The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades as a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site. "Complete with a professional looking opening comment implying it is a caching plugin, this rogue code contains numerous functions, adds filters to prevent itself from being included in the list of activated plugins, and has pinging functionality that allows a malicious actor to check if the script is still operational, as well as file modification capabilities," Wordfence  said . The plugin also offers the ability to activate and deactivate arbitrary plugins on the site remotely as well as create rogue admin accounts with the username superadmin and a hard-coded password. In what's seen as an attempt to erase traces of compromise, it features a function named "_pln_cmd_hide" that's designed to remove the superadmin account when it's no longer req...

High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware. Cybersecurity company Check Point is tracking the activity under the name  Stayin' Alive . Targets include organizations located in Vietnam, Uzbekistan, Pakistan, and Kazakhstan. "The simplistic nature of the tools [...] and their wide variation suggests they are disposable, mostly utilized to download and run additional payloads," it  said  in a report published Wednesday. "These tools share no clear code overlaps with products created by any known actors and do not have much in common with each other." What's notable about the campaign is that the infrastructure  shares overlaps  with that used by  ToddyCat , a China-linked threat actor known for orchestrating cyber assaults against government and military agencies in Europe and Asia since at least...

Image Source: JFrog Security Research Patches have been released for  two security flaws  impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows - CVE-2023-38545  (CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546  (CVSS score: 5.0) - Cookie injection with none file CVE-2023-38545 is the more severe of the two, and has been  described  by the project's lead developer, Daniel Stenberg, as "probably the worst Curl security flaw in a long time." It affects libcurl versions 7.69.0 to and including 8.3.0. "This flaw makes Curl overflow a heap-based buffer in the  SOCKS5  proxy handshake," the maintainers said in an advisory. "When Curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by Curl itself, the maximum length that hostname can be is 255 ...

More than 17,000 WordPress websites have been compromised in the month of September 2023 with a malware known as  Balada Injector , nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagDiv Composer plugin ( CVE-2023-3169 , CVSS score: 6.1) that could be  exploited  by unauthenticated users to perform stored cross-site scripting ( XSS ) attacks. "This is not the first time that the Balada Injector gang has targeted vulnerabilities in tagDiv's premium themes," Sucuri security researcher Denis Sinegubko  said . "One of the earliest massive malware injections that we could attribute to this campaign took place during the summer of 2017, where disclosed security bugs in Newspaper and Newsmag WordPress themes were actively abused." Balada Injector is a large-scale operation  first discovered  by Doctor Web in December 2022, wherein the threat act...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday  added  a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as  CVE-2023-21608  (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the privileges of the current user. A patch for the flaw was released by Adobe in January 2023. HackSys security researchers Ashfaq Ansari and Krishnakant Patil were  credited  with discovering and reporting the flaw. The  following versions  of the software are impacted - Acrobat DC - 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions (fixed in 22.003.20310) Acrobat Reader DC - 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions (fixed in 22.003.20310) Acrobat 2020 - 20.005.30418 and earlier versions (fixed in 20.005.30436) Acro...

Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to easy-to-remember passwords, or use the same password for every account and application.  Password reuse is both common and risky.  65% of users  admit to reusing their credentials across multiple sites. Another analysis of identity exposures among employees of Fortune 1000 companies found a  64% password reuse rate  for exposed credentials. Pair these findings with the fact that a vast majority  (80%) of all data breaches  are sourced from lost or stolen passwords, and we have a serious problem. In short, a breached password from one system can be used to compromise another. So, what does this all mean for your o...

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of  103 flaws  in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from  18 security vulnerabilities  addressed in its Chromium-based Edge browser since the second Tuesday of September. The two vulnerabilities that have been weaponized as zero-days are as follows - CVE-2023-36563  (CVSS score: 6.5) - An information disclosure vulnerability in Microsoft WordPad that could result in the leak of NTLM hashes CVE-2023-41763  (CVSS score: 5.3) - A privilege escalation vulnerability in Skype for Business that could lead to exposure of sensitive information such as IP addresses or port numbers (or both), enabling threat actors to gain access to internal networks "To exploit this vulnerability, an attacker would first have to log on to the system. An atta...