The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have published the inner workings of a new wiper called  Azov Ransomware  that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as  SmokeLoader , the malware has been  described  as an "effective, fast, and unfortunately unrecoverable data wiper," by Israeli cybersecurity company Check Point. Its origins have yet to be determined. The wiper routine is set to overwrite a file's contents in alternating 666-byte chunks with random noise, a technique referred to as  intermittent encryption  that's being increasingly leveraged by ransomware operators to evade detection and encrypt victims' files faster. "One thing that sets Azov apart from your garden-variety ransomware is its modification of certain 64-bit executables to execute its own code," threat researcher Jiří Vinopal said. "The modification of executables is...

An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular  requests library : dequests, fequests, gequests, rdquests, reauests, reduests, reeuests, reqhests, reqkests, requesfs, requesta, requeste, requestw, requfsts, resuests, rewuests, rfquests, rrquests, rwquests, telnservrr, and tequests. According to  Phylum , the rogue packages embed source code that retrieves a Golang-based ransomware binary from a remote server depending on the victim's operating system and microarchitecture. Successful execution causes the victim's desktop background to be changed to an actor-controlled image that claims to the U.S. Central Intelligence Agency (CIA). It's also designed to encrypt files and demand a $100 ransom in cryptocurr...

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as  CVE-2022-42475  (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company  said  it's "aware of an instance where this vulnerability was exploited in the wild," urging customers to move quickly to apply the updates. The following products are impacted by the issue - FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14 Patches are available in FortiOS versions 7.2.3, 7.0.9, 6.4.11, ...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers. "This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on a system, including system files, and make a computer completely unbootable," SafeBreach Labs researcher Or Yair  said . "It does all that without implementing code that touches the target files, making it fully undetectable." EDR software, by design, are capable of continually scanning a machine for potentially suspicious and malicious files, and taking appropriate action, such as deleting or quarantining them. The idea, in a nutshell, is to trick vulnerable security products into deleting legitimate files and directories on the system and render the machine inoperable by making use of specially crafted paths. This is achieved by taking advantage of what's ca...

With 2022 coming to a close, there is no better time to buckle down and prepare to face the security challenges in the year to come. This past year has seen its  fair share of breaches , attacks, and leaks, forcing organizations to scramble to protect their SaaS stacks. March alone saw three different breaches from Microsoft, Hubspot, and Okta.  With SaaS sprawl ever growing and becoming more complex, organizations can look to four areas within their SaaS environment to harden and secure.  Learn how you can automate your SaaS stack security Misconfigurations Abound Enterprises can have  over 40 million  knobs, check boxes, and toggles in their employees' SaaS apps. The security team is responsible to secure each of these settings, user roles and permissions to ensure they comply with industry and company policy.  Not only because of their obvious risk or misalignment with security policies, misconfigurations are overwhelmingly challenging to secure ma...

Google has officially begun rolling out support for  passkeys , the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf  said . "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The improved security feature, which is available in version 108, comes nearly two months after Google  began testing the option  across Android, macOS, and Windows 11. Passkeys  obviate the need for passwords by requiring users to authenticate themselves during sign in by unlocking their nearby Android or iOS device using biometrics. This, however, calls for websites to build passkey support on their sites using the  WebAuthn API . Essentially, the technology works by creating a unique cryptographic key pair to associate with an account for the app or website ...

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed  CHAOS . The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner. "The malware achieves its persistence by altering  /etc/crontab file , a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin," researchers David Fiser and Alfredo Oliveira  said . This step is succeeded by downloading next-stage payloads that consist of the XMRig miner and the Go-based CHAOS RAT. The cybersecurity firm said that the main downloader script and further payloads are hosted in multiple locations to make sure that the campaign remains active and new infections continue to happen. The CHAOS RAT, once downloaded and launched, transmi...