The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its  October 2020 Critical Patch Update  and subsequently again in November ( CVE-2020-14750 ) in the form of an out-of-band security patch. As of writing, about 3,000 Oracle WebLogic servers are accessible on the Internet-based on stats from the Shodan search engine. Oracle  WebLogic  is a platform for developing, deploying, and running enterprise Java applications in any cloud environment as well as on-premises. The flaw, which is tracked as CVE-2020-14882, has a CVSS score of 9.8 out of a maximum rating of 10 and affects WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Although the issue has been addressed, the release ...

CISOs with small security teams hold an intensive juggling act. They're responsible for sustaining the company's security resilience, ensuring compliance is adhered to and implementing privacy controls. In between these tasks, they need to follow up on board updates, lead cross-team communications and collaboration, and fight fires that may or may not be related to cybersecurity. All the while, they're doing this with a small security team, trying to get the most out of existing resources, preventing team burnout, and most likely taking an active, hands-on approach to ensure that all the goals are met. While each CISO has their game plan, what's certain is that CISOs with small security teams are all about efficiency. Efficiency takes on various forms based on each CISO's background, capacity, industry, and even company culture. In the e-Book "10 CISOs With Small Security Teams Share Their Must Dos and Don'ts"  (Download it here) , CISOs of teams ...

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time,"  said  Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. The  flaw  (tracked as  CVE-2020-3843 ) was addressed by Apple in a series of security updates pushed as part of  iOS 13.3.1 ,  macOS Catalina 10.15.3 , and  watchOS 5.3.7  earlier this year. "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory," the iPhone maker noted in its advisory, adding the "memory corruption issue was addressed with improved input validation." T...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The  security misstep  made it possible for an attacker to come up with a trivial script to access media files transferred between users, including private voice messages, photos, and videos, stored on an unauthenticated, publicly accessible server. Although the behavior was observed on version 7.91 of GO SMS Pro for Android, the app makers have since released three subsequent updates, two of which (v7.93 and v7.94) were pushed to the Google Play Store after public disclosure of the flaw and Google's removal of the app from the marketplace. Google reinstated the app back to the Play Store on November 23. Now following an analysis of the updated versions, Trustwave researchers said , "GOMO is attempting to fix the issue, but a complete fix is still not available in the app....

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam between July and August earlier this year. "The coin miners also allowed Bismuth to hide its more nefarious activities behind threats that may be perceived to be less alarming because they're 'commodity' malware," the researchers  said  in an analysis published yesterday. The primary victims of the attack have been traced to state-owned enterprises in Vietnam and entities with ties to a Vietnamese government agency. The Windows maker likened Bismuth to  OceanLotus  (or APT32), linking it to spyware...

Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a  list  of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of the modern threat landscape. Incomplete visibility of external Attack surfaces led to the dramatic increase in disastrous breaches and data leaks during 2020, compromising PII and other sensitive data of millions of victims. These incidents stemmed from sophisticated intrusions by malicious nation-state actors and APT hacking groups, human error, and widespread misconfigurations exposing unprotected cloud storage or databases with confidential data to the Internet. Gartner's security analysts recommend automating laborious security tasks and processes, amid the ongoing shortage of cybersecurity skills, and promptly addressing emerging cloud and containers security risks.  G...

An Indian national on Monday was  sentenced to 20 years in prison  in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel (aka Hitesh Hinglaj), who hails from the city of Ahmedabad, India, was sentenced in connection with charges of fraud and money laundering. He was also ordered to pay restitution of $8,970,396 to identified victims of his crimes. Earlier this January, Patel  pleaded guilty  to wire fraud conspiracy and general conspiracy to commit identification fraud, access device fraud, money laundering, and impersonation of a federal officer or employee. "The defendant defrauded vulnerable US victims out of tens of millions of dollars by spearheading a conspiracy whose members boldly impersonated federal government officials and preyed on victims' fears of adverse government action," said Acting Attorney General Brian C. Rabbitt...

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of the users out of their accounts. But what do you do if you are experiencing problems with account lockouts? The Windows operating system is somewhat limited in its ability to troubleshoot account lockouts, but there are some things that you can do. For example, you can use Windows PowerShell to determine which accounts have been locked out. The command for doing so is: Search-ADAccount -LockedOut -UsersOnly | Select-Object Name, SamAccountName Incidentally, the UsersOnly parameter prevents computer objects from being included in the results, while the Select-Object command filters the results list to display only the user's name and their account name. If you find that accounts have been ...