The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web ( MotW ) protections. The fix,  released  by 0patch, arrives weeks after HP Wolf Security  disclosed  a Magniber ransomware campaign that targets users with fake security updates which employ a JavaScript file to proliferate the file-encrypting malware. While files downloaded from the internet in Windows are tagged with a MotW flag to prevent unauthorized actions, it has since been found that corrupt Authenticode signatures can be used to allow the execution of arbitrary executables without any  SmartScreen warning . Authenticode  is a Microsoft code-signing technology that authenticates the identity of the publisher of a particular piece of software and verifies whether the software was tampered with after it was signed and published. "The [JavaScript] ...

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain  deep links . An independent security researcher has been credited with reporting the issue. "Here, by not checking the deep link securely, when a user accesses a link from a website containing the deeplink, the attacker can execute JS code in the webview context of the Galaxy Store application," SSD Secure Disclosure  said  in an advisory posted last week. XSS attacks  allow an adversary to inject and execute malicious JavaScript code when visiting a website from a browser or another application. The issue identified in the Galaxy Store app has to do with how deep links are configured for Samsung's Marketing & Content Service ( MCS ), potentially leadi...

Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique,  disclosed  by Checkmarx, entails a bypass of a protection mechanism called  popular repository namespace retirement , which aims to prevent developers from pulling unsafe repositories with the same name. The issue was addressed by the Microsoft-owned subsidiary on September 19, 2022 following responsible disclosure. RepoJacking  occurs  when a creator of a repository opts to change the username, potentially enabling a threat actor to claim the old username and publish a rogue repository with the same name in an attempt to trick users into downloading them. While Microsoft's countermeasure "retire[s] the namespace of any open source project that had more than 100 clones in the week leading up to the owner's account being renamed or deleted," Che...

Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the  August hack  that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in. "In the June incident, a Twilio employee was socially engineered through voice phishing (or 'vishing') to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers," Twilio  said . It further said the access gained following the successful attack was identified and thwarted within 12 hours, and that it had alerted impacted customers on July 2, 2022. The San Francisco-based firm did not reveal the exact number of customers impacted by the June incident, and why the disclosure was made ...

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability can be exploited by an unauthenticated remote attacker to get remote phar files deserialized, leading to arbitrary file write, which leads to a remote code execution (RCE)," Yibelo  said  in a report shared with The Hacker News. Also identified are five other issues, which are listed as follow - CVE-2022-22242  (CVSS score: 6.1) - A pre-authenticated reflected  XSS  on the error page ("error.php"), allowing a remote adversary to siphon Junos OS admin session and chained with other flaws that require authentication. CVE-2022-22243  (CVSS score: 4.3) &...

Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like  SharkBot  and  Vultur , which are capable of stealing financial data and performing on-device fraud. "These droppers continue the unstopping evolution of malicious apps sneaking to the official store," Dutch mobile security firm ThreatFabric told The Hacker News in a statement. "This evolution includes following newly introduced policies and masquerading as file managers and overcoming limitations by side-loading the malicious payload through the web browser." Targets of these  droppers  include 231 banking and cryptocurrency wallet apps from financial institutions in Italy, the U.K., Germany, Spain, Poland, Austria, the U.S., Australia, France, and the Netherlands. Dropper apps on official app stores like Google Play have  increasingly   become  a popular and efficient technique to d...

Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with  serious  side effects.  Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an asset or upgrade in almost every way. With one glaring exception: cybersecurity.  The cloud promised to make companies more secure and security more straightforward. Yet over the same time period that the cloud took over computing, cyber attacks grew steadily worse while security teams felt increasingly overwhelmed.  Why?  We will explain shortly. For lean security teams, the more important question is how to make cloud security work, especially as the cloud footprint grows (a lot) faster than security resources. Will the cloud always cast a shadow on cybersecurity? Not with the strategy outlined in a free eboo...

A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan . This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software,  said  in a report shared with The Hacker News. The dropper "is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services ( IIS ) logs," the researchers said. The toolset has been attributed by the cybersecurity company to a suspected espionage actor called UNC3524, aka Cranefly, which  first came to light  in May 2022 for its focus on bulk email collection from victims who deal with mergers and acquisitions and other financial transactions. One of the group's key malware strains is QUIETEXIT, a backdoor deployed on network appliances that do not support antivirus or endpoint detection, ...

The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security measures to safeguard assets. A well-implemented defense in depth can help organizations prevent and mitigate ongoing attacks.  Defense in depth uses various cutting-edge security tools to safeguard a business's endpoints, data, applications, and networks. The objective is to prevent cyber threats, but a robust defense-in-depth approach also thwarts ongoing attacks and prevents further damage. How organizations can implement defense in depth The image above shows the various layers of security that organizations must implement. Below we describe ideas that companies should consider for each layer. Governance and risk mana...