The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Following the launch of a new "Data safety" section for Android apps on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was  highlighted  by Esper's Mishaal Rahman earlier this week. The  Data safety  section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition Labels in iOS, allowing users to have a unified view of an app's data collection and processing practices. To that end, third-party app developers are required to furnish the required details by July 20, 2022. With this deadline now approaching next week, the tech giant has taken the step of entirely removing the permissions section. The decision also appears to be a hasty one, as a number of popular apps such as Facebook, Messenger, Instagram, WhatsApp, Amazon (including Amazon Prime Video), DuckDuckGo, Discord, and PhonePe are yet to populate their Data safety sec...

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo Alto Networks Unit 42  said  in a Friday report. The unusual activity is said to have commenced in mid-December 2021 and targets Asterisk, a widely used software implementation of a private branch exchange (PBX) that runs on the open-source Elastix Unified Communications Server. Unit 42 said the intrusions share similarities with the  INJ3CTOR3 campaign  that Israeli cybersecurity firm Check Point disclosed in November 2020, alluding to the possibility that they could be a "resurgence" of the previous attacks. Coinciding with the sudden surge is the public disclos...

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.  "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox  said  in an advisory published this week. Auditor  is an auditing and visibility platform that enables organizations to have a consolidated view of their IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware, and other systems—all from a single console. Netwrix, the company behind the software, claims more than 11,500 customers across over 100 countries, such as Airbus, Virgin, King's College Hospital, and Credissimo, among others. The flaw, which impacts all supported versions prior to 10.5, has been described as an  insecure object deseri...

New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy (however "normal" may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their  cybersecurity challenges and priorities , and their responses were compared the results with those of a similar survey from 2021. Here are the 5 key things we learned from 200 responses: 1  —  Remote Work Has Accelerated the Use of EDR Technologies In 2021, 52% of CISOs surveyed were relying on endpoint detection and response (EDR) tools. This year that number has leapt to 85%. In contrast, last year 45% were using network detection and response (NDR) tools, while this year just 6% employ NDR. Compared to 2021, double the number of CISOs and their organizations are seeing the value of extended detection and response (XDR) tools, which combine EDR with integrated network signals. This is likely due to the ...

A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat  anonymity protections  and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers  said . "The attacker knows this target only through a public identifier, such as an email address or a Twitter handle." The cache-based targeted  de-anonymization attack  is a  cross-site leak  that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource (e.g., image, video, or a YouTube playlist) with the target, followed by embedding the shared resource into the attack website. This can be achieved by, say, privately sharing the resource with the target using the victim's email address or the appropriate username associated wit...

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity. Targeted entities primarily include small-to-midsize businesses such as manufacturing organizations, banks, schools, and event and meeting planning companies. "Along with their H0lyGh0st payload, DEV-0530 maintains an .onion site that the group uses to interact with their victims," the researchers  said  in a Thursday analysis. "The group's standard methodology is to encrypt all files on the target device and use the file extension .h0lyenc, send the victim a sample of the files as proof, and then demand payment in Bitcoin in exchange...

The botnet behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet  Mantis , the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users. The most attacked industry verticals include internet and telecom, media, gaming, finance, business, and shopping, of which over 20% of the attacks targeted U.S.-based companies, followed by Russia, Turkey, France, Poland, Ukraine, the U.K., Germany, the Netherlands, and Canada. Last month, the company said it  mitigated  a record-breaking DDoS attack aimed at an unnamed customer website using its Free plan that peaked at 26 million requests per second (RPS), with each node generating approximately 5,200 RPS. The tsunami of junk traffic lasted less than 30 seconds and generated more than 212 million HTTPS requests from more than 1,500 networks in 1...