The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson  said . "Further, the software was a malware dropper, infecting the machine with the Sality malware and turning the host into a peer in Sality's peer-to-peer botnet." The industrial cybersecurity firm said the password retrieval exploit embedded in the malware dropper is designed to recover the credential associated with Automation Direct  DirectLOGIC 06 PLC . The exploit, tracked as CVE-2022-2003 (CVSS score: 7.7), has been described as a case of cleartext transmission of sensitive data that could lead to information disclosure and unauthorized changes. The issue was  addressed  in firmware Version 2.72 rele...

Juniper Networks has pushed security updates to address  several vulnerabilities  affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to update to release versions 22.1R1 and 21.4.0, respectively. Chief among them is a collection of 31 bugs in the Junos Space network management software, including CVE-2021-23017 (CVSS score: 9.4) that could result in a crash of vulnerable devices or even achieve arbitrary code execution. "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact," the company  said . The same security vulnerability has also been  remediated  in Northstar Controller in versions 5.1.0 Service Pack 6 and 6.2.2. Addi...

Following the launch of a new "Data safety" section for Android apps on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was  highlighted  by Esper's Mishaal Rahman earlier this week. The  Data safety  section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition Labels in iOS, allowing users to have a unified view of an app's data collection and processing practices. To that end, third-party app developers are required to furnish the required details by July 20, 2022. With this deadline now approaching next week, the tech giant has taken the step of entirely removing the permissions section. The decision also appears to be a hasty one, as a number of popular apps such as Facebook, Messenger, Instagram, WhatsApp, Amazon (including Amazon Prime Video), DuckDuckGo, Discord, and PhonePe are yet to populate their Data safety sec...

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo Alto Networks Unit 42  said  in a Friday report. The unusual activity is said to have commenced in mid-December 2021 and targets Asterisk, a widely used software implementation of a private branch exchange (PBX) that runs on the open-source Elastix Unified Communications Server. Unit 42 said the intrusions share similarities with the  INJ3CTOR3 campaign  that Israeli cybersecurity firm Check Point disclosed in November 2020, alluding to the possibility that they could be a "resurgence" of the previous attacks. Coinciding with the sudden surge is the public disclos...

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.  "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox  said  in an advisory published this week. Auditor  is an auditing and visibility platform that enables organizations to have a consolidated view of their IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware, and other systems—all from a single console. Netwrix, the company behind the software, claims more than 11,500 customers across over 100 countries, such as Airbus, Virgin, King's College Hospital, and Credissimo, among others. The flaw, which impacts all supported versions prior to 10.5, has been described as an  insecure object deseri...

New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy (however "normal" may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their  cybersecurity challenges and priorities , and their responses were compared the results with those of a similar survey from 2021. Here are the 5 key things we learned from 200 responses: 1  —  Remote Work Has Accelerated the Use of EDR Technologies In 2021, 52% of CISOs surveyed were relying on endpoint detection and response (EDR) tools. This year that number has leapt to 85%. In contrast, last year 45% were using network detection and response (NDR) tools, while this year just 6% employ NDR. Compared to 2021, double the number of CISOs and their organizations are seeing the value of extended detection and response (XDR) tools, which combine EDR with integrated network signals. This is likely due to the ...

A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat  anonymity protections  and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers  said . "The attacker knows this target only through a public identifier, such as an email address or a Twitter handle." The cache-based targeted  de-anonymization attack  is a  cross-site leak  that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource (e.g., image, video, or a YouTube playlist) with the target, followed by embedding the shared resource into the attack website. This can be achieved by, say, privately sharing the resource with the target using the victim's email address or the appropriate username associated wit...