The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The  Hive  ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises signed client contracts, agreement documents, as well as other sensitive information such as emails, addresses, phone numbers, passport numbers, taxpayer data, among others. The Mumbai-based firm, which is India's largest integrated power company, is part of the Tata Group conglomerate. Tata Power had previously  disclosed  in a filing with the National Stock Exchange (NSE) of India that an intrusion on the company's IT infrastructure impacted "some of its IT systems." According to  further details  shared by security researcher Rakesh Krishnan, the leak cont...

Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed  LogCrusher  and  OverLog  by Varonis, take aim at the EventLog Remoting Protocol ( MS-EVEN ), which enables remote access to event logs. While the former allows "any domain user to remotely crash the Event Log application of any Windows machine," OverLog causes a DoS by "filling the hard drive space of any Windows machine on the domain," Dolev Taler  said  in a report shared with The Hacker News. OverLog has been assigned the CVE identifier CVE-2022-37981 (CVSS score: 4.3) and was addressed by Microsoft as part of its  October Patch Tuesday  updates. LogCrusher, however, remains unresolved. "The performance can be interrupted and/or reduced, but the attacker cannot fully deny service," the tech giant said in an advisory for the flaw released earli...

Introduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials.  However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but rather attacks aimed at using them to harm hundreds or even thousands of victims simultaneously. If you've heard of a cyber attack between 2020 and today, it's likely that the software supply chain played a role.  When we talk about an attack on the software supply chain, we are actually referring to two successive attacks: one that targets a supplier, and one that targets one or more downstream users in the chain, using the first as a vehicle. In this article, we will dive into the mechanisms and risks of the software supply chain by looking at a typical vulnerability of the modern development cycle: the presence of personal identifying information, or "...

Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at gathering payment data rely on  JavaScript sniffers  (aka web skimmers) stealthily inserted on e-commerce websites, PoS malware continues to be an ongoing, if less popular, threat. Just last month, Kaspersky detailed new tactics adopted by a Brazilian threat actor known as  Prilex  to steal money by means of fraudulent transactions. "Almost all PoS malware strains have a similar card dump extraction functionality, but different methods for maintaining persistence on infected devices, data exfiltration and processing," researchers Nikolay Shelekhov and Said Khamchiev ...

Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827 , has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of out-of-bounds write flaws, which typically occur when a program attempts to write data to a memory location that's outside of the bounds of what it is allowed to access, can result in corruption of data, a crash, or execution of unauthorized code. The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability. As is usually the case with actively exploited zero-day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it's "aware of a report that this i...

Virtual Chief Information Security Officer (vCISO) services (also known as 'Fractional CISO' or 'CISO-as-a-Service') are growing in popularity, especially as growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. But vCISO services are labor intensive, require highly skilled experts, and are difficult to scale. So, how exactly do successful vCISO providers overcome these obstacles? When you want advice on how to overcome challenges, scale and expand, who better to go to than the people who have been there, seen it, and done it with success? In a new eBook, titled ' Top virtual CISOs share: 7 tips on how vCISO service providers can maximize services, increase revenues, and improve margins " ( Download here ), vCISO platform provider Cynomi interviewed some of America's top vCISO service providers (MS...

SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called  WarHawk . "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as  KernelCallBackTable injection  and Pakistan Standard Time zone check in order to ensure a victorious campaign," Zscaler ThreatLabz  said . The threat group, also called APT-C-17, Rattlesnake, and Razor Tiger, is  suspected  to be an Indian state-sponsored actor, although a report from Kaspersky earlier this May acknowledged previous indicators that led to the attribution have since disappeared, making it challenging it to link the threat cluster to a specific nation. More than 1,000 attacks are said to have been  launched by the group  since April 2020, an indication of SideWin...