The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in a coordinated advisory. Infusion pumps are internet-enabled devices used by hospitals to deliver medication and nutrition directly into a patient's circulatory system. The four vulnerabilities in question, discovered by  cybersecurity firm Rapid7  and reported to Baxter in April 2022, affect the following Sigma Spectrum Infusion systems - Sigma Spectrum v6.x model 35700BAX Sigma Spectrum v8.x model 35700BAX2 Baxter Spectrum IQ (v9.x) model 35700BAX3 Sigma Spectrum LVP v6.x Wireless Battery Modules v16, v16D38, v17, v17D19, v20D29 to v20D32, and v22D24 to v22D28 Si...

A malicious campaign mounted by the North Korea-linked Lazarus Group  targeted energy providers around the world, including those based in the United States, Canada, and Japan, between February and July 2022. "The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary's nation-state," Cisco Talos  said  in a report shared with The Hacker News. Some elements of the espionage attacks have already entered public domain, courtesy of prior reports from Broadcom-owned  Symantec  and  AhnLab  earlier this April and May. Symantec attributed the operation to a group referred to as Stonefly, a Lazarus subgroup which is better known as Andariel, Guardian of Peace, OperationTroy, and Silent Chollima. While these attacks previously led to the instrumentation of Preft (aka Dtrack) and NukeSped (aka Manuscrypt) implants, the latest attack wave is notable for...

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is modular malware that contacts a command and control (C2) server for tasking and can download additional plugins to enhance its capability beyond basic information gathering," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. Bronze President is a China-based threat actor active since at least July 2018 and is likely estimated to be a state-sponsored group that leverages a mix of proprietary and publicly available tools to compromise and collect data from its targets. It's also publicly documented under other names such as HoneyMyte, Mustang P...

A recent report revealed that ecommerce provider,  Shopify uses particularly weak password policies  on the customer-facing portion of its Website. According to the report, Shopify's requires its customers to use a password that is at least five characters in length and that does not begin or end with a space.  According to the report, Specops researchers analyzed a list of a billion passwords that were known to have been breached and found that 99.7% of those passwords adhere to Shopify's requirements. While this is not meant to suggest that Shopify customers' passwords have been breached, the fact that so many known breached passwords adhere to Shopify's minimum password requirements does underscore the dangers associated with using weak passwords. The danger of weak passwords in your Active Directory  A recent study by Hive Systems  echoes the dangers of using weak passwords. The study examines the amount of time that would be required to brute force crac...

Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed  DangerousSavanna . Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point  said  in a Tuesday report. Infection chains entail targeting employees of financial institutions with social engineering messages containing malicious attachments as a means of initial access, ultimately leading to the deployment of off-the-shelf malware such as  Metasploit ,  PoshC2 ,  DWservice , and  AsyncRAT . "The threat actors' creativity is on display in the initial infection stage, as they persistently pursue the employees of the targeted companies, constantly changing infection chains that utilize a wide range of malicious file types, from self-...

Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as  Phosphorus  is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker  DEV-0270  (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd and Lifeweb, citing infrastructure overlaps between the group and the two organizations. "DEV-0270 leverages exploits for high-severity vulnerabilities to gain access to devices and is known for the early adoption of newly disclosed vulnerabilities," Microsoft  said . "DEV-0270 also extensively uses living-off-the-land binaries (LOLBINs) throughout the attack chain for discovery and credential access. This extends to its abuse of the built-in BitLocker tool to encrypt files on compromised devices." The use of BitLocker and DiskCryptor by Iranian actor...

Cisco on Wednesday rolled out patches to address  three security flaws  affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as  CVE-2022-28199  (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service (DoS) condition and cause an impact on data integrity and confidentiality. "If an error condition is observed on the device interface, the device may either reload or fail to receive traffic, resulting in a denial-of-service (DoS) condition," Cisco  said  in a notice published on September 7. DPDK  refers to a set of libraries and optimized network interface card (NIC) drivers for fast packet processing, offering a framework and common API for high-speed networking applications. Cisco said it investigated its product lineup and determined the following se...