The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The U.S. National Security Agency (NSA) on Tuesday  said  a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as  CVE-2022-27518 , could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and seize control. Successful exploitation, however, requires that the Citrix ADC or Citrix Gateway appliance is configured as a SAML service provider (SP) or a SAML identity provider (IdP). The following supported versions of Citrix ADC and Citrix Gateway are affected by the vulnerability - Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32 Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25 Citrix ADC 12.1-FIPS before 12.1-55.291 Citrix ADC 12.1-NDcPP before 12.1-55.291 Citrix ADC and Citrix Gateway versions 13.1 are not impacted. The company also said there are no...

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as  CVE-2022-42856 , the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to arbitrary code execution. The company said it's "aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1." While details surrounding the exact nature of the attacks are unknown as yet, it's likely that it involved a case of social engineering or a watering hole to infect the devices when visiting a rogue or legitimate-but-compromised domain via the browser. It's worth noting that every third-party web browser that's available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edg...

Google on Tuesday announced the open source availability of  OSV-Scanner , a scanner that aims to offer easy access to vulnerability information about various projects. The  Go-based tool , powered by the Open Source Vulnerabilities ( OSV ) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared with The Hacker News. "The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer's list of packages and the information in vulnerability databases," Pan added. The idea is to identify all the transitive dependencies of a project and highlight relevant vulnerabilities using data pulled from OSV.dev database. Google further stated that the open source platform supports 16 ecosystems, counting all major languages, Linux distributions (Debian and Alpine), as well as Android, Linux Kernel, and  OSS-Fuzz . ...

A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit Amiga, director of security research at Lightspin, said in a report shared with The Hacker News. "This malicious code is executed on any machine that pulls and runs the image, whether on user's local machines, Kubernetes clusters or cloud environments." ECR is a  container image registry service  managed by Amazon Web Services, enabling users to package code as Docker images and deploy the artifacts in a scalable manner. Public repositories hosted on ECR are displayed in what's called the  ECR Public Gallery . "By default, your account has read and write acce...

Cybersecurity researchers have published the inner workings of a new wiper called  Azov Ransomware  that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as  SmokeLoader , the malware has been  described  as an "effective, fast, and unfortunately unrecoverable data wiper," by Israeli cybersecurity company Check Point. Its origins have yet to be determined. The wiper routine is set to overwrite a file's contents in alternating 666-byte chunks with random noise, a technique referred to as  intermittent encryption  that's being increasingly leveraged by ransomware operators to evade detection and encrypt victims' files faster. "One thing that sets Azov apart from your garden-variety ransomware is its modification of certain 64-bit executables to execute its own code," threat researcher Jiří Vinopal said. "The modification of executables is...

An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular  requests library : dequests, fequests, gequests, rdquests, reauests, reduests, reeuests, reqhests, reqkests, requesfs, requesta, requeste, requestw, requfsts, resuests, rewuests, rfquests, rrquests, rwquests, telnservrr, and tequests. According to  Phylum , the rogue packages embed source code that retrieves a Golang-based ransomware binary from a remote server depending on the victim's operating system and microarchitecture. Successful execution causes the victim's desktop background to be changed to an actor-controlled image that claims to the U.S. Central Intelligence Agency (CIA). It's also designed to encrypt files and demand a $100 ransom in cryptocurr...

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as  CVE-2022-42475  (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company  said  it's "aware of an instance where this vulnerability was exploited in the wild," urging customers to move quickly to apply the updates. The following products are impacted by the issue - FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14 Patches are available in FortiOS versions 7.2.3, 7.0.9, 6.4.11, ...

High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers. "This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on a system, including system files, and make a computer completely unbootable," SafeBreach Labs researcher Or Yair  said . "It does all that without implementing code that touches the target files, making it fully undetectable." EDR software, by design, are capable of continually scanning a machine for potentially suspicious and malicious files, and taking appropriate action, such as deleting or quarantining them. The idea, in a nutshell, is to trick vulnerable security products into deleting legitimate files and directories on the system and render the machine inoperable by making use of specially crafted paths. This is achieved by taking advantage of what's ca...