The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022. "Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence," CISA  noted . LogShell, aka  CVE-2021-44228 , is a critical remote code execution flaw in the widely-used Apache Log4j Java-based logging library. It was addressed by the open source project maintainers in December 2021. The latest development  marks  the  continued   ab...

Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the U.S. "Dtrack allows criminals to upload, download, start or delete files on the victim host," Kaspersky researchers Konstantin Zykov and Jornt van der Wiel  said  in a report. The victimology patterns indicate an expansion to Europe and Latin America. Sectors targeted by the malware are education, chemical manufacturing, governmental research centers and policy institutes, IT service providers, utility providers, and telecommunication firms. Dtrack, also called Valefor and Preft, is the handiwork of Andariel, a subgroup of the  Lazarus nation-state threat actor  that's publicly tracked by the broader cybersecurity community using the monikers Operation Troy, Silent Chollima, and Stonefly. Discovered in September 2019, the mal...

Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns," researchers Ariel Szarf, Doron Karmi, and Lionel Saposnik said in a report shared with The Hacker News. This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins. Amazon RDS is a  web service  that makes it possible to set up relational databases in the Amazon Web Services (AWS) cloud. It offers support for different database engines such as MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server. The root cause of the leaks stems from a feature called public  RDS snapshots , which allows for creating a backup of the entir...

According to a  recent survey , 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That's a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look the same in a post-2020 world.  The increase in the number of sophisticated attacks, the heavy reliance on the cloud, limited resources and budgets (exacerbated by economic uncertainty), and a growing skills gap are all major contributors to why having an MDR service to support security operations is becoming a necessity.  Beyond that, there are a number of reasons for why incorporating an MDR service into your security strategy can provide exceptional value that even the people who are tightening your budget at your organization can't deny.  Here are just seven reason...

Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service (DDoS) attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that appeared in February and then mysteriously disappeared in the middle of April," Fortinet FortiGuard Labs researchers Joie Salvio and Roy Tay  said  in a Tuesday report. RapperBot, which was first  documented  by the network security firm in August 2022, is known to exclusively brute-force SSH servers configured to accept  password authentication . The nascent malware is heavily inspired by the  Mirai botnet , whose source code leaked in October 2016, leading to the rise of several variants. What's notable about the updated version of RapperBot is its ability to perform Telnet brute-force, in addition to supporting DoS attacks using the Generic Routing Encap...

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company  said . To that end, developers will need to complete an enrollment process in order to utilize the ads-related APIs, including  Topics ,  FLEDGE , and  Attribution Reporting . Topics, which  replaced  Federated Learning of Cohorts (FLoC) earlier this year, aims to categorize user interests under different "topics" based on their device web browsing history. These inferred interests are then shared with marketers to serve targeted ads. FLEDGE and Attribution reporting, on the other hand, enable custom audience targeting and help measure  ad conversions  without relying on cross-party user identifiers, respectively. Organizations ca...

Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library ( CVE-2022-36067  aka Sandbreak), that came to light last month. "An unauthenticated threat actor can execute arbitrary system commands on a Backstage application by exploiting a vm2 sandbox escape in the Scaffolder core plugin," application security firm Oxeye said in a report shared with The Hacker News. Backstage  is an open source  developer portal  from Spotify that allows users to create, manage, and explore software components from a unified " front door ." It's used by  many companies  like Netflix, DoorDash, Roku, and Expedia, among others. According to Oxeye, the flaw is rooted in a tool called  software...

Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet ( TTE ) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed  PCspooF  by a group of academics and researchers from the University of Michigan , the University of Pennsylvania, and the NASA Johnson Space Center, the  technique  is designed to break TTE's security guarantees and induce TTE devices to lose synchronization for up to a second, a behavior that can even lead to uncontrolled maneuvers in spaceflight missions and threaten crew safety. TTE is one among the networking technologies that's part of what's called a mixed-criticality network wherein traffic with different timing and faults tolerance requirements coexist in the same physical network. This means that both critical devices, which, say, enable vehicle control, and non-critical devices, w...