The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison. Ahmad Abouammo, 45, was convicted  earlier this August  on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government. Abouammo was arrested on November 5, 2019, after being accused of abusing his access to Twitter's internal systems to gather information about Saudi Arabia's critics on the social media platform. He was employed at Twitter from 2013 to 2015. "Mr. Abouammo violated the trust placed on him to protect the privacy of individuals by giving their personal information to a foreign power for profit,"  said  Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division. "His conduct was made all the more egregious by the fact that the information was i...

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late. There was nothing special or unique about the attack, and it wasn't the last of its kind either. So why are we, in IT, still happily whistling into the wind and moving along as if nothing happened? Is everyone's disaster recovery plan really that good? Are all the security measures in place – and tested? Let's Do a Quick Recap (of What You Should Be Doing) First, cover the basics. Perform proper user training that includes all of the usual: password hygiene, restrictions on account sharing, and clear instructions not to open untrusted emails or to access unscrupulous w...

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company  said , adding it's expected to complete the rollout by the end of January 2023.  Secret scanning is  designed  to examine repositories for access tokens, private keys, credentials, API keys, and other secrets in  over 200 formats  that may have been accidentally committed, and generate alerts to prevent their misuse. The security option was previously limited to repositories owned by organizations that use GitHub Enterprise Cloud and have a GitHub Advanced Security license. For customers of GitHub Advanced Security, the  protections  go a step further by performing the scans for exposed secrets, including custom patterns,  during code pushes . The Microsoft subsidiary also said it's  planning  t...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce,  announced  Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1 , short for Secure Hash Algorithm 1, is a 27-year-old  hash function  used in cryptography and has since been  deemed   broken  owing to the risk of  collision attacks . While hashes are designed to be irreversible – meaning it should be impossible to reconstruct the original message from the fixed-length enciphered text – the lack of collision resistance in SHA-1 made it possible to generate the same hash value for two different inputs. In February 2017, a group of researchers from CWI Amsterdam and Google  disclosed  the first practical technique for producing collisions on SHA-1, effectively undermining the security of the algorithm. "For example, by crafting the two colliding PDF files as two rental agreements with different rent, i...

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called  MCCrash , the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. "The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices," the company  said  in a report. "Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet." This also means that the malware could persist on IoT devices even after removing it from the infected source PC. The tech giant's cybersecurity division is tracking the activity cluster under its emerging moniker DEV-1028. A majority of the infections have been reported in Russia, and ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities ( KEV ) Catalog, citing evidence of active exploitation in the wild. The now-patched critical flaws, tracked as  CVE-2022-26500 and CVE-2022-26501 , are both rated 9.8 on the CVSS scoring system, and could be leveraged to gain control of a target system. "The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions," Veeam  noted  in an advisory published in March 2022. "A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code." Both the issues that impact product versions 9.5, 10, and 11 have been addressed in versions 10a and 11a. Users of Veeam Backup & Replication 9.5 are advised to upgrade to a supported version. Nikita Petrov, a security researcher at Russ...

A Chinese-speaking advanced persistent threat (APT) actor codenamed  MirrorFace  has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed  Operation LiberalFace  by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential stealer named MirrorStealer. The Slovak cybersecurity company said the campaign was launched a little over a week prior to the  Japanese House of Councillors election  that took place on July 10, 2022. "LODEINFO was used to deliver additional malware, exfiltrate the victim's credentials, and steal the victim's documents and emails," ESET researcher Dominik Breitenbacher  said  in a technical report published Wednesday. MirrorFace is said to share overlaps with another threat actor tracked as  APT10  (aka Bronze Riverside, Cicada, Earth Tengshe, S...

Microsoft has revised the severity of a security vulnerability it originally  patched in September 2022 , upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as  CVE-2022-37958  (CVSS score: 8.1), the flaw was previously described as an  information disclosure vulnerability  in SPNEGO Extended Negotiation ( NEGOEX ) Security Mechanism. SPNEGO, short for Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO), is a scheme that allows a client and remote server to arrive at a consensus on the choice of the protocol to be used (e.g., Kerberos or NTLM) for authentication. But a  further analysis  of the flaw by IBM Security X-Force researcher Valentina Palmiotti found that it could allow remote execution of arbitrary code, prompting Microsoft to reclassify its severity. "This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols," I...

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity  MoneyMonger , pointing out the use of the  cross-platform Flutter framework  to develop the apps. MoneyMonger "takes advantage of Flutter's framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis," Zimperium researchers Fernando Sanchez, Alex Calleja , Matteo Favaro, and Gianluca Braga  said  in a report shared with The Hacker news. "Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products." The campaign, believed to be active since May 2022, is part of a broader effort previously  disclosed  by Indian cybersecurity firm K7 Security Labs. None of...