The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Shortly after releasing its monthly batch of security updates , Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 ( SMBv3 ) network communication protocol. It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only, but, for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw. The yet-to-be patched flaw (tracked as CVE-2020-0796 ), if exploited successfully, could allow an attacker to execute arbitrary code on the target SMB Server or SMB Client. The belated acknowledgment from Microsoft led some researchers to call the bug " SMBGhost ." "To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3...

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio — that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity. However, unlike last month , none of the vulnerabilities the tech giant patched this month are listed as being publicly known or under active attack at the time of release. It's worth highlighting that the patch addresses critical flaws that could be potentially exploited by bad actors to execute malicious code by specially crafted LNK files and word documents. Titled "LNK Remote Code Execution Vulnerability" ( CVE-2020...

Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant. However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such as the spread of harmful content and predatory behavior. Most current discussions on cybersecurity revolve around organizations needing to protect customer data or for individual users to prevent their sensitive data from being intercepted. However, given the prevalence of toxic behavior, it's about time the cybersecurity community also gives internet safety, especially for children and younger users, its due attention. Israel-based startup L1ght aims to curb the spread of bad behavior online. It uses artificial intelligence (AI) and machine learning (ML) to detect harmful content, hate speech, bullying, and other predatory behavior in social networks, communication applications, and online video games. The firm ...

Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh (TRR) that refreshes adjacent rows when a victim row is accessed more than a threshold. But it turns out 'Target Row Refresh,' promoted as a silver bullet to mitigate rowhammer attacks, is also insufficient and could let attackers execute new hammering patterns and re-enable the bit-flip attacks on the latest hardware as well. TRRespass: The Rowhammer Fuzzing Tool Tracked as CVE-2020-10255 , the newly reported vulnerability was discovered by researchers at VUSec Lab, who today also released ' TRRespass ,' an open source black box many-sided RowHammer fuzzin...

Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving international police and private tech companies across 35 countries. The operation was conducted successfully after researchers successfully broke the domain generation algorithm (DGA) implemented by the Necurs malware, which helped it remain resilient for a long time. DGA is basically a technique to unpredictably generate new domain names at regular intervals, helping malware authors to continuously switch the location of C&C servers and maintain undisrupted digital communication with the infected machines. "We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective r...

It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551 , dubbed " Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system. According to experts at Bitdefender and academic researchers from a couple of universities, the new attack is particularly devastating in multi-tenant environments such as enterprise workstations or cloud servers in the datacenter. And...

A federal judge in New York on Monday declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency's classified hacking and tools and leaking it to WikiLeaks whistleblower website. While the jury was unable to reach a verdict on eight counts of the theft and transmission of CIA's confidential documents, it did find ex-CIA Joshua Schulte guilty on two counts of contempt of court and making false statements to the FBI investigators. Schulte's lawyers last month asked the court for a mistrial in this case claiming the prosecutors withheld evidence that could exonerate his client during the four-week trial in the Manhattan federal court. Potentially, as a result of this, jurors failed to reach a unanimous agreement on the most severe charges against Schulte after deliberating since last week. Schulte, who designed hacking tools and malware for both the CIA and NSA to break into adversaries computers,...

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research. Known as " Take A Way ," the new potential attack vectors leverage the L1 data (L1D) cache way predictor in AMD's Bulldozer microarchitecture to leak sensitive data from the processors and compromise the security by recovering the secret key used during encryption. The research was published by a group of academics from the Graz University of Technology and Research Institute of Computer Science and Random Systems (IRISA), who responsibly disclosed the vulnerabilities to AMD back in August 2019. "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," AMD said in an advisory posted on its website over the weekend...