The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it  B1txor20  "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes." First observed propagating through the  Log4j vulnerability  on February 9, 2022, the malware leverages a technique called DNS tunneling to build communication channels with command-and-control (C2) servers by encoding data in DNS queries and responses. B1txor20, while also buggy in some ways, currently supports the ability to obtain a shell, execute arbitrary commands, install a rootkit, open a  SOCKS5 proxy , and functions to upload sensitive information back to the C2 server. Once a machine is successfully compromised, the malware utilizes the DNS tunnel to retrieve and execute ...

The maintainers of OpenSSL have  shipped patches  to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as  CVE-2022-0778  (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit  elliptic-curve  parameters, resulting in what's called an "infinite loop." The flaw resides in a function called BN_mod_sqrt() that's used to compute the modular square root. "Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack," OpenSSL said in an advisory published on March 15, 2022. "The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic-curve parameters." While there is no evidence that the vulnerability has been exploited in the w...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. "As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network," the agencies  said . "The actors then exploited a critical Windows Print Spooler vulnerability, 'PrintNightmare' ( CVE-2021-34527 ) to run arbitrary code with system privileges." The attack was pulled off by gaining initial access to the victim organization via compromised credentials – obtained by means of a brute-force password guessing attack – and enrolling a new device in the organization's  Duo MFA ....

Researchers have disclosed an unpatched security vulnerability in " dompdf ," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. "By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it from the web," Positive Security researchers Maximilian Kirchmeier and Fabian Bräunlein  said  in a report published today. In other words, the flaw  allows  a malicious party to upload font files with a .php extension to the web server, which can then be activated by using an  XSS vulnerability  to inject HTML into a web page before it's rendered as a PDF. This meant that the attacker could potentially navigate to the uploaded .php script, effectively permitting remote code execution on the server. This can have significant consequences on websites that req...

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security (BSI) against using the company's security solutions in the country over "doubts about the reliability of the manufacturer." Calling that the decision was made on "political grounds," the company  said  it will "continue to assure our partners and customers of the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators' concerns." The statement from Kaspersky follows a warning from Germany's cybersecurity authority, the Bundesamt für Sicherheit in der Informationstechnik aka BSI, which recommended "replacing applications from Kaspersky's portfolio of antivirus software with alternative products" due to risks that they could be exploited by Russia for a cyber attack. "Companies and...

The end of the year is coming, and it's time for security decision-makers to make plans for 2022 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced. The Definitive 2022 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an off-the-shelf tool to clearly and easily present their plans and insights to management. While many security decision-makers have the tools and expertise to build their case technologically, effectively communicating their conclusions to the organization's management is a different challenge. Management doesn't think in terms of malware, identity compromise, or zero-day exploits, but in terms of monetary loss and gain: Would investment A in a security product reduce the likelihood of cyberattack derived downtime? Would outsourcing a certain security functionality to a service p...

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication, but can be triggered by any user with read permissions," Uriya Yavnieli and Or Peles, researchers from DevSecOps firm JFrog,  said  in a report published Tuesday. "This means the attacker must perform reconnaissance on the specific ClickHouse server target to obtain valid credentials. Any set of credentials would do, since even a user with the lowest privileges can trigger all of the vulnerabilities." The list of seven flaws is below – CVE-2021-43304 and CVE-2021-43305  (CVSS scores: 8.8) – Heap buffer overflow flaws in the LZ4 compression codec that could lead to remote code execution CVE-2021-42387 and CVE-2021-42388  (CVSS scores: 7.1) – Heap out-of-bounds read ...

The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union's  GDPR laws  in the region. "The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the watchdog  said  in a press release. The decision follows the regulator's investigation into 12  data   breach   notifications  it received over the course of a six-month period between June 7 and December 4, 2018. "This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people's information," Meta  said  in a statement shared with the Associated ...