The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed " BlastDoor ," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a Google Project Zero researcher tasked with studying zero-day vulnerabilities in hardware and software systems. "One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed 'BlastDoor' service which is now responsible for almost all parsing of untrusted data in iMessages," Groß  said . "Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base." The development is a consequence of a  zero-click exploit  that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security p...

The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same (relative) damages and consequences when breaches occur as the largest enterprises but are forced to protect their organizations with a fraction of the resources as the largest enterprises.  Cybersecurity company Cynet just released findings from a survey of 200 CISOs in charge of small security teams ( Download here ) to shine "a spotlight into the challenges of small security teams everywhere." In addition to better understanding the challenges these CISOs face, the 2021 Survey of CISOs with Small Security Teams delves into the strategies CISOs will employ to ensure their organizations are protected from the ongoing onslaught of cyber threats - all while saddled with limited budgets and headcount. The survey findings will also be presented in a live webinar,  register...

A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information. In a  new report  published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250 public-facing web servers since early 2020 that have been hacked by the threat actor to gather intelligence and steal the company's databases. The orchestrated intrusions hit a slew of companies located in the U.S., the U.K., Egypt, Jordan, Lebanon, Saudi Arabia, Israel, and the Palestinian Authority, with a majority of the victims representing telecom operators (Etisalat, Mobily, Vodafone Egypt), internet service providers (SaudiNet, TE Data), and hosting and infrastructure service providers (Secured Servers LLC, iomart). First documented in 2015,  Volatile Cedar  (or Lebanese Cedar) has been known to penetrate a large n...

Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed " Oscorp " by Italy's CERT-AGID and spotted by  AddressIntel , the malware "induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the screen." So named because of the title of the login page of its command-and-control (C2) server, the malicious APK (called "Assistenzaclienti.apk" or "Customer Protection") is  distributed  via a domain named "supportoapp[.]com," which upon installation, requests intrusive permissions to enable the accessibility service and establishes communications with a C2 server to retrieve additional commands. Furthermore, the malware repeatedly reopens the Settings screen every eight seconds until the user turns on permissions for accessibility and device usage stati...

U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. "We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,"  said  Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department's Criminal Division. "Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today's multi-faceted operation." In connection with the takedown, a Canadian national named Sebastien Vachon-Desjardins from the city of Gatineau was charged in the U.S. state of Florida for extorting $27.6 million in cryptocurrency from ransom payments. Separately, the...

Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet , a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. The coordinated takedown of the botnet on Tuesday — dubbed " Operation Ladybird " — is the result of a joint effort between authorities in the Netherlands, Germany, the U.S., the U.K., France, Lithuania, Canada, and Ukraine to take control of servers used to run and maintain the malware network. "The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale," Europol  said . "What made Emotet so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomware, onto a victim's computer." More Than a Malware  Since its first identification in 2014,  Emotet  has evolved from its initial roots as a cr...

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab 's investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have "determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host." Azure Functions , analogous to Amazon AWS Lambda, is a serverless solution that allows users to run event-triggered code without having to provision or manage infrastructure explicitly while simultaneously making it possible to scale and allocate compute and resources based on demand. By incorporating Docker into the mix, it makes it possible for developers to easily deploy and ...

Newly discovered security vulnerabilities in ADT's Blue (formerly LifeShield) home security cameras could have been exploited to hijack both audio and video streams. The  vulnerabilities  (tracked as CVE-2020-8101) were identified in the video doorbell camera by Bitdefender researchers in February 2020 before they were eventually addressed on August 17, 2020. LifeShield was acquired by Florida-based ADT Inc. in 2019, with Lifeshield's DIY home security solutions rebranded as Blue as of January 2020. The company's products had a 33.6% market share in the U.S. last year. The security issues in the doorbell camera allow an attacker to Obtain the administrator password of the camera by simply knowing its MAC address, which is used to identify a device uniquely Inject commands locally to gain root access, and Access audio and video feeds using an unprotected  RTSP  (Real-Time Streaming Protocol) server The doorbell is designed to periodically send heartbeat mes...