The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

BNB Chain, a blockchain linked to the Binance cryptocurrency exchange, disclosed an exploit on a cross-chain bridge that drained around $100 million in digital assets. "There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as 'BSC Token Hub,'" it  said  last week. "The exploit was through a sophisticated forging of the low level proof into one common library." According to Binance CEO Changpeng Zhao, the exploit on the cross-chain bridge " resulted in extra BNB ," prompting a  temporary suspension  of the Binance Smart Chain (BSC). "BNB, which stands for 'Build and Build' (formerly called Binance Coin), is the blockchain gas token that 'fuels' transactions on BNB Chain," Binance  noted  earlier this February. No user funds are said to have been impacted, since the vulnerability in the BSC Token Hub bridge enabled the unknown threat actor...

A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned  CVE-2022-41352 , carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations. "The vulnerability is due to the method ( cpio ) in which Zimbra's antivirus engine ( Amavis ) scans inbound emails," cybersecurity firm Rapid7  said  in an analysis published this week. The issue is said to have been abused since early September 2022, according to  details  shared on Zimbra forums. While a fix is yet to be released, the software services company is urging users to install the "pax" utility and restart the Zimbra services. "If the  pax package  is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is ...

Microsoft on Friday  disclosed  it has made more improvements to the  mitigation method  offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of updated steps to add the URL Rewrite rule is below - Open IIS Manager Select Default Web Site In the Feature View, click URL Rewrite In the Actions pane on the right-hand side, click Add Rule(s)… Select Request Blocking and click OK Add the string "(?=.*autodiscover\.json)(?=.*powershell)" (excluding quotes) Select Regular Expression under Using Select Abort Request under How to block and then click OK Expand the rule and select the rule with the pattern: (?=.*autodiscover\.json)(?=.*powershell) and click Edit under Conditions Change the Condition input from {U...

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684 (CVSS score: 9.6), the critical flaw relates to an authentication bypass vulnerability that may permit an unauthenticated adversary to carry out arbitrary operations on the administrative interface via a specially crafted HTTP(S) request. The issue impacts the following versions, and has been addressed in FortiOS versions  7.0.7  and  7.2.2 , and FortiProxy versions 7.0.7 and 7.2.1 released this week: FortiOS - From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy - From 7.0.0 to 7.0.6 and 7.2.0 "Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company  cautioned  in an alert shared by a securit...

Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," the social media behemoth  said  in a report shared with The Hacker News. 42.6% of the rogue apps were photo editors, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). Interestingly, a majority of the iOS apps posed as ads manager tools for Meta and its Facebook subsidiary. Besides concealing its malicious nature as a set of seemingly harmless apps, the operators of the scheme also published fake reviews that were designed to offset the negative reviews left by users who may have previously downloaded the apps...

Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why.  While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the entire organization understand and communicate how to do it. What does it mean? GRC tools like StandardFusion help companies  define and implement the best practices, procedures, and governance to ensure everyone understands the risks associated with their actions and how they can affect business security, compliance, and success. In simple words, GRC is the medium for creating awareness around cybersecurity's best practices to reduce risks and achieve business goals. Why is cybersecurity more relevant than ever before Cybersecurity aims to protect sensitive business data, intell...

Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang . Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with Discord Nitro, gaming, and streaming services. "LofyGang operators are seen promoting their hacking tools in hacking forums, while some of the tools are shipped with a hidden backdoor," the software security company said in a report shared with The Hacker News prior to its publication. Various pieces of the attack puzzle have already been reported by  JFrog ,  Sonatype , and  Kaspersky  (which called it LofyLife), but the latest analysis pulls the various operations together under one organizational umbrella that Checkmarx is referring to as  LofyGang . Believed to be ...

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar. According to security researcher mr.d0x – who also devised the browser-in-the-browser ( BitB ) attack method earlier this year – a bad actor can leverage this behavior to resort to some HTML/CSS trickery and display a fake address bar on top of the window and fool users into giving up their credentials on rogue login forms. "Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario," mr.d0x  said . "You can deliver these fake applications independently as files." This is...

In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch  said  in a new technical write-up. BYOVD is an  attack technique  that involves threat actors abusing vulnerabilities in legitimate, signed drivers to achieve successful kernel-mode exploitation and seize control of compromised machines. Weaknesses in signed drivers have been increasingly co-opted by nation-state threat groups in recent years, including  Slingshot ,  InvisiMole ,  APT28 , and most recently, the  Lazarus Group . BlackByte, believed to be an offshoot of the  now-discontinued Conti group , is part of the big game cybercrime crews, which zeroes in on larg...