The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef said in a paper published this week. The  approach  exploits  power-save mechanisms  in endpoint devices to trick access points into leaking  data frames  in plaintext, or encrypt them using  an all-zero key . "The unprotected nature of the power-save bit in a frame's header [...] also allows an adversary to force queue frames intended for a specific client resulting in its disconnection and trivially executing a denial-of-service attack," the researchers noted. In other words, the goal is to leak frames from the access point destined to a v...

Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including increased scale and overall resiliency. And now, even security teams who have long been the holdout on wide-scale cloud adoption, may find a reason to rejoice. Born out of the multi-cloud approach, cyberstorage enables companies to not only enjoy the benefits that multi-cloud brings but also eliminate the risk of data exposure at the same time, marking the beginning of the multi-cloud maturity era. What Is The Supercloud? While many organizations ended up with multiple cloud services as a byproduct of interdepartmental needs, today organizations are intentionally building multi-cloud environments. And rather than manage the various cloud services individually, many are implementin...

A new "comprehensive toolset" called  AlienFox  is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security researcher Alex Delamotte  said  in a report shared with The Hacker News. The cybersecurity company characterized the malware as highly modular and constantly evolving to accommodate new features and performance improvements. The primary use of AlienFox is to enumerate misconfigured hosts via scanning platforms like  LeakIX  and  SecurityTrails , and subsequently leverage various scripts in the toolkit to extract credentials from configuration files exposed on the servers. Specifically, it entails searching for susceptible servers associated with popula...

3CX said it's  working on a software update  for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL," SentinelOne researchers  said . The cybersecurity firm is tracking the activity under the name SmoothOperator , stating the threat actor registered a massive attack infrastructure as far back as February 2022. There are indications that the attack may have commenced around March 22, 2023. 3CX, the company behind 3CXDesktopApp,  claims  to have more than 600,000 customers and 12 million users in 190 countries, some of which include well-known names like American ...

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. The scale of the two campaigns and the nature of the targets are currently unknown. "These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house," TAG's Clement Lecigne  said  in a new report. "While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers, and opposition party politicians." The first of the two operations took place in November 2022 and ...

An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it  Mélofée . The newest of the three artifacts is designed to drop a kernel-mode rootkit that's based on an open source project referred to as  Reptile . "According to the vermagic metadata, it is compiled for a kernel version 5.10.112-108.499.amzn2.x86_64," the company  said  in a report. "The rootkit has a limited set of features, mainly installing a hook designed for hiding itself." Both the implant and the rootkit are said to be deployed using shell commands that download an installer and a custom binary package from a remote server. The installer takes the binary package as an argument and then extracts the rootkit as well as a server implant module that's currently under active develop...

However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a  sandbox-as-a-service , and a recommended list of tools for a comprehensive setup. What is a malware analysis lab? In essence, a malware analysis lab provides a safe, isolated space for examining malware. The setup can range from a straightforward virtual machine using VirtualBox to a more intricate network of interconnected machines and actual networking hardware. But in this article, we'll look at building a lab tailored for static analysis, so what we will need is a secure environment where we can run disassemblers, edit binary files and debug. There are a couple of ways we can go about creating it: 1 — Virtualization Perhaps the simplest way to create a secure and isolated environment is by using a virtual machine....

The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in the automotive industry. However, this increased reliance on APIs has also made them one of the most common attack vectors. According to Gartner, APIs account for 90% of the web application attack surface areas.  With no surprise, similar trends are emerging also in the smart mobility space. A recent  Automotive and Smart Mobility Cybersecurity Report  by Upstream Security indicates that the automotive and smart mobility ecosystem has seen a 380% increase in API-based incidents in 2022, compared to 2021. Additionally, APIs accounted for 12% of total cyber incidents in 2022, up from only 2% in 2021.  When examining smart mobility applications and services, Upstream's threat intelligence team reported that black-hat actors were found to be behind 53% of incidents, indicating malicious intent as the driving force of the majority of API-related attacks. The imp...

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with  clipper malware  designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day when they replace a crypto wallet address," Vitaly Kamluk, director of global research and analysis team (GReAT) for APAC at Kaspersky,  said . Another notable aspect of clipper malware is that its nefarious functions are not triggered unless the clipboard data meets a specific criteria, making it more evasive. It's not immediately clear how the installers are distributed, but evidence points to the use of torrent downloads or some unknown third-party source since the Tor Project's website has been  subjected  to  blockades  in  Russia  in recent years. Regardless of the method used, the installer launches the legiti...