The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous Bear), citing tactical overlaps with prior campaigns identified as orchestrated by the threat actor. "LunarWeb, deployed on servers, uses HTTP(S) for its C&C [command-and-control] communications and mimics legitimate requests, while LunarMail, deployed on workstations, is persisted as an Outlook add-in and uses email messages for its C&C communications," security researcher Filip Jurčacko  said . An analysis of the Lunar artifacts shows that they may have been used in targeted attacks since early 2020, or even earlier. Turla, assessed to be affiliated with Russia's Fe...

Here's How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional metrics like safety and automation to address criticism of lacking granularity while presenting a revised scoring system for a more comprehensive evaluation. It further emphasizes the importance of considering environmental and threat metrics alongside the base score to assess vulnerabilities accurately. Why Does It Matter? The primary purpose of the CVSS is to evaluate the risk associated with a vulnerability. Some vulnerabilities, particularly those found in network products, present a clear and significant risk as unauthenticated attackers can easily exploit them to gain remote control over affected systems. These vulnerabilities have frequently been exploited over the years, ...

A malware botnet called  Ebury  is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain. "Ebury actors have been pursuing monetization activities [...], including the spread of spam, web traffic redirections, and credential stealing," security researcher Marc-Etienne M.Léveillé  said  in a deep dive analysis. "[The] operators are also involved in cryptocurrency heists by using AitM and credit card stealing via network traffic eavesdropping, commonly known as server-side web skimming." Ebury was first documented over a decade ago as part of a campaign codenamed  Operation Windigo  that targeted Linux servers to deploy the malware, alongside other backdoors and scripts like Cdorked and Calfbot to redirect web traffic and ...

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure – with relative ease. Transitioning from VMware vSphere to Microsoft Azure requires careful planning and execution to ensure a smooth migration process. In this guide, we'll walk through the steps involved in moving your virtualized infrastructure to the cloud giant, Microsoft Azure. Whether you're migrating your entire data center or specific workloads, these steps will help you navigate the transition effectively. 1. Assess Your Environment: Before diving into the migration process, assess your current VMware vSphere environment thoro...

A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was  redacted in the verdict , it's known that Alexey Pertsev, a 31-year-old Russian national, had been  awaiting trial  in the Netherlands on money laundering charges. Pertsev, one of the developers of Tornado Cash, was  arrested  in Amsterdam in August 2022 days after the U.S. Treasury Department  sanctioned  the service for allowing malicious actors such as the Lazarus Group to launder and cash out their proceeds. In addition to the imprisonment, the defendant is expected to forfeit cryptocurrency assets worth €1.9 million (~$2.05 million) and a Porsche car that had been previously seized. "The defendant declared that it was never his intention to break the law or to facilitate criminal activities," a su...

Microsoft has addressed a total of  61 new security flaws  in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to  30 vulnerabilities  resolved in the Chromium-based Edge browser over the past month, including two recently disclosed zero-days ( CVE-2024-4671  and  CVE-2024-4761 ) that have been tagged as exploited in attacks. The two security shortcomings that have been weaponized in the wild are below - CVE-2024-30040  (CVSS score: 8.8) - Windows MSHTML Platform Security Feature Bypass Vulnerability CVE-2024-30051  (CVSS score: 7.8) - Windows Desktop Window Manager ( DWM ) Core Library Elevation of Privilege Vulnerability "An unauthenticated attacker who successfully exploi...

Multiple security flaws have been  disclosed  in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and 13.5.2, respectively, the Broadcom-owned virtualization services provider said. A brief description of each of the flaws is below - CVE-2024-22267  (CVSS score: 9.3) - A use-after-free vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host CVE-2024-22268  (CVSS score: 7.1) - A heap buffer-overflow vulnerability in the Shader functionality that could be exploited by a malicious actor with non-administrative access to a virtua...