, tracked as  CVE-2021-4034  (CVSS score: 7.8), came to light in January 2022 and concerns a case of  local privilege escalation  in polkit's pkexec utility, which allows an authorized user to execute commands as another user. Polkit (formerly called PolicyKit) is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes. Successful exploitation of the flaw could induce pkexec to execute arbitrary code, granting an unprivileged attacker administrative rights on the target machine. It's not immediately clear how the vulnerability is being weaponized in the wild, nor is there any information on the id...