The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in  Tianfu Cup 2020 , the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have been pwned on this year's contest," the event organizers  said . "11 out of 16 targets cracked with 23 successful demos." The hacking competition showed off hacking attempts against a  number of platforms , including: Adobe PDF Reader Apple iPhone 11 Pro running iOS 14 and Safari browser ASUS RT-AX86U router CentOS 8 Docker Community Edition Google Chrome Microsoft Windows 10 v2004 Mozilla Firefox Samsung Galaxy S20 running Android 10 TP-Link TL-WDR7660 router VMware ESXi hypervisor The Tianfu Cup, analogous to Pwn2Own, was started in 2018 following a  government regulation  in the country that barred security researchers from participating in internati...

Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. The zero-days were discovered and reported to Apple by Google's Project Zero security team. "Apple is aware of reports that an exploit for this issue exists in the wild," the iPhone maker said of the three zero-days without giving any additional details so as to allow a vast majority of users to install the updates. The list of impacted devices includes iPhone 5s and later, iPod touch 6th and 7th generation, iPad Air, iPad mini 2 and later, and Apple Watch Series 1 and later. The fixes are available in versions iOS 12.4.9 and 14.2, iPadOS 14.2, watchOS 5.3.9, 6.2.9, and 7.1, an...

A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought. The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma  to stealthily monitor its victims for continued exploitation. Tracked under the codename of " Operation North Star " by McAfee researchers, initial findings into the campaign in July revealed the use of social media sites, spear-phishing, and weaponized documents with fake job offers to trick employees working in the defense sector to gain a foothold on their organizations' networks. The attacks have been attributed to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associate...

Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries over the past 12 months. According to findings published by Check Point Research, the threat actors — believed to be located in the Palestinian Gaza Strip — have targeted Sangoma PBX, an open-sourced user interface that's used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol (SIP) servers. "Hacking SIP servers and gaining control allows hackers to abuse them in several ways," the cybersecurity firm noted in its analysis. "One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Making calls is a legitimate feature, therefore it's hard to detect when a server has been exploited." By selling phone numbers, call plans, and...

A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable - intellectual property, bank account credentials, company plans, whatever. The attacker makes his way to a certain host on a network node to browse the directories, and suddenly, his connection is cut off. The stolen username and password he acquired no longer works.  Unknowingly, the attacker triggered a well-concealed trap that detected his presence, took immediate action to sever his connection, and then blocked his reconnect ability. Very cool. The concept of Deception technology is pretty cool. And it can be an extremely valuable security layer that comes into play when other security layers are successfully bypassed. The problem, however, is that only very large enterprises have been able to leverage Deception technology due to its cost and complexity to implement and maintain. Unfortunately, small to medium-sized enterprises, the so-called SMEs, just don't hav...

The Secure Access Service Edge (or SASE)  has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform. The capabilities that SASE delivers aren't new and include  SD-WAN , threat prevention, remote access, and others that were available from multiple vendors over the years.  So, what is, in fact, new about SASE? This is the main topic for our discussion with Yishay Yovel, Chief Marketing Office at  Cato Networks , one of the first companies that entered the SASE market. THN: Cato had been a big proponent of SASE. Why is SASE important to end customers? Yishay:  SASE is a wake-up call for our industry and IT organizations. IT infrastructure got fragmented with many point solutions that, in turn, created complexity, rigidity, high cost, and increased risk. These are systemic issues. Each point pr...

A week after the US government issued an advisory about a "global intelligence gathering mission" operated by North Korean  state-sponsored hackers , new findings have emerged about the threat group's spyware capabilities. The APT — dubbed " Kimsuky " (aka Black Banshee or Thallium) and believed to be active as early as 2012 — has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework. "The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe," Cybereason researchers said in an  analysis  yesterday. Last week, the FBI and department...

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company  released  86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users. The zero-day flaw, tracked as  CVE-2020-16009 , was reported by Clement Lecigne of Google's Threat Analysis Group (TAG) and Samuel Groß of Google Project Zero on October 29. The company also warned that it "is aware of reports that an exploit for CVE-2020-16009 exists in the wild." Google hasn't made any details about the bug or the exploit used by threat actors public so as to allow a majority of users to install the updates and prevent other adversaries from developing their own exploits leveraging the flaw. But Ben Hawkes, Google Project Zero's technical lead,  said  CVE-2020-16009 concerned an "inappropriate implementation" of its ...