The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

U.S. President Joe Biden on Monday  signed an executive order  that restricts the use of commercial spyware by federal government agencies. The order said the spyware ecosystem "poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person." It also seeks to ensure that the government's use of such tools is done in a manner that's "consistent with respect for the rule of law, human rights, and democratic norms and values." To that end, the order lays out the various criteria under which commercial spyware could be disqualified for use by U.S. government agencies. They include - The purchase of commercial spyware by a foreign government or person to target the U.S. government, A commercial spyware vendor that uses or discloses sensitive data obtained from the cyber surveillance tool without authorization and operates under the control of a foreign g...

Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as  CVE-2023-23529 , concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was  originally addressed  by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been credited with reporting the bug. "Processing maliciously crafted web content may lead to arbitrary code execution," Apple  said  in a new advisory, adding it's "aware of a report that this issue may have been actively exploited." Details surrounding the exact nature of exploitation are currently not known, but withholding technical specifics is standard procedure as it helps prevent additional in-the-wild abuse targeting susceptible devices.  The update is available in versions iOS 15.7.4 and iPadOS 15.7.4 for iPhone 6s (all models), iPhone 7 (all models),...

Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been  formally charged  in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to five years in prison. He was  arrested  on March 15, 2023. "Cybercrime victimizes and steals financial and personal information from millions of innocent people," said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. "This arrest sends a direct message to cybercriminals: your exploitative and illegal conduct will be discovered, and you will be brought to justice." The development comes days after Baphomet, the individual who had taken over the responsibilities of BreachForums,  shut down the website , citing concerns that law enforcement may have obtained access to its backend. The Department of Justice (DoJ) has since confirmed that it co...

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today's security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all alerts are false positives, with some reports citing false positive rates as high as 99 percent . This means highly trained analysts spend a disproportionate amount of time chasing down harmless activity, wasting effort, increasing fatigue, and raising the chance of missing real threats. In this environment, the business imperative is clear: maximize the impact of every analyst and every dollar by making security operations faster, smarter, and more focused. Enter the Agentic AI SOC Analyst The agentic AI SOC Analyst is a force multiplier that enables organizations to do more with the team an...

Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be further secured with MFA. Furthermore, an estimated 61% of attacks stem from stolen credentials. By removing usernames and passwords, the attack surface is reduced as well. SSO helps companies meet strict compliance regulations by not only enabling businesses to secure their accounts, but by helping them demonstrate that they've taken the necessary steps to meet regulatory requirements. While SSO is an important step in securing SaaS apps and their data, having just SSOs in place to secure the SaaS stack in its entirety is not enough. SSO alone won't prevent a threat actor from accessing a SaaS app. It also won't protect SaaS apps that are onboarded without the IT team's knowledg...

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed  MacStealer , it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs. "MacStealer has the ability to steal documents, cookies from the victim's browser, and login information," Uptycs researchers Shilpesh Trivedi and Pratik Jeware  said  in a new report. First advertised on online hacking forums for $100 at the start of the month, it is still a work in progress, with the malware authors planning to add features to capture data from Apple's Safari browser and the Notes app. In its current form, MacStealer is designed to extract iCloud Keychain data, passwords and credit card information from browsers like Google Chrome, Mozilla Firefox, and Brave. It al...

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The  issue , dubbed  aCropalypse , could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as  CVE-2023-28303 , the vulnerability is rated 3.3 on the CVSS scoring system. It affects both the Snip & Sketch app on Windows 10 and the Snipping Tool on Windows 11. "The severity of this vulnerability is Low because successful exploitation requires uncommon user interaction and several factors outside of an attacker's control," Microsoft  said  in an advisory released on March 24, 2023. Successful exploitation requires that the following two prerequisites are met - The user must take a screenshot, save it to a file, modify the file (for example, crop it), and then save the modified file to the same location. The user...

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks," the law enforcement agency  said . "However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators." The effort is part of an ongoing international joint effort called Operation PowerOFF in collaboration with authorities from the U.S., the Netherlands, Germany, Poland, and Europol aimed at dismantling criminal DDoS-for-hire infrastructures worldwide. DDoS-for-hire (aka "Booter" or "Stresser") services rent out access to a network of infected devices to other crim...

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the  critical flaw  relates to a case of privilege escalation that could be exploited to steal NT LAN Manager (NTLM) hashes and stage a  relay attack  without requiring any user interaction. "External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control," the company  noted  in an advisory released this month. "This will leak the  Net-NTLMv2 hash  of the victim to the untrusted network which an attacker can then relay to another service and authenticate as the victim." The vulnerability was resolved by Microsoft as part of its  Patch Tuesday updates  for March 2023, but not before Russia-based threat actors weaponized the flaw in attacks targeting gover...

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The  glitch , which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company to temporarily shut down the chatbot. "It's also possible that the first message of a newly-created conversation was visible in someone else's chat history if both users were active around the same time," the company  said . The bug, it further added, originated in the  redis-py library , leading to a scenario where canceled requests could cause connections to be corrupted and return unexpected data from the database cache, in this case, information belonging to an unrelated user. To make matters worse, the San Francisco-based AI research company said it introduce...