The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called " CacheFlow " by Avast, the 28 extensions in question — including Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock — made use of a sneaky trick to mask its true purpose: Leverage  Cache-Control  HTTP header as a covert channel to retrieve commands from an attacker-controlled server. All the  backdoored browser add-ons  have been taken down by Google and Microsoft as of December 18, 2020, to prevent more users from downloading them from the official stores. According to telemetry data gathered by the firm, the top three infected countries were Brazil, Ukraine, and France, followed by Argentina, Spain, Russia, and the U.S. The CacheFlow sequence began when unsuspecting users downloaded on...

Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws (CVE-2021-25274 and CVE-2021-25275) were identified in the SolarWinds Orion Platform, while a third separate weakness (CVE-2021-25276) was found in the company's Serv-U FTP server for Windows,  said  cybersecurity firm Trustwave in a technical analysis. None of the three vulnerabilities are believed to have been exploited in any "in the wild" attacks or during the unprecedented  supply chain attack  targeting the Orion Platform that came to light last December. The two sets of vulnerabilities in Orion and Serv-U FTP were disclosed to SolarWinds on December 30, 2020, and January 4, 2021, respectively, following which the company resolved the issues on January 22 and January 25. It's highly recommended that users install t...

The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions—from different vendors—creating a layered security infrastructure that introduces new challenges to any team, with a much more significant impact on small ones. And yet, sophisticated attacks continue to bypass these advanced security layers while FOMO (fear of missing out) compels security teams to evaluate every new solution that comes out. A new guide, "How Security Consolidation Helps Small Security Teams" ( download here ), reviews the challenges of a layered, multi-vendor security approach for protecting your internal environment and reveals why the concept of consolidation of security solutions is becoming the go-to security approach of many CISOs with small teams. Having a single consolidated solution for protecting your internal environment can free up much of your small team's time and reduce your...

High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands on the systems remotely. Cybersecurity firm ESET named the malware " Kobalos " — a nod to a " mischievous creature " of the same name from Greek mythology — for its "tiny code size and many tricks." "Kobalos is a generic backdoor in the sense that it contains broad commands that don't reveal the intent of the attackers," researchers Marc-Etienne M. Léveillé and Ignacio Sanmillan  said  in a Tuesday analysis. "In short, Kobalos grants remote access to the file system, provides the ability to spawn terminal sessions, and allows proxying connections to other Kobalos-infected servers." Besides tracing the malware back to attacks against a nu...

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan (RAT) to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware Scan Interface ( AMSI ) in an attempt to defeat endpoint protection software, it also employs a multi-stage installation process and makes use of Tor and Telegram messaging API to communicate with a command-and-control (C2) server. Cybersecurity firm Sophos , which observed two versions of Agent Tesla — version 2 and version 3 — currently in the wild, said the changes are yet another sign of Agent Tesla's constant evolution designed to make a sandbox and static analysis more difficult. "The differences we see between v2 and v3 of Agent Tesla appear to be focused on improving the success rate of the malware against sandbox defenses and malware scanners, and on providing more...

The Office of the Washington State Auditor (SAO) on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion's File Transfer Appliance (FTA) service, which allows organizations to share sensitive documents with users outside their organization securely. "During the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion's file transfer service," the SAO  said  in a statement. The accessed information is said to have contained personal details of Washington state residents who filed unemployment insurance claims in 2020, as well as other data from local governments and state agencies. The exact information that may have been compromised include: Full name Social securi...

Security Operations is a 24 x 7 job. It does not stop for weekends or holidays or even that much-needed coffee break after the first hour of the shift is complete. We all know this. Every SOC engineer is hoping for some rest at some point. One of my favorite jokes when talking about Security Operations is "3 SOC engineers walked into a bar…" That the joke. No SOC engineers have time to do that. They get it. They laugh. So why is this all true? Let us explore that a little bit. Demand for experienced SOC engineers far surpasses the available talent. Event volume levels boggle the imagination compared to even just a few years ago. Utilization of tools to their utmost capability has often not been a priority.  In the Security Operations space, we have been using SIEM's for many years with varying degrees of deployments, customization, and effectiveness. For the most part, they have been a helpful tool for Security Operations. But they can be better. Like any tool, t...

SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series devices. The flaw, which affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v), came to light after the NCC Group on Sunday  alerted  it had detected "indiscriminate use of an exploit in the wild." Details of the exploit have not been disclosed to prevent the zero-day from being misused further, but a patch is expected to be available by the end of day on February 2, 2021. "A few thousand devices are impacted," SonicWall  said  in a statement, adding, "SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability." On January 22, The Hacker News exclusively  revealed  that SonicWall had been breached as a consequence of a coordinated attack on its internal systems by exploiting "probable zero-day vulnerabilities" in its SMA 100 series remote acc...