The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The  vulnerability  is tracked as  CVE-2023-22501  (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances," Atlassian  said . "With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into." The tokens, Atlassian noted, can be obtained in either of the two scenarios - If the attacker is included on Ji...

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol ( SOAP ) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code," the company  said  in an advisory. "In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary." Tracked as CVE-2023-22374 (CVSS score: 7.5/8.5), security researcher Ron Bowes of Rapid7 has been credited with discovering and reporting the flaw on December 6, 2022. Given that the iCOntrol SOAP interface runs as root, a successful exploit could permit a threat actor to remotely trigger co...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2  added  two security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is  CVE-2022-21587  (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product. "Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator," CISA  said . The issue was addressed by Oracle as part of its Critical Patch Update released in October 2022. Not much is known about the nature of the attacks exploiting the vulnerability, but the development follows the publication of a proof-of-concept (PoC) by cybersecurity firm Viettel on January 16, 2023. The second security flaw to be added to the KEV catalog is  CVE-2023-2...

The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as  Gamaredon  for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a  track record  of  striking   Ukrainian entities  dating as far back as 2013. "UAC-0010 group's ongoing activity is characterized by a multi-step download approach and executing payloads of the spyware used to maintain control over infected hosts," the SCPC  said . "For now, the UAC-0010 group uses  GammaLoad and GammaSteel  spyware in their campaigns." GammaLoad is a VBScript dropper malware engineered to download next-stage VBScript from a remote server. GammaSteel is a PowerShell script that's capable of conducting reconnaissance and executing additional com...

Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only become more common and more severe. While threat actors are becoming increasingly sophisticated and organized, this is just one piece to the puzzle in determining why cybercrime continues to rise and what organizations can do to stay secure. 🔓  Unlock the future of cybersecurity: Get ahead of the game with 2023 Cyber Security Trends Forecast ! Discover the major trends of 2022 and learn how to protect your business from emerging threats in the coming year.  ⚡  Get your insider's guide to cybersecurity now! An abundance of cyber spending, a shortage of cyber security It's easy t...

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple in reference to an error message that's used in one of the backdoors. Targets of the malicious operation included a healthcare research organization in India, the chemical engineering department of a leading research university, as well as a manufacturer of technology used in the energy, research, defense, and healthcare sectors, suggesting an attempt to breach the supply chain. Roughly 100GB of data is estimated to have been exported by the hacking crew following the compromise of an unnamed customer, with the digital break-in likely taking place in the third quarter of 2022. "The threat actor gained access to the network by exploiting a vulnerable Zimbra...

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani  said  in a Wednesday report. A significant concentration of infections has been recorded in China, Malaysia, India, Germany, the U.K., and the U.S. to date. The origins of the threat actor are presently unknown. The findings come two months after the cloud security firm shed light on a Go-based malware codenamed  Redigo  that has been found compromising Redis servers. The attack is designed to target Redis servers that are exposed to the internet, followed by issuing a  SLAVEOF command  from another Redis server that's already under the adversary's control. In...