The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.  Just as it wasn't raining when Noah built the ark, companies must face the fact that they need to prepare - and educate the organization on - a well-thought-out response plan if a successful cyberattack does occur. Obviously, the worst time to plan your response to a cyberattack is when it happens. With so many companies falling victim to cyberattacks, an entire cottage industry of Incident Response (IR) services has arisen. Thousands of IR engagements have helped surface best practices and preparedness guides to help those that have yet to fall victim to a cyberattack.  Recently, cybersecurity company Cynet provided an  Incident Response plan Word templat...

APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application ( CVE-2021-44207 ) as well as the now infamous zero-day in Log4j ( CVE-2021-44228 )," researchers from Mandiant  said  in a report published Tuesday, calling it a "deliberate campaign." Besides web compromises, the persistent attacks also involved the weaponization of exploits such as deserialization , SQL injection , and directory traversal vulnerabilities, the cybersecurity and incident response firm noted. The  prolific  advanced persistent threat, also known by the monikers Barium and Winnti, has a  track record  of targeting organizations in both the public and private sectors to orchestrate espionage activity i...

Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System ( CPS ) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu  said  the shortcomings, when chained together, can lead to "an unauthenticated attacker gaining root on these devices." Pascom Cloud Phone System is an integrated collaboration and communication solution that allows businesses to host and set up private telephone networks across different platforms as well as facilitate the monitoring, maintenance, and updates associated with the virtual phone systems. The set of three flaws includes those stemming from an arbitrary path traversal in the web interface, a server-side request forgery ( SSRF ) due to an outdated third-party dependency ( CVE-2019-18394 ), and a post-authentication command injection using a daemon service ("exd.pl"). In other words, the vulnerabilities can...

Microsoft's  Patch Tuesday update  for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as actively exploited, three of them are publicly known at the time of release. It's worth pointing out that Microsoft separately  addressed 21 flaws  in the Chromium-based Microsoft Edge browser earlier this month. All the three critical vulnerabilities remediated this month are remote code execution flaws impacting HEVC Video Extensions ( CVE-2022-22006 ), Microsoft Exchange Server ( CVE-2022-23277 ), and VP9 Video Extensions ( CVE-2022-24501 ). The Microsoft Exchange Server vulnerability, which was reported by researcher Markus Wulftange, is also noteworthy for the fact that it requires the attacker to be authenticated to ...

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The  shortcomings , which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware. The variety of devices affected includes HP's laptops, desktops, point-of-sale (PoS) systems, and edge computing nodes. "By exploiting the vulnerabilities disclosed, attackers can leverage them to perform privileged code execution in firmware, below the operating system, and potentially deliver persistent malicious code that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot and Virtualization-Based Security isolation," American firmware security company Binarly said in a report shared with The Hacker News. The most severe of the flaws concern a number of memory corruption vulnera...

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia's GRU military intelligence – as a landing page for its social engineering attacks. The disclosure comes close on the heels of an advisory from the Computer Emergency Response Team of Ukraine (CERT-UA)  warning  of phishing campaigns targeting Ukr.net users that involve sending messages from compromised accounts containing links to attacker-controlled credential harvesting pages. Another cluster of threat activity concerns webmail users of Ukr.net, Yandex.ru, wp.pl, rambler.ru, meta.ua, and i.ua, who have been at the receiving end of phishing attacks by a Belarusian threat actor tracked as Ghostwrit...

Google is officially buying threat intelligence and incident response company Mandiant in an all-cash deal approximately valued at $5.4 billion, the two technology firms announced Tuesday. Mandiant is expected to be folded into Google Cloud upon the closure of the acquisition, which is slated to happen later this year, adding to the latter's growing portfolio of security offerings such as BeyondCorp Enterprise , VirusTotal , Chronicle , and the Cybersecurity Action Team . "Today, organizations are facing cybersecurity challenges that have accelerated in frequency, severity and diversity, creating a global security imperative," Google  said  in a statement. "To address these risks, enterprises need to be able to detect and respond to adversaries quickly; analyze and automate threat intelligence to scale threat detection across organizations; orchestrate and automate remediation; validate their protection against known threats; and visualize their IT environment i...

Samsung on Monday confirmed a security breach that resulted in the exposure of internal company data, including the source code related to its Galaxy smartphones. "According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees," the electronics giant  told  Bloomberg. The South Korean chaebol also confirmed that it doesn't anticipate any impact to its business or its customers as a result of the incident and that it has implemented new security measures to prevent such breaches in the future. The confirmation comes after the LAPSUS$ hacking group dumped 190GB of Samsung data on its Telegram channel towards the end of last week, allegedly exposing the source code for trusted applets installed within  TrustZone , algorithms for biometric authentication, bootloaders for recent devices, and even confidential data from its chip supplier Qualcom...