The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have published the inner workings of a new wiper called  Azov Ransomware  that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as  SmokeLoader , the malware has been  described  as an "effective, fast, and unfortunately unrecoverable data wiper," by Israeli cybersecurity company Check Point. Its origins have yet to be determined. The wiper routine is set to overwrite a file's contents in alternating 666-byte chunks with random noise, a technique referred to as  intermittent encryption  that's being increasingly leveraged by ransomware operators to evade detection and encrypt victims' files faster. "One thing that sets Azov apart from your garden-variety ransomware is its modification of certain 64-bit executables to execute its own code," threat researcher Jiří Vinopal said. "The modification of executables is...

An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular  requests library : dequests, fequests, gequests, rdquests, reauests, reduests, reeuests, reqhests, reqkests, requesfs, requesta, requeste, requestw, requfsts, resuests, rewuests, rfquests, rrquests, rwquests, telnservrr, and tequests. According to  Phylum , the rogue packages embed source code that retrieves a Golang-based ransomware binary from a remote server depending on the victim's operating system and microarchitecture. Successful execution causes the victim's desktop background to be changed to an actor-controlled image that claims to the U.S. Central Intelligence Agency (CIA). It's also designed to encrypt files and demand a $100 ransom in cryptocurr...

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as  CVE-2022-42475  (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company  said  it's "aware of an instance where this vulnerability was exploited in the wild," urging customers to move quickly to apply the updates. The following products are impacted by the issue - FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14 Patches are available in FortiOS versions 7.2.3, 7.0.9, 6.4.11, ...

High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers. "This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on a system, including system files, and make a computer completely unbootable," SafeBreach Labs researcher Or Yair  said . "It does all that without implementing code that touches the target files, making it fully undetectable." EDR software, by design, are capable of continually scanning a machine for potentially suspicious and malicious files, and taking appropriate action, such as deleting or quarantining them. The idea, in a nutshell, is to trick vulnerable security products into deleting legitimate files and directories on the system and render the machine inoperable by making use of specially crafted paths. This is achieved by taking advantage of what's ca...

With 2022 coming to a close, there is no better time to buckle down and prepare to face the security challenges in the year to come. This past year has seen its  fair share of breaches , attacks, and leaks, forcing organizations to scramble to protect their SaaS stacks. March alone saw three different breaches from Microsoft, Hubspot, and Okta.  With SaaS sprawl ever growing and becoming more complex, organizations can look to four areas within their SaaS environment to harden and secure.  Learn how you can automate your SaaS stack security Misconfigurations Abound Enterprises can have  over 40 million  knobs, check boxes, and toggles in their employees' SaaS apps. The security team is responsible to secure each of these settings, user roles and permissions to ensure they comply with industry and company policy.  Not only because of their obvious risk or misalignment with security policies, misconfigurations are overwhelmingly challenging to secure ma...

Google has officially begun rolling out support for  passkeys , the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf  said . "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The improved security feature, which is available in version 108, comes nearly two months after Google  began testing the option  across Android, macOS, and Windows 11. Passkeys  obviate the need for passwords by requiring users to authenticate themselves during sign in by unlocking their nearby Android or iOS device using biometrics. This, however, calls for websites to build passkey support on their sites using the  WebAuthn API . Essentially, the technology works by creating a unique cryptographic key pair to associate with an account for the app or website ...

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed  CHAOS . The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner. "The malware achieves its persistence by altering  /etc/crontab file , a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin," researchers David Fiser and Alfredo Oliveira  said . This step is succeeded by downloading next-stage payloads that consist of the XMRig miner and the Go-based CHAOS RAT. The cybersecurity firm said that the main downloader script and further payloads are hosted in multiple locations to make sure that the campaign remains active and new infections continue to happen. The CHAOS RAT, once downloaded and launched, transmi...

As the holiday season approaches, online shopping and gift-giving are at the top of many people's to-do lists. But before you hit the "buy" button, it's important to remember that this time of year is also the peak season for cybercriminals. In fact, cybercriminals often ramp up their efforts during the holidays, taking advantage of the influx of online shoppers and the general hustle and bustle of the season Don't let cybercriminals steal your holiday cheer – follow our simple steps to protect yourself and your personal information while shopping online, completing work tasks, or simply browsing the web. Check everything twice It's common for scammers to lure people in with fake deals and offers during the holiday season. They may promise deep discounts on popular items or claim to have limited-time offers that are too good to pass up. They may also create fake websites or emails that look like they are from legitimate companies to trick people into giv...

The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity Coordination Center (HC3)  said  [PDF]. "The group does claim to steal data for double-extortion attacks, where they will also exfiltrate sensitive data." Royal ransomware, per  Fortinet FortiGuard Labs , is said to be active since at least the start of 2022. The malware is a 64-bit Windows executable written in C++ and is launched via the command line, indicating that it involves a human operator to trigger the infection after obtaining access to a targeted environment. Besides deleting volume shadow copies on the system, Royal utilizes the OpenSSL cryptographic library ...