The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google on Thursday removed The Great Suspender , a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware,"  read  a terse notification from Google, but it has since emerged that the add-on stealthily added features that could be exploited to execute arbitrary code from a remote server, including tracking users online and committing advertising fraud. "The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more," Calum McConnell  said  in a GitHub post. The extension, which had more than two million installs before it was disabled, would suspend tabs that aren't in use, replacing them with a blank gray screen until they were reloaded upon returning to the tabs in question. Signs of the...

A new distributed denial-of-service attack (DDoS) vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks," Netscout researchers  said  in a Thursday alert. Plex Media Server  is a personal media library and streaming system that runs on modern Windows, macOS, and Linux operating systems, as well as variants customized for special-purpose platforms such as network-attached storage (NAS) devices and digital media players. The desktop application organizes video, audio, and photos from a user's library and from online services, allowing access to and stream the contents to other compatible devices. DDoS attacks typically involve flooding a legitimate target with junk network traffic that comes from a large number o...

Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The  flaws  — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02. Along with the aforementioned three vulnerabilities, patches have also been released for two more  arbitrary file write flaws  (CVE-2021-1296 and CVE-2021-1297) affecting the same set of VPN routers that could have made it possible for an adversary to overwrite arbitrary files on the vulnerable system. All the nine security issues were reported to the networking equipment maker by security researcher Takeshi Shiomitsu, who has previously uncovered  similar critical flaws  in RV110W, RV130W, and RV215...

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released  88.0.4324.150  for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the company said in a statement. The security flaw was reported to Google by Mattias Buelens on January 24. Previously on February 2, Google  addressed six issues in Chrome , including one critical use after free vulnerability in Payments (CVE-2021-21142) and four high severity flaws in Extensions, Tab Groups, Fonts, and Navigation features. While it's typical of Google to limit details of the vulnerability until a majority of users are updated with the fix, the development comes weeks after Google and Microsoft  disclosed  attacks carried out by North Korean hackers against securi...

Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be. This initial layer of security is crucial for protecting one's entire infrastructure. Unfortunately, the personal nature of passwords has its shortcomings. Passwords are easily forgotten. They may also be too simplistic; many companies don't enforce stringent password-creation requirements. This is where the Active Directory Password Policy comes in. Additionally, the following is achievable: Changing user passwords Recording password changes and storing them within a history log Active Directory accounts for any impactful changes across user accounts. We'll assess why and how administrators might leverage these core features. Why change user ...

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service (DDoS) attacks. Called " Matryosh " by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge (ADB) interfaces to infect Android devices and ensnare them into its network. ADB is a  command-line tool  part of the Android SDK that handles communications and allows developers to install and debug apps on Android devices. While this option is turned off by default on most Android smartphones and tablets, some vendors ship with this feature enabled, thus allowing unauthenticated attackers to connect remotely via the 5555 TCP port and open the devices directly to exploitation. This is not the first time a botnet has taken advantage of ADB to infect vulnerable devices. In July 2018, open ADB ports were used to spread multip...

Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis. Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting companies. Just one variation, the CEO Fraud email scam, cost UK businesses alone £14.8m in 2018. Working From Home Staff working from home are outside the direct oversight of IT support teams and often struggle to deal with cyber threats and appropriately protect company information. Failing to update software and operating systems, sending data over insecure networks, and increasing reliance on email and online messaging has made employees far more susceptible to threats ranging from malware to phishing. Human Error While technical solutions like spam filters and mobile device management syste...

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The six flaws were  reported  by researchers from Israeli IoT security firm Vdoo. The  Realtek RTL8195A  module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used in several industries such as agriculture, smart home, healthcare, gaming, and automotive sectors. It also makes use of an "Ameba" API, allowing developers to communicate with the device via Wi-Fi, HTTP, and  MQTT , a lightweight messaging protocol for small sensors and mobile devices. Although the issues uncovered by Vdoo were verified only on RTL8195A, the researchers said they extend to other modules as well, including RTL8711AM, RTL8711AF, and RTL8710AF. The flaws concern a mix of stack overflow, and out-of-bounds reads that stem from the Wi-Fi module's WP...