#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

Oct 21, 2022
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin  said  in a Thursday report. The issue, tracked as CVE-2022-22954 (CVSS score: 9.8), concerns a remote code execution vulnerability that stems from a case of server-side template injection. Although the shortcoming was addressed by the virtualization services provider in April 2022, it has since come under active exploitation in the wild. Fortinet said it observed in August 2022 attacks that sought to weaponize the flaw to deploy the  Mirai botnet  on Linux devices as well as the RAR1Ransom and  GuardMiner , a variant of the XMRig Monero miner. The Mirai sample is re...
Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

Oct 21, 2022
WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as  CVE-2022-42889  aka Text4Shell , has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to the now infamous  Log4Shell  vulnerability in that the  issue  is rooted in the manner  string substitutions  carried out during  DNS, script, and URL lookups  could lead to the execution of arbitrary code on susceptible systems when passing untrusted input. "The attacker can send a crafted payload remotely using 'script,' 'dns,' and 'url' lookups to achieve arbitrary remote code execution," the Zscaler ThreatLabZ team explained . A  successful exploitation of the flaw  can enable a threat actor to open a reverse shell conn...
A Quick Look at the "Strengthening America's Cybersecurity" Initiative

A Quick Look at the "Strengthening America's Cybersecurity" Initiative

Oct 21, 2022
Acknowledging that you have a problem is the first step to addressing the problem in a serious way. This seems to be the reasoning for the White House recently announcing its "Strengthening America's Cybersecurity" initiative. The text of the announcement contains several statements that anyone who's ever read about cybersecurity will have heard many times over: increasing resilience, greater awareness, countering ransomware attacks – the list goes on.  There are some novel aspects to the text as well, including a realization that cybersecurity is not, has never been, and will never be something that can be solved at the nation-state level.  The White House also pointed to IoT warning labels as a solution – and reminded us all (and we do need reminding) about the importance of cybersecurity education. Let's take a look. International cooperation is critical A key point that the White House statement makes very clear is that cyberattacks are asymmetric in the...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Find and Fix the Gaps in Your Security Tools

websitePrelude SecuritySecurity Control Validation
Connect your security tools for 14-days to find missing and misconfigured controls.
Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Oct 21, 2022
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft  said  in an alert. Microsoft also emphasized that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability." The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cybersecurity company SOCRadar, which termed the leak  BlueBleed . Microsoft said it's in the process of directly notifying impacted customers. The Win...
Google Launches GUAC Open Source Project to Secure Software Supply Chain

Google Launches GUAC Open Source Project to Secure Software Supply Chain

Oct 20, 2022
Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition , also known as GUAC, as part of its ongoing efforts to beef up the  software supply chain . "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," Brandon Lum, Mihai Maruseac, and Isaac Hepworth of Google said in a post shared with The Hacker News. "GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding." Software supply chain has  emerged  a  lucrative   attack vector  for threat actors, wherein exploiting just one weakness -- as seen in the case of  SolarWinds  and  Log4Shell  -- opens a pathway long enough to traverse down the supply chain and steal sensiti...
OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme

OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme

Oct 20, 2022
A Russian-speaking ransomware group dubbed OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation over the course of two and a half years. "The group's victims include companies in sectors such as logistics, industry, insurance, retail, real estate, software development, and banking," Group-IB  said  in an exhaustive report shared with The Hacker News. "In 2020, the group even targeted an arms manufacturer." In what's a rarity in the ransomware landscape, OldGremlin (aka TinyScouts) is one of the very few financially motivated cybercrime gangs that primarily focuses on Russian companies. Other notable groups consist of Dharma, Crylock, and Thanos, contributing to an uptick in ransomware attacks targeting businesses in the country by over 200% in 2021. OldGremlin first came to light in September 2020 when the Singapore-headquartered cybersecurity company  disclosed  nine campaigns orch...
Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens

Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens

Oct 20, 2022
The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko  said  in a report shared with The Hacker News. The updates, while retaining the same surveillance functionality as earlier versions, are designed to evade detection by security solutions, the Slovak cybersecurity firm added. Domestic Kitten, also called APT-C-50, is an Iranian threat activity cluster that has been previously identified as targeting individuals of interest with the goal of harvesting sensitive information from compromised mobile devices. It's been known to be active since at least 2016. A tactical analysis conducted by Trend Micro in 2019 revealed Domestic Kitten...
Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox

Oct 20, 2022
When creating a Sandbox, the mindset tends to be that the Sandbox is considered a place to play around, test things, and there will be no effect on the production or operational system. Therefore, people don't actively think they need to worry about its security. This mindset is not only wrong, but extremely dangerous.  When it comes to software developers, their version of sandbox is similar to a child's playground — a place to build and test without breaking any flows in production. Meanwhile, in the world of cybersecurity, the term 'sandbox' is used to describe a virtual environment or machine used to run suspicious code and other elements.  Many organizations use a Sandbox for their SaaS apps — to test changes without disrupting the production SaaS app or even to connect new apps (much like a software developer's Sandbox). This common practice often leads to a false sense of security and in turn a lack of thought for its security implications. This article wi...
These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times

These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times

Oct 20, 2022
As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The  Clicker  malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers, note-taking apps, and dictionaries, among others, in a bid to trick users into downloading them, cybersecurity firm McAfee  said . The list of offending apps is as follows - High-Speed Camera (com.hantor.CozyCamera) - 10,000,000+ downloads Smart Task Manager (com.james.SmartTaskManager) - 5,000,000+ downloads Flashlight+ (kr.caramel.flash_plus) - 1,000,000+ downloads 달력메모장 (com.smh.memocalendar) - 1,000,000+ downloads K-Dictionary (com.joysoft.wordBook) - 1,000,000+ downloads BusanBus (com.kmshack.BusanBus) - 1,000,000+ downloads Flashlight+ (com.candlencom.candleprotest) - 500,000+ downloads Quick Note (com.movinapp.quicknote) - 500,000+ downloads Currency Converter (co...
Expert Insights Articles Videos
Cybersecurity Resources