The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, " Prometheus " is an offshoot of another well-known ransomware variant called  Thanos , which was previously deployed against state-run organizations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America, according to new research published by Palo Alto Networks' Unit 42 threat intelligence team. Like other ransomware gangs, Prometheus takes advantage of double-extortion tactics and hosts a dark web leak site, where it names and shames new victims and makes stol...

Bolstering password policies in your organization is an important part of a robust cybersecurity strategy. Cybercriminals are using compromised accounts as one of their favorite tactics to infiltrate business-critical environments; as we've seen in recent news, these attacks can be dangerous and financially impactful. Unfortunately, account compromise is a very successful attack method and requires much less effort than other attack vectors. One of the essential types of password protection recommended by noted cybersecurity standards is  breached password detection . Hackers often use known breached password lists in credential stuffing or password spraying attacks. Here are some critical criteria to consider when your sysadmins are evaluating breached password protection solutions.  Breached password recommendations In the last few years, password security recommendations have evolved past the traditional recommendations regarding password security.  Businesses h...

Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month. "In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated," JBS USA  said  in a statement, with CEO Andre Nogueira adding the firm made the "very difficult decision" to prevent any potential risk for its customers. Stating that third-party forensic investigations into the incident are still ongoing, the company noted that no company, customer, or employee data was compromised as a consequence of the breach. The FBI officially discourages victims from paying ransoms because doing so can establish a profitable criminal marketplace. JBS, the world's largest meat company by sales, on May 30  disclosed  it fell prey to an "org...

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. The internet services company has rolled out an urgent update to the browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild. Tracked as  CVE-2021-30551 , the vulnerability stems from a type confusion issue in its V8 open-source and JavaScript engine. Sergei Glazunov of Google Project Zero has been credited with discovering and reporting the flaw. Although the search giant's Chrome team issued a terse statement acknowledging "an exploit for CVE-2021-30551 exists in the wild," Shane Huntley, Director of Google's Threat Analysis Group,  hinted  that the vulnerability was leveraged by the same actor that abused  CVE-2021-33742 , an actively exploited remote code execution flaw in Windows MSHTML platform ...

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed  ALPACA , short for "Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication," by a group of academics from Ruhr University Bochum, Münster University of Applied Sciences, and Paderborn University. "Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session," the study said. "This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer." TLS  is a cryptographic protocol underpinning several application layer protocols like HTTPS, SMTP, IMAP, POP3, and FTP to secure com...

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying  TensorFlow  pods on Kubernetes clusters, with the pods running legitimate  TensorFlow images  from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine cryptocurrencies. Microsoft said the deployments witnessed an uptick towards the end of May. Kubeflow  is an open-source machine learning platform designed to deploy machine learning workflows on  Kubernetes , an orchestration service used for managing and scaling containerized workloads across a cluster of machines. The deployment, in itself, was achieved by taking advantage of Kubeflow, which exposes its UI functionality via a dashboard that is deployed in the cluster. In the attack observed by Microsoft, the adversaries used the centralized dashboard as ...

The speed at which malicious actors have improved their attack tactics and continue to penetrate security systems has made going bigger the major trend in cybersecurity. Facing an evolving threat landscape, organizations have responded by building bigger security stacks, adding more tools and platforms, and making their defenses more complex—a new eBook from XDR provider Cynet ( read it here ). Organizations find themselves in a virtual arms race with malicious actors. Attackers find new, stealthier ways to penetrate an organization's defenses, and organizations build higher walls, buy more technologies to protect themselves, and expand their security stacks. Money is a key component of security success – a tough reality for leaner organizations that might not have the seemingly endless budgets of larger corporations and enterprises. The question of what leaner security teams could do about it used to be "not a lot," but today, that's hardly the case. Even though...

Microsoft on Tuesday released another round of  security updates  for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop. Of these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below - CVE-2021-33742  (CVSS score: 7.5) - Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-33739  (CVSS score: 8.4) - Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2021-31199  (CVSS score: 5.2) - Microsoft Enhanced Cryptogra...

In an unprecedented sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe into transnational and serious organized crime culminated in the arrests of 224 offenders on 526 charges in Australia, with 55 luxury vehicles, eight tons of cocaine, 22 tons of cannabis and cannabis resin, 250 firearms, and more than $48 million in various currencies and cryptocurrencies seized in raids around the world.  A total of more than 800 arrests have been reported across 18 countries, including New Zealand, Germany, and Sweden. Europol  called  it the "biggest ever law enforcement operation against encrypted communication." The communications allegedly involved plots to...