The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to  install a cryptocurrency miner . It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known technique" designed to trick the servers into writing data to arbitrary files – a case of  unauthorized access  that was first documented in September 2018. "The general idea behind this exploitation technique is to configure Redis to write its file-based database to a directory containing some method to authorize a user (like adding a key to '.ssh/authorized_keys'), or start a process (like adding a script to '/etc/cron.d')," Censys  said  in a new write-up. The attack surface management platform said it uncovered evidence (i.e., Redis commands) indicating efforts on part of the attacker to store malicious  crontab entries  into the file "/var/...

In what's the latest crypto heist to target the decentralized finance (DeFi) space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute . The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the  attacker's wallet . The company said that its centralized finance (CeFi) and over-the-counter (OTC) operations have not been impacted by the security incident. It did not disclose when the hack took place. The digital asset market maker, which provides liquidity to more several exchanges and crypto platforms, warned of disruption to its services in the coming days, but stressed that it's "solvent with twice over that amount in equity left." "We are (still) open to treat[ing] this as a white hat, so if you are the attacker – get in touch," the company's founder and CEO, Evgeny Gaevoy,  said  in a tweet. Detai...

For cybersecurity professionals, it is a huge challenge to separate the "good guys" from the "villains". In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states.  But not anymore . Threats from within organizations – also known as "insider threats" – are increasing and cybersecurity practitioners are feeling the pain.  Traditional perimeter defenses are not designed to prevent these attacks. They also struggle to keep  external  attackers out. Clever hackers continuously find ways in and "weaponize" their trusted status inside the network to compromise sensitive assets and orchestrate larger attacks. And an increasing number of enterprise resources – applications, devices, data, and even people – now live outside the perimeter. It's difficult to protect these assets with legacy approaches, much less fortify the perimeter to keep attackers out completely. How can you protect your organization in th...

The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency  said  the companies are subject to the Chinese government's exploitation, influence, and control, and could be forced to comply with requests for intercepting and misrouting communications, without the ability to challenge such requests. The Public Safety and Homeland Security Bureau further noted that equipment and services from ComNet and China Unicom could present an opportunity for the Chinese government to carry out espionage operations and gather intelligence against the U.S. Alternatively, they could also provide the Chinese government with a strategic capability to "target, collect, alter, block, and reroute network traffic." China Unicom also earned a place on the list fo...

Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests on June 27, 2022. The "strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second (RPS). "Attackers used HTTP/2 multiplexing, or combining multiple packets into one, to send multiple requests at once over individual connections," Imperva  said  in a report published on September 19. The attack was launched from a botnet that comprised nearly 170,000 different IP addresses spanning routers, security cameras, and compromised servers located in more than 180 countries, primarily the U.S., Indonesia, and Brazil. The disclosure also comes as web infrastructure provider Akamai said it fielded a new DDoS assault aimed at a customer based in Eastern Europe on September 12, with attack traffic spiking at 704.8 million p...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency  said  in a notice. Credited with disclosing the flaws is industrial cybersecurity firm Claroty, which  said  the weaknesses could be remotely triggered "either through a direct web connection to the device or via the cloud." iBoot-PDU  is a power distribution unit (PDU) that provides users with real-time monitoring capabilities and sophisticated alerting mechanisms via a web interface so as to control the power supply to devices and other equipment in an OT environment. The vulnerabilities assume new significance when taking into c...

Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs.  Stellar Cyber delivers an Open XDR solution that allows organizations to use whatever security tools they desire in their security stack, feeding alerts and logs into Stellar Cyber. Stellar Cyber's "Open" approach means their platform can work with any product. As a result, a security team can make changes without wondering if the Stellar Cyber Open XDR platform will still work.  Stellar Cyber address the needs of lean enterprise security teams by providing capabilities typically found in NG-SIEM, NDR, and SOAR products in their Open XDR platform, managed by a single license. This consolidation enables customers to eliminate security stack complexity. ...

A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as  Colibri loader  and  Warzone RAT . The attacks are said to be an expansion of the  same campaign  that previously distributed  DCRat  (or DarkCrystal RAT) using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine. Sandworm is a  destructive Russian threat group  that's best known for carrying out attacks such as the 2015 and 2016 targeting of Ukrainian electrical grid and 2017's NotPetya attacks. It's confirmed to be Unit 74455 of Russia's GRU military intelligence agency. The adversarial collective, also known as Voodoo Bear, sought to dama...

Uber on Monday disclosed more details related to the  security incident  that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based company  said  in an update. The financially-motivated extortionist gang was dealt a huge blow in March 2022 when the City of London Police  moved to arrest  seven individuals aged between 16 and 21 for their alleged connections to the group. Two of those juvenile defendants are facing fraud charges. The hacker behind the Uber breach, an 18-year-old teenager who goes by the moniker Tea Pot, has also claimed responsibility for breaking into video game maker  Rockstar Games  over the weekend. Uber said it's working with "several leading digital forensics fi...