The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering ( click here to learn more ) based on more than 72 hours of data collection, enabling organizations to benchmark their security posture against their vertical industry peers and take actions accordingly. Cynet Free Threat Assessment (available for organizations with 250 endpoints and above, from North America and Europe) spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment. 1.) Indication of live attacks — active malware, connection to C&C, data exfiltration, access to phishing links, user credential theft attempts, and others: 2.) Host and app attack surfaces — unpatched vulnera...

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is ' ThemeGrill Demo Importer ' that comes with free as well as premium themes sold by the software development company ThemeGrill. ThemeGrill Demo Importer plugin has been designed to allow WordPress site admins to import demo content, widgets, and settings from ThemeGrill, making it easier for them to quickly customize the theme. According to a report WebARX security company shared with The Hacker News, when a ThemeGrill theme is installed and activated, the affected plugin executes some functions with administrative privileges without checking whether the user running the code is authenticated and is an admin. The flaw could eventually allow unauthenticated remote attackers to wipe the e...

Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements. First, OpenSSH 8.2 added support for FIDO/U2F hardware authenticators , and the second, it has deprecated SSH-RSA public key signature algorithm and planned to disable it by default in the future versions of the software. FIDO (Fast Identity Online) protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along ...

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named ' SweynTooth ,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple system-on-a-chip (SoC) have implemented Bluetooth Low Energy (BLE) wireless communication technology—powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi. According to the researchers, hackers in close physical proximity to vulnerable devices can abuse this vulnerability to remotely trigger deadlocks, crashes, and even bypass security in BLE products, allowing them to arbitrary read or write access to device's functions that are otherwise only allowed to be accessed by an authorized user. "As of today, SweynTooth vulnerabilities a...

The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. Accusing Huawei and its affiliates of "using fraud and deception to misappropriate sophisticated technology from US counterparts," the new charges allege the company of offering bonuses to employees who obtained "confidential information" from its competitors. The indictment adds to a list of two other charges filed by the US government last year, including violating US sanctions on Iran and stealing technology from T-Mobile — called Tappy — that's used to test smartphone durability. The development is the latest salvo fired by the Trump administration in its year-long fight against the networking equipment maker, which it deems a threat to national security. "The misappropriated ...

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017. The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations. Upon sharing the discovery privately with Google, the company went on to identify 430 more problematic browser extensions, all of which have since been deactivated. "The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms," sa...

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the management of the actual response process, the CISO must also be able to efficiently communicate the ongoing activities and status to the executive level. While the IR process is mostly technical, reporting to the organization's management should take place on a much higher level in order for the non-security -savvy executives to understand. To assist CISOs with these tasks, Cynet created the IR Management and Reporting PowerPoint template ( download here ), which apart from providing an actionable response framework, is also clear and intuitive for the executive level. Let's drill down on the two aspects of the template: IR Management The template was built on the SANS\...

Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense , the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them. The cybersecurity firm said the Wi-Fi spreader has a timestamp of April 16, 2018, indicating the spreading behavior has been running "unnoticed" for close to two years until it was detected for the first time last month. The development marks an escalation of Emotet's capabilities, as networks in close physical proximity to the original victim are now susceptible to infection. How Does Emotet's Wi-Fi Spreader Module Work? The updated version of the malware works by leveraging an already compromised host to list all ...