The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed  ALPACA , short for "Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication," by a group of academics from Ruhr University Bochum, Münster University of Applied Sciences, and Paderborn University. "Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session," the study said. "This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer." TLS  is a cryptographic protocol underpinning several application layer protocols like HTTPS, SMTP, IMAP, POP3, and FTP to secure com...

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying  TensorFlow  pods on Kubernetes clusters, with the pods running legitimate  TensorFlow images  from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine cryptocurrencies. Microsoft said the deployments witnessed an uptick towards the end of May. Kubeflow  is an open-source machine learning platform designed to deploy machine learning workflows on  Kubernetes , an orchestration service used for managing and scaling containerized workloads across a cluster of machines. The deployment, in itself, was achieved by taking advantage of Kubeflow, which exposes its UI functionality via a dashboard that is deployed in the cluster. In the attack observed by Microsoft, the adversaries used the centralized dashboard as ...

The speed at which malicious actors have improved their attack tactics and continue to penetrate security systems has made going bigger the major trend in cybersecurity. Facing an evolving threat landscape, organizations have responded by building bigger security stacks, adding more tools and platforms, and making their defenses more complex—a new eBook from XDR provider Cynet ( read it here ). Organizations find themselves in a virtual arms race with malicious actors. Attackers find new, stealthier ways to penetrate an organization's defenses, and organizations build higher walls, buy more technologies to protect themselves, and expand their security stacks. Money is a key component of security success – a tough reality for leaner organizations that might not have the seemingly endless budgets of larger corporations and enterprises. The question of what leaner security teams could do about it used to be "not a lot," but today, that's hardly the case. Even though...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Microsoft on Tuesday released another round of  security updates  for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop. Of these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below - CVE-2021-33742  (CVSS score: 7.5) - Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-33739  (CVSS score: 8.4) - Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2021-31199  (CVSS score: 5.2) - Microsoft Enhanced Cryptogra...

In an unprecedented sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe into transnational and serious organized crime culminated in the arrests of 224 offenders on 526 charges in Australia, with 55 luxury vehicles, eight tons of cocaine, 22 tons of cannabis and cannabis resin, 250 firearms, and more than $48 million in various currencies and cryptocurrencies seized in raids around the world.  A total of more than 800 arrests have been reported across 18 countries, including New Zealand, Germany, and Sweden. Europol  called  it the "biggest ever law enforcement operation against encrypted communication." The communications allegedly involved plots to...

Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers from Check Point research said in a report published today. Three of the four flaws — tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 — have been fixed by Microsoft as part of its Patch Tuesday update for May 2021, with the fourth patch (CVE-2021-31939) to be issued in June's update rolling out later today. In a hypothetical attack scenario, the researchers said the vulnerability could be triggered as simply as opening a malicious Excel (.XLS) file that's served via a download link or an email. Arising out of parsing mistakes made in legacy code found in Excel 9...

Apple on Monday announced a number of  privacy and security-centric features  to its upcoming versions of  iOS  and  macOS  at its all-online Worldwide Developers Conference. Here is a quick look at some of the big-ticket changes that are expected to debut later this fall: 1  — Decouple Security Patches from Feature Updates:  As  rumored before , users now have a choice between two software update versions in the Settings app. Users can either opt to update to the latest version of iOS 15 for all the latest features and most complete set of security updates or continue on iOS 14 and still get important security updates until they are ready to migrate to the next major version. 2  —  Built-in Two-factor Authenticator:  The new versions of iOS and macOS also come with options that allow users to generate two-factor authentication codes for each of the online accounts saved to iCloud Keychain (Settings > Passwords) without ...

In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins (currently valued at $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The  ransomware attack  also hobbled the pipeline company's fuel supply, prompting the government to issue an  emergency declaration , even as the company shelled out a ransom amount of approximately  75 bitcoins  ($4.4 million as of May 8) to regain access to its systems. A week after the highly publicized incident, the ransomware-as-a-service syndicate disbanded with a May 14 farewell message to affiliates, stating that its internet servers and cryptocurrency stash were  seized  by unknown law enforcement entities. While DarkSide's announcement was perceived as an exit scam, the latest move from DoJ confirms earlier speculations of law enforcement involvem...

The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now,  a new research study  points to a new, human-led direction. ‍ The following discusses insights derived from a study conducted by Secure Code Warrior with Evans Data Corp titled 'Shifting from reaction to prevention: The changing face of application security' (2021) exploring developers attitudes towards secure coding, secure code practices, and security operations.  Read the report. ‍‍In the study, developers and development managers were asked about their common secure coding practices. The top three methods highlighted were: Scanning applications for irregularities or vulnerabilities after they are deployed Scrutinizing write code to inspect for irregularities or vulnerabilities The reuse of pre-approved ...