The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final  Patch Tuesday of 2020 , effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity. The December security release addresses issues in Microsoft Windows, Edge browser, ChakraCore, Microsoft Office, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere. Fortunately, none of these flaws this month have been reported as publicly known or being actively exploited in the wild. The fixes for December concern a number of remote code execution (RCE) flaws in Microsoft Exchange (CVE-2020-17132), SharePoint (CVE-2020-17118 and CVE-2020-17121), Excel (CVE-2020-17123), and Hyper-V virtualization software (CVE-2020-17095), as well as a patch for a security feature bypass in Kerberos (CVE-2020-16...

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three security shortcomings were responsibly disclosed to D-Link on August 11, which, if exploited, could allow remote attackers to execute arbitrary commands on vulnerable networking devices via specially-crafted requests and even launch denial-of-service attacks. D-Link DSR-150, DSR-250, DSR-500, and DSR-1000AC and other VPN router models in the DSR Family running firmware version 3.14 and 3.17 are vulnerable to the remotely exploitable root command injection flaw. The Taiwanese networking equipment maker  confirmed  the issues in an advisory on December 1, adding that the patches were under development for two of three flaws, which have now been released to the public at the time of writin...

There seems to be a new ransomware story every day - a new ransomware attack, a new ransomware technique, criminals not providing encryption keys after receiving ransom payments, private data being publicly released by ransomware attackers—it never ends. Just last month, the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a report warning of an imminent threat of ransomware attacks on US hospitals and health care providers. The list of ransomware variants is long and growing, including Maze, Ragnar Locker, Netlocker, Wastedlocker, FTCode, Tycoon, TrickBot, REvil, and many more. Ransomware uses a variety of techniques to infect systems and ultimately steal and/or encrypt a company's files. Many of the techniques are known, but new, unknown techniques can arrive at any moment. SMEs Are Particularly Vulnerable A recent whitepaper about new ways XDR platform protects from ransomware [ download here ] n...

A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by  Oskars Vegeris , a security engineer from Evolution Gaming, on August 31, 2020, before they were addressed at the end of October. Microsoft did not assign a CVE to this vulnerability, stating "it's currently Microsoft's policy to not issue CVEs on products that automatically updates without user's interaction." "No user interaction is required, exploit executes upon seeing the chat message," Vegeris explained in a technical write-up. The result is a "complete loss of confidentiality and integrity for end users — access to private chats, files, internal network, private keys and personal data outside MS Teams," the researcher added. Worse, the RCE is cross-platform — af...

The US National Security Agency (NSA) on Monday issued an  advisory  warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the  VMware flaw  or when these attacks started were not disclosed. The development comes two weeks after the virtualization software company publicly disclosed the flaw—affecting VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector products for Windows and Linux—without releasing a patch and three days after releasing a software update to fix it. In late November, VMware pushed  temporary workarounds  to address the issue, stating permanent patches for the flaw were "forthcoming." But it wasn't until December 3rd the escalation-of-privileges bug was entirely resolved. That same day, the US Cybersecurity and Infrastructure...

A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant—developed by a sanctioned Iranian threat actor—that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations. In  September , the US Department of the Treasury imposed sanctions on APT39 (aka Chafer, ITG07, or Remix Kitten) — an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) — for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. Coinciding with the sanctions, the Federal Bureau of Investigation (FBI) released a public threat analysis  report  describing several tools used by Rana Intelligence Computing Company, which operated as a front for the malicious cyber activities conducted by the APT39 group. Fo...

21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that  65% of US-based companies were vulnerable to email phishing and impersonation attacks . This calls for upgrading your organization's security with DMARC, which if not implemented, will enable cyber-attackers to: Instigate money transfers from vulnerable employees via spoofed emails while impersonating senior executives in your company Send fake invoices to your employees and partners Deal in illegal goods via your domain  Spread Ransomware Impersonate customer support to steal confidential customer or partner information Such situations can have long-lasting consequences on your business. From inflicting a blow on thebrand's reputation and credibility among its partners and customer base to loss of valuable company information and millions of dollars, the risks are countless. What is Domain Spoofing? Domai...

A cybercrime group known for targeting e-commerce websites unleashed a "multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. In a new report published today and shared with The Hacker News, Singapore-based cybersecurity firm Group-IB attributed the operation to the same group that's been linked to a separate attack aimed at online merchants using password-stealing malware to infect their websites with  FakeSecurity JavaScript-sniffers  (JS-sniffers). The campaign progressed in four waves, starting in February and ending in September, with the operators relying on specially-crafted phishing pages and lure documents laced with malicious macros to download Vidar and Raccoon information stealers onto victim systems. The ultimate goal of the attack, the researchers noted, was to steal payment and user data via several attack vectors and tools to deliver the malware. The fake we...