The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant's Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, LinkedIn, Telegram, Discord, and Keybase in a bid to communicate with the researchers and build trust. The goal, it appears, is to steal exploits developed by the researchers for possibly undisclosed vulnerabilities, thereby allowing them to stage further attacks on vulnerable targets of their choice. "Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including 'guest' posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers,"  said  TAG researcher Adam Weide...

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted using TLS protocol. However, encryption is optional in SMTP, which implies that emails can be sent in plaintext.  Mail Transfer Agent-Strict Transport Security (MTA-STS)  is a relatively new standard that enables mail service providers the ability to enforce Transport Layer Security (TLS) to secure SMTP connections and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that that does not offer TLS with a reliable server certificate. It has been proven to successfully mitigate TLS downgrade attacks and Man-in-the-Middle (MitM) attacks. SMTP TLS Report...

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said. The link to the fake Huawei Mobile app, upon clicking, redirects users to a lookalike Google Play Store website. Once installed, the wormable app prompts victims to grant it notification access, which is then abused to carry out the wormable attack. Specifically, it leverages WhatApp's quick reply feature — which is used to respond to incoming messages directly from the notifications — to send out a reply to a received message automatically. Besides requesting permissions to read notifications, the app also requests intrusive access to run in the background as well as to draw over other apps, ...

Over the years,  penetration testing  has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat landscape. While there is much to be gained from a single snapshot, additional value can come from long term data collection and year over year comparisons. We can see whether the effects that recent trends have on pen testing are long term, or simply a temporary shift, and how they affect the continuing evolution of penetration testing. For instance, 2020 saw a massive influx of remote work. Unfortunately, the convenience of working safely from home increased the risk of a breach as countless new attack vectors opened up, both from the way employees connected to networks, as well ...

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager ( NTLM ) that was addressed by Microsoft as part of its monthly  Patch Tuesday updates  earlier this month. The flaw, tracked as  CVE-2021-1678  (CVSS score 4.3), was described as a "remotely exploitable" bug found in a vulnerable component bound to the network stack, although exact details of the issue remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay. "This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler  MSRPC  interface to remotely execute code on the attacked machine," the researchers  said  in a Friday advisory. NTLM relay attacks are a kind of man-in-the-middle (MitM) attacks that typically permit attackers with access to a network to interce...

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as  CVE-2020-6207 , that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP  SolMan  is an application management and administration solution that offers end-to-end application lifecycle management in distributed environments, acting as a centralized hub for implementing and maintaining SAP systems such as ERP, CRM, HCM, SCM, BI, and others. "A successful exploitation could allow a remote unauthenticated attacker to execute highly privileged administrative tasks in the connected  SAP SMD Agents ," researchers from Onapsis  said , referring to the Solution Manager Diagnostics toolset used to analyze and monitor SAP systems. The vulnerability, which has the highest possible CVSS base score of 10.0, was addressed by SAP as part of its...

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access ( SMA ) that are used to provide users with remote access to internal resources. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company exclusively told The Hacker News. The development comes after The Hacker News received reports that SonicWall's internal systems went down earlier this week on Tuesday and that the source code hosted on the company's GitLab repository was accessed by the attackers. SonicWall wouldn't confirm the re...

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed " KindleDrip ," the exploit chain takes advantage of a feature called " Send to Kindle " to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary code on the device and make unauthorized purchases. "The code runs as root, and the attacker only needs to know the email address assigned to the victim's device,"  said  Yogev Bar-On, a security researcher for Readlmode Labs, in a technical write-up on Thursday. The first vulnerability lets a bad actor send an e-book to a Kindle, the second flaw allows for remote code execution while the e-book is parsed, and a third issue makes it possible to escalate privileges and run the code as the "root" user. When linked together, these weaknesses...