The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Nearly three weeks after Florida-based software vendor Kaseya was hit by a  widespread supply-chain ransomware attack , the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the incident," the company  said  in a statement. "Kaseya obtained the tool from a third-party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor." It's not immediately unclear if Kaseya paid any ransom. It's worth noting that REvil affiliates had  demanded a ransom of $70 million  — an amount that was subsequently lowered to $50 million — but soon after, the ransomware gang mysteriously  went off the grid , shutting down their payment sites and data leak portal...

An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu Dong, Fyodor Yarochkin, and Steven Du  said  in a technical write-up published Wednesday. StrongPity , also codenamed  Promethium  by Microsoft, is believed to have been active since 2012 and has typically focused on targets across Turkey and Syria. In June 2020, the espionage threat actor was  connected  to a wave of activities that banked on watering hole attacks and tampered installers, which abuse the popularity of legitimate applications, to infect targets with malware. "Promethium has been resilient over the years," Cisco Talos  disclosed  last yea...

Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.  This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.  One of the most common areas where security may cause challenges for end-users is password policies and password changes. What are these issues? How can organizations reduce end-user password change frustration? First, let's consider the standard password policy, its role, and general settings affecting end-users. What are password policies? Most organizations today have a password policy in place. So, what is a password policy? Password policies define the types and content of passwords allowed or required of end-users in an identity and access management system. Various aspects of the password that businesses control may include the password's require...

Oracle on Tuesday released its quarterly  Critical Patch Update for July 2021  with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is  CVE-2019-2729 , a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication. It's worth noting that the weakness was originally addressed as part of an  out-of-band security update  in June 2019. Oracle WebLogic Server is an application server that functions as a platform for developing, deploying, and running enterprise Java-based applications. The flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology. Also fixed in WebLogic Server are six other flaws, three of which have been assigned a CVSS s...

A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor , 22, has been  charged  with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish National Police made the arrest pursuant to a U.S. warrant. Besides his role in the Twitter hack, O'Connor is also charged with computer intrusions related to takeovers of TikTok and Snapchat user accounts and cyberstalking an unnamed juvenile victim. The  great Twitter hack  of July 15, 2020, emerged as one of the biggest security lapses in the social media platform's history after O'Connor, along with  Mason Sheppard, Nima Fazeli, and Graham Ivan Clark , managed to gain access to Twitter's internal tools, abusing it to breach the accounts of politicians, celebr...

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named " nodejs_net_server " and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent locations hosted on GitHub.  "It isn't malicious by itself, but it can be when put into the malicious use context," ReversingLabs researcher Karlo Zanki  said  in an analysis shared with The Hacker News. "For instance, this package uses it to perform malicious password stealing and credential exfiltration. Even though this off-the-shelf password recovery tool comes with a graphical user interface, malware authors like to use it as it can also be run from the command line." While the first version of the package was put out just to test the process of p...

A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and download and execute files from attacker-controlled domains. "For as low as $49 on the Darknet, hackers can buy licenses for the new malware, enabling capabilities to harvest log-in credentials, collect screenshots, log keystrokes, and execute malicious files," cybersecurity firm Check Point said in a report shared with The Hacker News. Distributed via spoofed emails containing malicious Microsoft Office documents, XLoader is estimated to infected victims spanning across 69 countries between December 1, 2020, and June 1, 2021, with 53% of the infections reported in...

Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely control a company's cloud OT implementation, and threaten any industrial process managed from the cloud," the New York-headquartered industrial security company Claroty said in a report shared with The Hacker News, adding they "can be used to target a cloud-based management console from a compromised field device, or take over a company's cloud and attack PLCs and other devices to disrupt operations." CODESYS is a development environment for programming controller applications, enabling easy configuration of PLCs in industrial control systems. WAGO PFC100/200 is...

Today's cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can't prevent these attacks from happening, what can lean security teams look forward to?  Surprisingly, leaner teams have a much greater chance than they think. It might seem counterintuitive, but recent history has shown that large numbers and huge budgets aren't the difference-makers they once were. Indeed, having the right strategy in place is a clear indicator of an organization's success today. A new guide by XDR provider Cynet ( download it here ) looks to dispel the myth that bigger is always better and shows a smarter way forward for lean IT security teams. The new guide focuses on helping lean IT security teams plan strategies that can protect their organizations while reducing the level of stress they face. Due to the rise of...