The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns," researchers Ariel Szarf, Doron Karmi, and Lionel Saposnik said in a report shared with The Hacker News. This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins. Amazon RDS is a  web service  that makes it possible to set up relational databases in the Amazon Web Services (AWS) cloud. It offers support for different database engines such as MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server. The root cause of the leaks stems from a feature called public  RDS snapshots , which allows for creating a backup of the entir...

According to a  recent survey , 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That's a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look the same in a post-2020 world.  The increase in the number of sophisticated attacks, the heavy reliance on the cloud, limited resources and budgets (exacerbated by economic uncertainty), and a growing skills gap are all major contributors to why having an MDR service to support security operations is becoming a necessity.  Beyond that, there are a number of reasons for why incorporating an MDR service into your security strategy can provide exceptional value that even the people who are tightening your budget at your organization can't deny.  Here are just seven reason...

Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service (DDoS) attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that appeared in February and then mysteriously disappeared in the middle of April," Fortinet FortiGuard Labs researchers Joie Salvio and Roy Tay  said  in a Tuesday report. RapperBot, which was first  documented  by the network security firm in August 2022, is known to exclusively brute-force SSH servers configured to accept  password authentication . The nascent malware is heavily inspired by the  Mirai botnet , whose source code leaked in October 2016, leading to the rise of several variants. What's notable about the updated version of RapperBot is its ability to perform Telnet brute-force, in addition to supporting DoS attacks using the Generic Routing Encap...

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company  said . To that end, developers will need to complete an enrollment process in order to utilize the ads-related APIs, including  Topics ,  FLEDGE , and  Attribution Reporting . Topics, which  replaced  Federated Learning of Cohorts (FLoC) earlier this year, aims to categorize user interests under different "topics" based on their device web browsing history. These inferred interests are then shared with marketers to serve targeted ads. FLEDGE and Attribution reporting, on the other hand, enable custom audience targeting and help measure  ad conversions  without relying on cross-party user identifiers, respectively. Organizations ca...

Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library ( CVE-2022-36067  aka Sandbreak), that came to light last month. "An unauthenticated threat actor can execute arbitrary system commands on a Backstage application by exploiting a vm2 sandbox escape in the Scaffolder core plugin," application security firm Oxeye said in a report shared with The Hacker News. Backstage  is an open source  developer portal  from Spotify that allows users to create, manage, and explore software components from a unified " front door ." It's used by  many companies  like Netflix, DoorDash, Roku, and Expedia, among others. According to Oxeye, the flaw is rooted in a tool called  software...

Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet ( TTE ) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed  PCspooF  by a group of academics and researchers from the University of Michigan , the University of Pennsylvania, and the NASA Johnson Space Center, the  technique  is designed to break TTE's security guarantees and induce TTE devices to lose synchronization for up to a second, a behavior that can even lead to uncontrolled maneuvers in spaceflight missions and threaten crew safety. TTE is one among the networking technologies that's part of what's called a mixed-criticality network wherein traffic with different timing and faults tolerance requirements coexist in the same physical network. This means that both critical devices, which, say, enable vehicle control, and non-critical devices, w...

Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk accounts with Explore enabled," Varonis  said  in a report shared with The Hacker News. The cybersecurity firm said there was no evidence to suggest that the issues were actively exploited in real-world attacks. No action is required on the part of the customers. Zendesk Explore is a  reporting and analytics solution  that allows organizations to "view and analyze key information about your customers, and your support resources." According to the security software company, exploitation of the shortcoming first requires an attacker to register for the  ticketing servi...