The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the  August hack  that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in. "In the June incident, a Twilio employee was socially engineered through voice phishing (or 'vishing') to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers," Twilio  said . It further said the access gained following the successful attack was identified and thwarted within 12 hours, and that it had alerted impacted customers on July 2, 2022. The San Francisco-based firm did not reveal the exact number of customers impacted by the June incident, and why the disclosure was made ...

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability can be exploited by an unauthenticated remote attacker to get remote phar files deserialized, leading to arbitrary file write, which leads to a remote code execution (RCE)," Yibelo  said  in a report shared with The Hacker News. Also identified are five other issues, which are listed as follow - CVE-2022-22242  (CVSS score: 6.1) - A pre-authenticated reflected  XSS  on the error page ("error.php"), allowing a remote adversary to siphon Junos OS admin session and chained with other flaws that require authentication. CVE-2022-22243  (CVSS score: 4.3) &...

Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like  SharkBot  and  Vultur , which are capable of stealing financial data and performing on-device fraud. "These droppers continue the unstopping evolution of malicious apps sneaking to the official store," Dutch mobile security firm ThreatFabric told The Hacker News in a statement. "This evolution includes following newly introduced policies and masquerading as file managers and overcoming limitations by side-loading the malicious payload through the web browser." Targets of these  droppers  include 231 banking and cryptocurrency wallet apps from financial institutions in Italy, the U.K., Germany, Spain, Poland, Austria, the U.S., Australia, France, and the Netherlands. Dropper apps on official app stores like Google Play have  increasingly   become  a popular and efficient technique to d...

Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with  serious  side effects.  Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an asset or upgrade in almost every way. With one glaring exception: cybersecurity.  The cloud promised to make companies more secure and security more straightforward. Yet over the same time period that the cloud took over computing, cyber attacks grew steadily worse while security teams felt increasingly overwhelmed.  Why?  We will explain shortly. For lean security teams, the more important question is how to make cloud security work, especially as the cloud footprint grows (a lot) faster than security resources. Will the cloud always cast a shadow on cybersecurity? Not with the strategy outlined in a free eboo...

A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan . This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software,  said  in a report shared with The Hacker News. The dropper "is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services ( IIS ) logs," the researchers said. The toolset has been attributed by the cybersecurity company to a suspected espionage actor called UNC3524, aka Cranefly, which  first came to light  in May 2022 for its focus on bulk email collection from victims who deal with mergers and acquisitions and other financial transactions. One of the group's key malware strains is QUIETEXIT, a backdoor deployed on network appliances that do not support antivirus or endpoint detection, ...

The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security measures to safeguard assets. A well-implemented defense in depth can help organizations prevent and mitigate ongoing attacks.  Defense in depth uses various cutting-edge security tools to safeguard a business's endpoints, data, applications, and networks. The objective is to prevent cyber threats, but a robust defense-in-depth approach also thwarts ongoing attacks and prevents further damage. How organizations can implement defense in depth The image above shows the various layers of security that organizations must implement. Below we describe ideas that companies should consider for each layer. Governance and risk mana...

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability , tracked as  CVE-2022-3723 , has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild," the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks. CVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after  CVE-2022-1096  and  CVE-2022-1364 . The latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 - CVE-2022-0609  - Use-after-free in Animation CVE-2022-1096  - Type confusion in V8 CVE-2022-1364  - Type confusion in V8 CVE-2022-2294  - Hea...