The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In the midst of 'The Great Resignation,' the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life.  When employee counts range into the five-figure territory — and entire networks of contractors have to be accounted for as well — it's easy to lose track of who's, literally, coming and going. Oftentimes, there are "offboarding" steps that are forgotten about — disabling or removing the user from Active Directory or IAM is not sufficient as the user may have local credentials on some of the SaaS platforms or other sensitive systems.  Technically speaking, there are ways to automate offboarding using protocols such as SCIM and JIT mapping; however, it requires a high level of maturity in an IT environment and the staff to implement it. For organizations not implementing SC...

American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling (DLSS) technology. "We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict," the company  said  in a security notice. "However, we are aware that the threat actor took employee passwords and some NVIDIA proprietary information from our systems and has begun leaking it online." The incident is said to have come to light on February 23, with the company noting that it's taken steps to analyze the leaked information and that it's enforcing all of its employees to change their passwords with immediate effect. The confirmation comes days after  The Telegraph  last week reported that the company is investigating a potential cyber ...

An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices," Unit 42 security researcher Aveek Das  said  in a report published Wednesday. Palo Alto Networks' threat intelligence team said it obtained the scans from seven medical device manufacturers. On top of that, 52.11% of all infusion pumps scanned were susceptible to two known vulnerabilities that were disclosed in 2019 as part of 11 flaws collectively called " URGENT/11 " – CVE-2019-12255  (CVSS score: 9.8) – A buffer overflow flaw in the TCP component of Wind River VxWorks CVE-2019-12264  (CVS...

The U.S. Senate unanimously  passed  the " Strengthening American Cybersecurity Act " on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new  bipartisan legislation , among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in addition to alerting the agency about ransomware payments within 24 hours. Furthermore, affected organizations are required to preserve relevant data and promptly share updates "to a previously submitted covered cyber incident report if substantial new or different information becomes available or if the covered entity makes a ransom payment after submitting a covered cyber incident report." The Strengthening American Cybersecurity Act of 2022 combines three different bills: the Cyber Incident Reporting Act ( CIRA ), the Federal Information Security Management A...

Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social engineering attacks " Asylum Ambuscade ." "The email included a malicious macro attachment which utilized social engineering themes pertaining to the Emergency Meeting of the NATO Security Council held on February 23, 2022," researchers Michael Raggi and Zydeca Cass  said  in a report published Tuesday. "The email also contained a malicious attachment which attempted to download malicious Lua malware named SunSeed and targeted European government personnel tasked with managing transportation and population movement in Europe." The findings build on an  advisory  issued by the State Service...

Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. "The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers  said  in a report published Tuesday. "This type of attack dangerously lowers the bar for DDoS attacks, as the attacker needs as little as 1/75th (in some cases) the amount of bandwidth from a volumetric standpoint," the researchers added. A distributed reflective denial-of-service ( DRDoS ) is a form of distributed denial-of-service (DDoS) attack that relies on publicly accessible UDP servers and bandwidth amplification factors (BAFs) to overwhelm a victim's system with a high volume of UDP responses. In these attacks, the adversary sends a ...

With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks. Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware continued to grow from previous years, as expected, while new attacks on supply chains and cryptocurrencies captured our attention. We also saw an uptick in critical Windows vulnerabilities, again proving that no matter how many vulnerabilities are found, more will always exist.  As we enter 2022, we are seeing novel attacks originating from the conflict in Ukraine, which will certainly make their way into criminal attacks on worldwide businesses. In an upcoming webinar ( register here ), Cybersecurity company Cynet will provide an in-depth review of the high-profile attacks we saw in 2021 and provide guidance to cybersecurity professionals for 2022. What are the top cyberattacks in 2021 that...

As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack. The weaknesses were  identified and reported  by JFrog's Security Research team, following which the project maintainers released patches ( version 2.12 ) last week on February 24, 2022. PJSIP is an open-source embedded  SIP protocol  suite written in C that supports audio, video, and instant messaging features for popular communication platforms such as  WhatsApp  and BlueJeans. It's also  used  by  Asterisk , a widely-used private branch exchange (PBX) switching system for VoIP networks. "Buffers used in PJSIP typically have limited sizes, especially the ones allocated in the stack or supplied by the application, however in several places, we do not check if our usage can exce...

Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from  Kerbit , an Ethiopia-based penetration-testing and vulnerability research firm, on December 15, 2021, the issues were addressed in  version 24.97  of the WEB GUI shipped on January 11, 2022. "[F]ix critical vulnerabilities - new SQL injects for unauthenticated users allowing gaining admin privileges," the maintainers of VoIPmonitor noted in the change log. VoIPmonitor is an open-source network packet sniffer with commercial frontend for SIP RTP and RTCP VoIP protocols running on Linux, allowing users to monitor and troubleshoot quality of SIP VoIP calls as well as decode, play, and archive calls in a  CDR  database. The three flaws identified by Kerbit is below – CVE-2022-24...