The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first one is development permissions that don't get changed when something goes live. For example, AWS S3 buckets are often assigned permissive access while development is going on. The issues arise when security reviews aren't carefully performed prior to pushing the code live, no matter if that push is for the initial launch of a platform or for updates. The result is straight-forward; a bucket goes live with the ability for anyone to read and write to and from it. This particular misconfiguration is dangerous; since the application is working and the site is loading for users, there's no visible indication that something is wrong until a threat actor hunting for open buckets stum...

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new  report  published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al Araby TV were infected with Pegasus malware via a now-fixed flaw in Apple's iMessage. Pegasus is developed by Israeli private intelligence firm NSO Group and allows an attacker to  access sensitive data  stored on a target device — all without the victim's knowledge. "The shift towards zero-click attacks by an industry and customers already steeped in secrecy increases the likelihood of abuse going undetected," the researchers said. "It is more challenging [...] to track these zero-click attacks because targets may not notice anything suspicious on their phone. E...

The massive state-sponsored  espionage campaign  that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of Microsoft's compromise was first reported by Reuters , which also said the company's own products were then used to strike other victims by leveraging its cloud offerings, citing people familiar with the matter. The Windows maker, however, denied the threat actor had infiltrated its production systems to stage further attacks against its customers. In a statement to The Hacker News via email, the company said — "Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or custom...

One of the many features of an Active Directory Password Policy is the  maximum password age . Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limited in configuration settings. Let's take a look at a few best practices that have changed in regards to password aging. What controls can you enforce in regards to password aging using the default Active Directory Password Policy? Are there better tools that organizations can use regarding controlling the maximum password age for Active Directory user accounts? What password aging best practices have changed? Password aging for Active Directory user accounts has long been a controversial topic in security best practices. While many organizations still apply more traditional password aging rules, noted security organizations have provided updated password aging guidance. Microsoft has...

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's  website  ("ca.gov.vn") to insert a spyware tool called  PhantomNet  or Smanager. According to ESET's telemetry, the breach happened from at least July 23 to August 16, 2020, with the  two installers  in question — "gca01-client-v2-x32-8.3.msi" and "gca01-client-v2-x64-8.3.msi" for 32-bit and 64-bit Windows systems — tampered to include the backdoor. "The compromise of a certification authority website is a good opportunity for APT groups, since visitors are likely to have a high level of trust in a state organization responsible for digital signatures...

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the  espionage campaign  likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process. "The source code of the affected library was directly modified to include malicious backdoor code, which was compiled, signed, and delivered through the existing software patch release management system," ReversingLabs' Tomislav Pericin said. Cybersecurity firm FireEye earlier this week  detailed  how multiple SolarWin...

Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of  Ryuk  and  Egregor  ransomware have involved the use of  SystemBC  backdoor to laterally move across the network and fetch additional payloads for further exploitation. Affiliates are typically threat actors responsible for gaining an initial foothold in a target network. "SystemBC is a regular part of recent ransomware attackers' toolkits," said Sophos senior threat researcher and former Ars Technica national security editor Sean Gallagher. "The backdoor can be used in combination with other scripts and malware to perform discovery, exfiltration and lateral movement in an automated way across multiple targets. These SystemBC capabilities were originally intended for mass exploitation, but they h...

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic. The findings form the basis of a new " 5G Standalone core security research " published by London-based cybersecurity firm Positive Technologies today, exactly six months after the company released its " Vulnerabilities in LTE and 5G Networks 2020 " report in June detailing high impact flaws in LTE and 5G protocols. "Key elements of network security include proper configuration of equipment, as well as authentication and authorization of network elements," Positive Technologies said. "In the absence of these elements, the network becomes vulnerable [to] subscriber denial of service due to exploitation of vulnera...