The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency  said . GX Works3  is an  engineering workstation  software used in ICS environments, acting as a mechanism for uploading and downloading programs from/to the controller, troubleshooting software and hardware issues, and performing maintenance operations. The wide range of functions also makes the platform an attractive target for threat actors looking to compromise such systems to commandeer the  managed PLCs . Three of the 10 shortcomings relate to cleartext storage of sensitive data, four relate to the use of a...

Old technology solutions – every organization has a few of them tucked away somewhere.  It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago.  This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went under, then there's no longer any support for the software – which means that the accounting solution only works on some older operating system that isn't supplied with updates either. How valuable is it to  keep older solutions like this running ? Well, organizations don't enjoy running old legacy systems just for the pleasure of it, but they're often forced to keep them running because it's their only option, or at least the only cost-effective option available to them. If it works, it works…? From a purely functional perspective, there is usually no problem with old te...

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed " Hell's Keychain " by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure." Successful exploitation of the bug could enable a malicious actor to remotely execute code in customers' environments and even read or modify data stored in the PostgreSQL database. "The vulnerability consists of a chain of three exposed secrets (Kubernetes service account token, private container registry password, CI/CD server credentials) coupled with overly permissive network access to internal build servers," Wiz researchers Ronen Shustin and Shir Tamari  said . Hell's Keychain commences with an SQL inject...

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy  Redigo , according to cloud security firm  Aqua . Tracked as CVE-2022-0543 (CVSS score: 10.0), the weakness pertains to a case of sandbox escape in the Lua scripting engine that could be leveraged to attain remote code execution. This is not the first time the flaw has come under active exploitation, what with Juniper Threat Labs uncovering attacks perpetrated by the  Muhstik botnet  in March 2022 to execute arbitrary commands. The Redigo infection chain is similar in that the adversaries scan for exposed Redis servers on port 6379 to establish initial access, following it up by downloading a shared library "exp_lin.so" from a remote...

The new  Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)  requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than  24 months  from the enactment of CIRCIA, which the President signed into law  in March . The sessions and NPRM are steps toward creating the new rule.  CISA is  soliciting expert opinion on what to include  in a report but is taking steps to implement the change soon. Here's what that change means for businesses in the US and what you can do about it now.  Overview of the CISA reporting rule  Owners and operators of critical infrastructure must file cyber incident reports with CISA  within 72 hours . They must report ransom payments for ransomware attacks  within 24 hours . Other businesses can take part voluntarily.  The CISA D...

Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse , PC Keyboard , and Telepad , which have been cumulatively downloaded over two million times from the Google Play Store. Telepad is no longer available through the app marketplace but can be downloaded from its website. Lazy Mouse (com.ahmedaay.lazymouse2 and com.ahmedaay.lazymousepro) PC Keyboard (com.beapps.pckeyboard) Telepad (com.pinchtools.telepad) While these apps function by connecting to a server on a desktop and transmitting to it the mouse and keyboard events, the Synopsys Cybersecurity Research Center (CyRC)  found  as many as seven flaws related to weak or missing authentication, missing authorization, and insecure communication. The issues (from CVE-2022-45477 through CVE-2022-45483), in a nutshell, could be exploited by a malicious actor to execute arbitrary command...

The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies  highlighted  a "sharp increase in both the number of compromised U.S. entities and the ransom amounts." The ransomware crew, also known as  Tropical Scorpius , has been observed targeting financial services, government facilities, healthcare, critical manufacturing, and IT sectors, while simultaneously expanding its tactics to gain initial access and interact with breached networks. It's worth noting that despite the name "Cuba," there is no evidence to suggest that the actors have any connection or affiliation with the island country. The entry point for the attacks involves the exploitation of known security flaws, phishing, ...