The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs.  Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead.  Increase in digital supply chain attacks  With the rapid modernization and digitization of supply chains come new security risks. Gartner predicts that  by 2025, 45% of organizations worldwide will have experienced attacks  on their software supply chains—this is a three-fold increase from 2021. Previously, these types of attacks weren't even likely to happen because supply chains weren't connected to the internet. But now that they are, supply chains need to be secured properly.  The introduction of new technology around software supply chains means there are likely security holes that have yet to be identified, bu...

A Rust variant of a ransomware strain known as  Agenda  has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after  BlackCat, Hive, Luna, and RansomExx . Agenda , attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has been linked to a spate of attacks primarily targeting manufacturing and IT industries across different countries. A previous version of the ransomware, written in Go and customized for each victim, singled out healthcare and education sectors in countries like Indonesia, Saudi Arabia, South Africa, and Thailand. Agenda, like Royal ransomware , expands on the idea of partial encryption (aka intermittent encryption) by configuring parameters that are used to determine the percentage of file content to be encrypted. "This tactic is becoming more popular among ransomware actors as it lets them encrypt faster and avoid detections that heavily rely on read/write file ...

Meta Platforms disclosed that it took down no less than 200 covert influence operations since 2017 spanning roughly 70 countries across 42 languages. The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries. "The global surveillance-for-hire industry continues to grow and indiscriminately target people – including journalists, activists, litigants, and political opposition – to collect intelligence, manipulate and compromise their devices and accounts across the internet," the company  noted  in a report published last week. The networks that were found to engage in coordinated inauthentic behavior ( CIB ) originated from 68 countries. More than 100 nations are said to have been targeted by at least one such network, either foreign or domestic. With 34 operations, the U.S. emerged as the most frequently ta...

Google on Friday announced that its client-side encryption for Gmail is in beta for Workspace and education customers as part of its efforts to secure emails sent using the web version of the platform. The development comes at a time when concerns about online privacy and data security are at an all-time high, making it a welcome change for users who value the protection of their personal data. To that end, Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply to sign up for the beta until January 20, 2023. It's not available to personal Google Accounts. "Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers," the company  said  in a post. "Customers retain control over encryption keys and the identity service to access those keys." It is important to know that the latest safeguards offered by Gmail is different from end-to-end encryption. ...

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as  CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141 , have been patched in versions 4.17.4, 4.16.8 and 4.15.13  released  on December 15, 2022. Samba is an open source Windows interoperability suite for Linux, Unix, and macOS operating systems that offers file server, printing, and Active Directory services. A brief description of each of the weaknesses is below - CVE-2022-38023  (CVSS score: 8.1) - Use of weak RC4-HMAC Kerberos encryption type in the  Netlogon Secure Channel   CVE-2022-37966  (CVSS score: 8.1) - An elevation of privilege vulnerability in Windows Kerberos RC4-HMAC CVE-2022-37967  (CVSS score: 7.2) - An elevation of privilege vulnerability in Windows Kerberos CVE-2022-45141  (CVSS score: 8.1) - Use of...

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking the threat cluster as  UNC4166 . "Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it," the cybersecurity company  said  in a technical deep dive published Thursday. Although the adversarial collective's provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to  APT28 , a  Russian state-sponsored actor . The ISO file, per the Google-owned threat intelligence firm, was designed to disable the transmission of te...

A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison. Ahmad Abouammo, 45, was convicted  earlier this August  on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government. Abouammo was arrested on November 5, 2019, after being accused of abusing his access to Twitter's internal systems to gather information about Saudi Arabia's critics on the social media platform. He was employed at Twitter from 2013 to 2015. "Mr. Abouammo violated the trust placed on him to protect the privacy of individuals by giving their personal information to a foreign power for profit,"  said  Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division. "His conduct was made all the more egregious by the fact that the information was i...

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late. There was nothing special or unique about the attack, and it wasn't the last of its kind either. So why are we, in IT, still happily whistling into the wind and moving along as if nothing happened? Is everyone's disaster recovery plan really that good? Are all the security measures in place – and tested? Let's Do a Quick Recap (of What You Should Be Doing) First, cover the basics. Perform proper user training that includes all of the usual: password hygiene, restrictions on account sharing, and clear instructions not to open untrusted emails or to access unscrupulous w...

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company  said , adding it's expected to complete the rollout by the end of January 2023.  Secret scanning is  designed  to examine repositories for access tokens, private keys, credentials, API keys, and other secrets in  over 200 formats  that may have been accidentally committed, and generate alerts to prevent their misuse. The security option was previously limited to repositories owned by organizations that use GitHub Enterprise Cloud and have a GitHub Advanced Security license. For customers of GitHub Advanced Security, the  protections  go a step further by performing the scans for exposed secrets, including custom patterns,  during code pushes . The Microsoft subsidiary also said it's  planning  t...