The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as  CVE-2023-29324  (CVSS score: 6.5), has been described as a security feature bypass. It was  addressed  by Microsoft as part of its Patch Tuesday updates for May 2023. Akamai security researcher Ben Barnea, who discovered and reported the bug, noted that all Windows versions are affected, but pointed out Microsoft, Exchange servers with the March update omit the vulnerable feature. "An unauthenticated attacker on the internet could use the vulnerability to coerce an Outlook client to connect to an attacker-controlled server," Barnea  said  in a report shared with The Hacker News. "This results in NTLM credentials theft. It is a zero-click vulnerability, meaning it can be triggered with no user interaction." It's also worth noting that CVE-20...

Government organizations in Central Asia are the target of a sophisticated espionage campaign that leverages a previously undocumented strain of malware dubbed  DownEx . Bitdefender, in a  report  shared with The Hacker News, said the activity remains active, with evidence likely pointing to the involvement of Russia-based threat actors. The Romanian cybersecurity firm said it first detected the malware in a highly targeted attack aimed at foreign government institutions in Kazakhstan in late 2022. Subsequently, another attack was observed in Afghanistan. The use of a diplomat-themed lure document and the campaign's focus on data exfiltration suggests the involvement of a state-sponsored group, although the exact identity of the hacking outfit remains indeterminate at this stage. The initial intrusion vector for the campaign is suspected to be a spear-phishing email bearing a booby-trapped payload, which is a loader executable that masquerades as a Microsoft Word fi...

A few weeks ago, the 32nd edition of RSA, one of the world's largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on  the state of cybersecurity . During his keynote, Mandia stated: "There are clear steps organizations can take beyond common safeguards and security tools to strengthen their defenses and increase their chances of detecting, thwarting or minimizing attack [...] Honeypots , or fake accounts deliberately left untouched by authorized users,  are effective at helping organizations detect intrusions or malicious activities that security products can't stop ". "Build honeypots" was one of his seven pieces of advice to help organizations avoid some of the attacks that might require engagement with Mandiant or other incident response firms. As a reminder, honeypots are  decoy systems  that are set up to lure attackers and divert their attentio...

A U.K. national has pleaded guilty in the U.S. in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O'Connor, who also went by the online alias PlugwalkJoe , admitted to "his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter," the U.S. Department of Justice (DoJ) said. The 23-year-old individual was extradited from Spain on April 26 after the Spanish National Court, in February,  approved  the DoJ request to hand over O'Connor to face 14 criminal charges in the U.S. The  massive hack , which took place on July 15, 2020, involved O'Connor and his co-conspirators seizing control of 130 Twitter accounts, including those belonging to Barack Obama, Bill Gates, and Elon Musk, to perpetrate a cryptocurrency scam that netted them $120,000 in a few hours. The attack was made possible by using social engineering te...

The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as  Snake  wielded by Russia's Federal Security Service (FSB). Snake, dubbed the "most sophisticated cyber espionage tool," is the handiwork of a Russian state-sponsored group called  Turla  (aka Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, and Waterbug), which the U.S. government attributes to a unit within Center 16 of the FSB. The threat actor has a  track record  of heavily focusing on entities in Europe, the Commonwealth of Independent States (CIS), and countries affiliated with NATO, with recent activity expanding its footprint to incorporate Middle Eastern nations deemed a threat to countries supported by Russia in the region. "For nearly 20 years, this unit [...] has used versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries, ...

Microsoft has rolled out  Patch Tuesday updates  for May 2023 to address 38 security flaws, including two zero-day bugs that it said are being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI)  said  the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and 32 are rated Important in severity. Eight of the flaws have been tagged with "Exploitation More Likely" assessment by Microsoft. This is aside from  18 flaws  – including 11 bugs since the start of May – the Windows maker resolved in its Chromium-based Edge browser following the release of April Patch Tuesday updates. Topping the list is  CVE-2023-29336  (CVSS score: 7.8), a privilege escalation flaw in Win32k that has come under active exploitation. It's not immediately clear how widespread the attacks are. "An attacker who successfully explo...

U.S. authorities have announced the seizure of 13 internet domains that offered DDoS-for-hire services to other criminal actors. The takedown is part of an ongoing international initiative dubbed  Operation PowerOFF  that's aimed at dismantling criminal DDoS-for-hire infrastructures worldwide. The development comes almost five months after a "sweep" in December 2022  dismantled 48 similar services  for abetting paying users to launch distributed denial-of-service (DDoS) attacks against targets of interest. This includes school districts, universities, financial institutions, and government websites, according to the U.S. Department of Justice (DoJ). Ten of the 13 illicit domains seized are "reincarnations" of booter or stresser services that were previously shuttered towards the end of last year. "In recent years, booter services have continued to proliferate, as they offer a low barrier to entry for users looking to engage in cybercriminal activity,...

A gambling company in the Philippines was the target of a China-aligned threat actor as part of a campaign that has been ongoing since October 2021. Slovak cybersecurity firm ESET is tracking the series of attacks against Southeast Asian gambling companies under the name  Operation ChattyGoblin . "These attacks use a specific tactic: targeting the victim companies' support agents via chat applications – in particular, the Comm100 and LiveHelp100 apps," ESET  said  in a report shared with The Hacker News. The use of a trojanized Comm100 installer to deliver malware was  first documented  by CrowdStrike in October 2022. The company attributed the supply chain compromise to a threat actor likely with associations to China. The attack chains leverage the aforementioned chat apps to distribute a C# dropper that, in turn, deploys another C# executable, which ultimately serves as a conduit to drop a Cobalt Strike beacon on hacked workstations. Also highlighted in...

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villains. Application security and product security Regrettably, application security teams often intervene late in the development process. They maintain the security level of exposed software, ensuring the integrity and confidentiality of consumed or produced data. They focus on securing data flows, isolating environments with firewalls, and implementing strong user authentication and access control. Product security teams aim to guarantee the intrinsic reliability of applications. They recommend tools and resources, making them available to developers and operations. In the DevSecOps approach, each team is responsible for the security of the applications they create. These teams apply secur...