The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company  said , adding it's expected to complete the rollout by the end of January 2023.  Secret scanning is  designed  to examine repositories for access tokens, private keys, credentials, API keys, and other secrets in  over 200 formats  that may have been accidentally committed, and generate alerts to prevent their misuse. The security option was previously limited to repositories owned by organizations that use GitHub Enterprise Cloud and have a GitHub Advanced Security license. For customers of GitHub Advanced Security, the  protections  go a step further by performing the scans for exposed secrets, including custom patterns,  during code pushes . The Microsoft subsidiary also said it's  planning  t...

The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce,  announced  Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1 , short for Secure Hash Algorithm 1, is a 27-year-old  hash function  used in cryptography and has since been  deemed   broken  owing to the risk of  collision attacks . While hashes are designed to be irreversible – meaning it should be impossible to reconstruct the original message from the fixed-length enciphered text – the lack of collision resistance in SHA-1 made it possible to generate the same hash value for two different inputs. In February 2017, a group of researchers from CWI Amsterdam and Google  disclosed  the first practical technique for producing collisions on SHA-1, effectively undermining the security of the algorithm. "For example, by crafting the two colliding PDF files as two rental agreements with different rent, i...

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called  MCCrash , the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. "The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices," the company  said  in a report. "Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet." This also means that the malware could persist on IoT devices even after removing it from the infected source PC. The tech giant's cybersecurity division is tracking the activity cluster under its emerging moniker DEV-1028. A majority of the infections have been reported in Russia, and ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities ( KEV ) Catalog, citing evidence of active exploitation in the wild. The now-patched critical flaws, tracked as  CVE-2022-26500 and CVE-2022-26501 , are both rated 9.8 on the CVSS scoring system, and could be leveraged to gain control of a target system. "The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions," Veeam  noted  in an advisory published in March 2022. "A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code." Both the issues that impact product versions 9.5, 10, and 11 have been addressed in versions 10a and 11a. Users of Veeam Backup & Replication 9.5 are advised to upgrade to a supported version. Nikita Petrov, a security researcher at Russ...

A Chinese-speaking advanced persistent threat (APT) actor codenamed  MirrorFace  has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed  Operation LiberalFace  by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential stealer named MirrorStealer. The Slovak cybersecurity company said the campaign was launched a little over a week prior to the  Japanese House of Councillors election  that took place on July 10, 2022. "LODEINFO was used to deliver additional malware, exfiltrate the victim's credentials, and steal the victim's documents and emails," ESET researcher Dominik Breitenbacher  said  in a technical report published Wednesday. MirrorFace is said to share overlaps with another threat actor tracked as  APT10  (aka Bronze Riverside, Cicada, Earth Tengshe, S...

Microsoft has revised the severity of a security vulnerability it originally  patched in September 2022 , upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as  CVE-2022-37958  (CVSS score: 8.1), the flaw was previously described as an  information disclosure vulnerability  in SPNEGO Extended Negotiation ( NEGOEX ) Security Mechanism. SPNEGO, short for Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO), is a scheme that allows a client and remote server to arrive at a consensus on the choice of the protocol to be used (e.g., Kerberos or NTLM) for authentication. But a  further analysis  of the flaw by IBM Security X-Force researcher Valentina Palmiotti found that it could allow remote execution of arbitrary code, prompting Microsoft to reclassify its severity. "This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols," I...

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity  MoneyMonger , pointing out the use of the  cross-platform Flutter framework  to develop the apps. MoneyMonger "takes advantage of Flutter's framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis," Zimperium researchers Fernando Sanchez, Alex Calleja , Matteo Favaro, and Gianluca Braga  said  in a report shared with The Hacker news. "Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products." The campaign, believed to be active since May 2022, is part of a broader effort previously  disclosed  by Indian cybersecurity firm K7 Security Labs. None of...