The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature," Sara Su, product management director of Messenger Trust,  said . The incremental development comes a year after it  turned on E2EE  for audio and video calls on the messaging service as well as for one-on-one chats in Instagram, and enabled  encrypted chat backups  for WhatsApp on Android and iOS. E2EE is a secure communication mechanism that scrambles data in transit and prevents third-parties from unauthorizedly accessing information sent from one endpoint to another, including Meta. "This is because with end-to-end encryption, your messages are secured with ...

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier  CVE-2022-20866  (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. Successful exploitation of the flaw could allow an attacker to retrieve the RSA private key by means of a  Lenstra side-channel attack  against the targeted device. "If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic," Cisco warned in an advisory issued on August 10. Cisco noted that the flaw impacts only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later. Affected products are listed below -...

Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies — things like packet switching and TCP/IP — gave much consideration to the need to secure the data passing through it. But by 1989, hackers like Robert Morris had already spotted the security weaknesses of the fledgling global network and started to exploit them. And that was just the beginning. Today, network administrators and individual internet users spend significant amounts of time and money trying to keep their data safe from prying eyes. The de-facto tool most people use for that purpose is a VPN. It's a software encryption solution that prevents anyone from accessing data traversing the public internet other than its intended recipient. And VPNs make up a data privacy mark...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  two flaws to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925  (CVSS score: 7.2) - Remote code execution (RCE) through mboximport from authenticated user (fixed in  versions  8.8.15 Patch 31 and 9.0.0 Patch 24 released in March) CVE-2022-37042  - Authentication bypass in MailboxImportServlet (fixed in  versions  8.8.15 Patch 33 and 9.0.0 Patch 26 released in August) "If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible," Zimbra  warned  earlier this week. CISA has not shared any information on the attac...

A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel  said  in a Wednesday report. These targeted campaigns "substantially increased" attacks against entities in finance, technology, legal, and insurance sectors, the company added. The actors in question include Silent Ransom, Quantum, and Roy/Zeon, all of which split from Conti after the ransomware-as-a-service (RaaS) cartel  orchestrated its shutdown  in May 2022 following its public support for Russia in the ongoing Russo-Ukrainian conflict. The advanced social engineering tactic, also called  BazaCall  (aka BazarCall), came under the spotlight in 2020/2021 when it was put to use by operator...

Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos  said  in a detailed write-up. "The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account." The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang  published a list of files  from the breach to their data leak site on August 10. The exfiltrated information, according to Talos, included the contents of a Box cloud storage folder that was associated with the compromised employee's account and is not believed to have included any valuabl...

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems. The  new findings  come from Palo Alto Networks' Unit 42 threat intelligence team, which is tracking the double extortion ransomware group under the  constellation-themed moniker   Tropical Scorpius . Cuba ransomware (aka  COLDDRAW ), which was first detected in December 2019, reemerged on the threat landscape in November 2021 and has been attributed to attacks against 60 entities in five critical infrastructure sectors, amassing at least $43.9 million in ransom payments. Of the 60 victims listed on its data leak site, 40 are located in the U.S., indicating a not as global distribution of targeted organizations as other ransomware gangs. "Cuba ransomware is distributed through Hancitor malware, a loader known for dropping or executing stealers,...