The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with  symlinks  when processing files and directories," Imperva researcher Ron Masas  said . "Specifically, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files." Google characterized the medium-severity issue (CVE-2022-3656) as a case of insufficient data validation in File System,  releasing   fixes  for it in versions 107 and 108 released in October and November 2022. Dubbed SymStealer, the vulnerability, at its core, relates to a type of weakness known as symbolic link (aka symlink) following, which  occurs  when an attacker abuses the feature to bypass the file system restr...

A recently published  Security Navigator  report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to correct the most significant flaws and reduce the company's attack surface the most. Company data and threat intelligence need to be correlated and automated. This is essential to enable internal teams focus their remediation efforts. Suitable technologies can take the shape of a global Vulnerability Intelligence Platform. Such a platform can help to prioritize vulnerabilities using a risk score and let companies focus on their real organizational risk.  Getting Started Three facts to have in mind before establishing an effective vulnerability management program:  1. The numbe...

Twitter on Wednesday said that its investigation found "no evidence" that users' data sold online was obtained by exploiting any security vulnerabilities in its systems. "Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems," the company  said  in a statement. "The data is likely a collection of data already publicly available online through different sources." The disclosure comes in the wake of  multiple   reports  that Twitter data belonging to millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been made available for sale on online criminal forums. The social media giant further said the breach "could not be correlated with the previously reported incident, nor with any new incident," adding no passwords were exposed. The two datasets published in...

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as  CVE-2022-44877  (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was  patched  by its maintainers on October 25, 2022. Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems. "login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter," according to  NIST . Gais Security researcher Numan Turle has been credited with discovering and reporting the flaw to the Control Web Panel developers. Exploitation of the flaw is said to have commenced on January 6, 2023, following the  avail...

A new analysis of Raspberry Robin's attack infrastructure has  revealed  that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is a malware that has  increasingly   come under the radar  for being used in attacks aimed at finance, government, insurance, and telecom entities. Given its use by multiple threat actors to drop a wide range of payloads such as SocGholish , Bumblebee ,  TrueBot ,  IcedID , and  LockBit  ransomware, it's believed to be a pay-per-install (PPI) botnet capable of serving next-stage malware. Raspberry Robin, notably, employs infected USB drives as a propagation mechanism and leverages breached QNAP network-attached storage (NAS) devices as first-level command-and-control (C2). Cybersecurity firm SEKOIA said it was able to identify at least eight vi...

A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit , also called Gootloader, is  known  to  employ  search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common keywords. Like other malware of its kind, Gootkit is capable of stealing data from the browser, performing adversary-in-the-browser (AitB) attacks, keylogging, taking screenshots, and other malicious actions. Trend Micro's  new findings  reveal that the keywords "hospital," "health," "medical," and "enterprise agreement" have been paired with various city names in Australia, marking the malware's expansion beyond accounting and law firms. The starting point of the cyber assault is to direct users searching for the same keywords to an infe...

Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle ! This unparalleled offer grants you lifetime access to nine comprehensive courses in information security, hacking, and cybersecurity at a remarkable price of just $49.99. Yes, you heard me right. Instead of paying the full price of $1,791.00, you can now get access to all of these exceptional courses for a fraction of the original price. These courses cover everything from fundamental cybersecurity concepts to advanced hacking and vulnerability assessment methods, and are taught by industry experts with years of experience. But why should you invest in this package? First, with the increasing reliance on technology and the Internet, information security has become an important issue for individuals and businesses. The bundle provides in-depth knowledge and skills to protect against cyber threats. As a result, you will ...