The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.  It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver bullet for all your cybersecurity problems? No. There's no easy, technology-driven fix for what is really cybersecurity's biggest challenge: the actions of human beings.  It doesn't matter how state-of-the-art your best defenses are. Perimeter firewalls, multi-tiered logins, multi-factor authentication, AI tools – all of these are easily rendered ineffective when Bob from a nondescript department clicks on a phishing link in an email. This isn't news to anyone We've all heard this before. The fact that humans are a key flaw in cybersecurity strategy is hardly news –...

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after falling victim to romance frauds and business email compromise ( BEC ) scams. Ogiekpolor was charged by a federal grand jury in February 2022 with one count of conspiracy to commit money laundering and 15 counts of substantive money laundering. The scheme was operational from October 2018 to August 2020. According to the U.S. Justice Department (DoJ), Ogiekpolor enlisted the help of eight "money mules" to open the phony bank accounts under the names of non-existent companies, which were subsequently used to stash the proceeds from their criminal activities. These included creating fic...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "greater visibility into risks facing federal civilian networks." This  involves  carrying out automated asset discovery every seven days and initiating vulnerability enumeration across those discovered assets every 14 days by April 3, 2023, in addition to having the capabilities to do so on an on-demand basis within 72 hours of receiving a request from CISA. Similar baseline vulnerability enumeration obligations have also been put in place for Android and iOS devices as well as other devices that reside outside of agency on-premise...

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to the one used in the 2021 ProxyShell attack that exploited the combination of multiple vulnerabilities - CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207 – to permit a remote actor to execute arbitrary code. Despite the potential severity of attacks using them, ProxyShell vulnerabilities are still on CISA's list of top 2021 routinely exploited vulnerabilities. Meet ProxyNotShell  Recorded on September 19, 2022, CVE-2022-41082 is an attack vector targeting Microsoft's Exchange Servers, enabling attacks of low complexity with low privileges required. Impacted services, if vulnerable, ena...

Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a  data breach  late last month. The company also  said  it has engaged the services of Deloitte to conduct an external forensic assessment of the attack to "understand how it occurred and how we can prevent it from occurring again." Optus is fully owned by Singaporean telecommunications conglomerate Singtel, which also has a significant stake in Bharti Airtel, the second largest carrier in India. "Approximately 1.2 million customers have had at least one number from a current and valid form of identification, and personal information, compromised," Singtel  said  in an announcement made on its website. It also said the breach affected expired IDs and personal information of about 900,000 additional customers. It further emphasized that...

A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the attack is currently unknown, but the trojanized file is said to have been identified at organizations in the industrial, healthcare, technology, manufacturing, insurance, and telecom sectors in North America and Europe. Comm100 is a Canadian provider of live audio/video chat and customer engagement software for enterprises. It  claims  to have more than 15,000 customers across 51 countries. "The installer was signed on September 26, 2022 at 14:54:00 UTC using a valid Comm100 Network Corporation certificate," the company  noted , adding it remained available until September 29. E...

The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been outed as a handiwork of a Chinese cyber espionage group known for operating short-lived ransomware schemes . Cybersecurity firm Sygnia attributed the attacks to a threat actor it tracks under the name Emperor Dragonfly, which is also known as Bronze Starlight (Secureworks) and DEV-0401 (Microsoft). "Emperor Dragonfly deployed open source tools that were written by Chinese developers for Chinese users," the company said in a report shared with The Hacker News. "This reinforces claims that the 'Emperor Dragonfly' ransomware operators are based in China." The use of Cheerscrypt is the latest addition to a long list of ransomware families previously deployed by the group in little over a year, including LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0. Secureworks, in its profile of the group, noted "it is plausible that Bronze Starlight deploys ransomw...

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver ( BYOVD ) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)ception  that's directed against aerospace and defense industries. "The campaign started with spear-phishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium," ESET researcher Peter Kálnai  said . Attack chains unfolded upon the opening of the lure documents, leading to the distribution of malicious droppers that were trojanized versions of open source projects, corroborating recent reports from Google's  Mandiant  and  Microsoft . ESET said it uncovered ev...