The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's  long tail  for remediation. Microsoft attributed the latest set of activities to the  umbrella threat group  tracked as  MuddyWater  (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is  linked  to the Iranian intelligence apparatus, the Ministry of Intelligence and Security (MOIS). The attacks are notable for using SysAid Server instances unsecured against the  Log4Shell flaw  as a vector for initial access,  marking  a  departure  from the actors' pattern of leveraging VMware applications for breaching target environments. "After gaining access, Mercury establishes persistence, dumps credentials, and moves laterally within the targeted organization using both custom and well-known hacking tools, as well as built-in operating system tool...

Atlassian has rolled out fixes for a  critical security flaw  in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as  CVE-2022-36804  (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. "An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request," Atlassian  said  in an advisory. The shortcoming, discovered and reported by security researcher  @TheGrandPew  impacts all versions of Bitbucket Server and Datacenter released after 6.10.17, inclusive of 7.0.0 and newer - Bitbucket Server and Datacenter 7.6 Bitbucket Server and Datacenter 7.17 Bitbucket Server and Datacenter 7.21 Bitbucket Server and Datacenter 8.0 Bitbucket Server and Datacenter 8.1 B...

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen. "An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," LastPass CEO Karim Toubba  said . Amidst ongoing investigation into the incident, the company said it has engaged the services of a leading cybersecurity and forensics firm and that it has implemented additional countermeasures. LastPass, however, didn't elaborate on the exact mitigation techniques that it used to strengthen its environment. It also reiterated that...

Nation-state threat actors are  increasingly adopting  and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. "Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time," Microsoft security experts  said . "Sliver thus presents an attractive alternative for actors looking for a lesser-known toolset with a low barrier for entry." Sliver, first made public in late 2019 by cybersecurity company BishopFox, is a Go-based  open source C2 platform  that supports user-developed extensions, custom implant generation, and other commandeering options. "A C2 framework usually includes a server that accepts connections from implants on a compromised system, and a client application that allows the C2 operators to interact with the implants and launch malicious commands," Microsoft said. Besides facilitating long-term access to infected hosts, the cross-pl...

The threat actor behind the attacks on  Twilio  and  Cloudflare  earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned  0ktapus  by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations." Calling the attacks well designed and executed, the Singapore-headquartered company said the adversary singled out employees of companies that are customers of identity services provider Okta. The modus operandi involved sending targets text messages containing links to phishing sites that impersonated the Okta authentication page of the respective targeted entities. "This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organizations," Group-IB  said ...

The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed  MagicWeb  by Microsoft's threat intelligence teams, the development reiterates Nobelium's commitment to developing and maintaining purpose-built capabilities. Nobelium is the tech giant's moniker for a cluster of activities that came to light with the  sophisticated attack targeting SolarWinds  in December 2020, and which overlaps with the Russian nation-state hacking group widely known as  APT29 , Cozy Bear, or The Dukes. "Nobelium remains highly active, executing multiple campaigns in parallel targeting government organizations, non-governmental organizations (NGOs), intergovernmental organizations (IGOs), and think tanks across the US, Europe, and Central Asia," Microsoft  said . MagicWeb, which shares similarities with another t...

In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are making their way through the house  allocate a staggering $15.6 billion to cybersecurity spending . As you could probably guess, the lion's share of this spending ($11.2 billion) is being allocated to the Department of Defense. It is worth noting, however, that nearly $3 billion is going to the Cyber Security and Infrastructure Security Agency (CISA). Although it may be tempting to think of these cybersecurity budget allocations as just another example of excessive government spending, it's worth considering what a $15.6 billion cash infusion will mean for the IT security industry. It's equally important to consider why the US government finds it necessary to ramp up its cybersecurity...