The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The increasing volume and sophistication of cyberattacks have naturally led many companies to invest in additional cybersecurity technologies. We know that expanded threat detection capabilities are necessary for protection, but they have also led to several unintended consequences. The "more is not always better" adage fits this situation perfectly. An upcoming webinar by cybersecurity company Cynet ( register here ) sheds light on alert overload, the result of too many alerts. Beyond discussing the stress and strain placed on cybersecurity teams trying to sift through an ongoing barrage of threat alerts, Cynet shows how this situation actually degrades cybersecurity effectiveness. Then Cynet will talk about the way out – something important to almost every company suffering from alert overload. The Real Impact of Alert Overload It's interesting that threat alerts, which are so vital to protection have also become an obstacle. Cynet lays out two key reasons why this has come about...

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand," Check Point researchers Aliaksandr Trafimchuk and Raman Ladutska  said  in a report published today. In addition to being both prevalent and persistent, TrickBot has  continually   evolved  its tactics to go past security and detection layers. To that end, the malware's "injectDll" web-injects module, which is responsible for stealing banking and credential data, leverages anti-deobfuscation techniques to crash the web page and thwart attempts to scrutinize the source code. Also put in place are anti-analysis guardrails to prevent security researchers from sending automated requests to command-and-con...

VMware on Tuesday patched several  high-severity   vulnerabilities  impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition. As of writing, there's no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is as follows – CVE-2021-22040  (CVSS score: 8.4) - Use-after-free vulnerability in XHCI USB controller CVE-2021-22041  (CVSS score: 8.4) - Double-fetch vulnerability in UHCI USB controller CVE-2021-22042  (CVSS score: 8.2) - ESXi settingsd unauthorized access vulnerability CVE-2021-22043  (CVSS score: 8.2) - ESXi settingsd TOCTOU vulnerability CVE-2021-22050  (CVSS score: 5.3) - ESXi slow HTTP POST denial-of-service vulnerability CVE-2022-22945  (CVSS score: 8.8) - CLI shell injection vulnerability in the NSX Edge appliance component Successful exploitation of the flaws cou...

The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, stating that the technology's "unprecedented level of intrusiveness" could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy," the European Data Protection Supervisor (EDPS)  said  in its preliminary remarks. "This fact makes its use incompatible with our democratic values." Pegasus  is a piece of highly advanced military-grade intrusion software developed by Israeli company NSO Group that's capable of breaking into smartphones running Android and iOS, turning the devices into a remote monitoring tool capable of extracting sensitive information, recording conversations, and tracking users' movements....

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution (RCE) on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog,  said  in a technical write-up published Tuesday. Apache Cassandra is an open-source, distributed, NoSQL database management system for managing very large amounts of structured data across commodity servers. Tracked as  CVE-2021-44521  (CVSS score: 8.4), the vulnerability concerns a specific scenario where the configuration for user-defined functions ( UDFs ) are enabled, effectively allowing an attacker to leverage the  Nashorn  JavaScript engine, escape the sandbox, and achieve execution of untrusted code. Speci...

Meta Platforms has agreed to pay $90 million to settle a lawsuit over the company's use of cookies to allegedly track Facebook users' internet activity even after they had logged off from the platform. In addition, the social media company will be required to delete all of the data it illegally collected from those users. The development was first reported by  Variety . The decade-old case, filed in 2012, centered around Facebook's use of the proprietary "Like" button to track users as they visited third-party websites – regardless of whether they actually used the button – in violation of the federal wiretapping laws, and then allegedly compiling those browsing histories into profiles for selling the information to advertisers. Based on the terms of the proposed settlement, users who browsed non-Facebook websites that included the "Like" button between April 22, 2010, and September 26, 2011, will be covered. "Reaching a settlement in this cas...

Cybersecurity researchers have detailed the inner workings of ShadowPad , a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is decrypted in memory using a custom decryption algorithm," researchers from Secureworks said in a report shared with The Hacker News. "ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality." ShadowPad is a remote access trojan capable of maintaining persistent access to compromised computers and executing arbitrary commands and next-stage payloads. It also shares noticeable overlaps with the PlugX malware and has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures. ...

Remote workplace trend is getting the upper hand in 2022. A recent survey by IWG (the International Workplace Group) determined that 70% of the world's professionals work remotely at least one day a week, with 53% based outside their workplace at least half of the week. Taking this into consideration, organizations have started looking for reliable partners that can deliver services and support consistently, for example, to install new hybrid infrastructure solutions while trusting them with the everyday functioning of their IT. So far, MSPs have been meeting this demand by offering multiple solutions that help employees work remotely without any problems. What are the main cybersecurity solutions remote workers need? Multi-Factor Authentication Virtual Private Network DNS Filtering to secure DNS traffic Why is a web filtering important and what are the main features necessary for MSPs? Managed service providers have been struggling with finding the right web filtering ...