The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today's cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that deeply integrate security throughout the software development life cycle has never been greater.  However, HOW organizations go about it is of critical importance. For example, locking down the development platform, instituting exhaustive code reviews, and enforcing heavyweight approval processes may improve the security posture of pipelines and code, but don't count on applications teams to operate fluidly enough to innovate. The same goes for application security testing; uncovering a mountain of vulnerabilities does little good if developers have inadequate time or guidance to fix them. At a ...

File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of FIM for businesses to ensure the integrity of their data. IT security compliance involves adhering to applicable laws, policies, regulations, procedures, and standards issued by governments and regulatory bodies such as PCI DSS, ISO 27001, TSC, GDPR, and HIPAA. Failure to comply with these regulations can lead to severe consequences such as cyber breaches, confidential data loss, financial loss, and reputational damage. Therefore, organizations must prioritize adherence to IT regulations and standards to mitigate risks and safeguard their information systems effectively. The rapid pace of technological advancement and a shortage of skilled cybersecurity professionals contribute to compliance...

A critical security flaw has been disclosed in the  llama_cpp_python  Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as  CVE-2024-34359  (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system, compromising data and operations," security researcher Guy Nachshon  said . llama_cpp_python, a Python binding for the  llama.cpp library , is a popular package with over 3 million downloads to date, allowing developers to integrate AI models with Python.  Security researcher Patrick Peng (retr0reg) has been credited with discovering and reporting the flaw, which has been addressed in version 0.2.72. The  core issue  stems from the misuse of the Jinja2 template engine within the llama_cpp_python package, allowing for server-side template injection that le...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

 Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. "Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024," the tech giant  said . The Windows maker  originally announced  its decision to drop NTLM in favor of Kerberos for authentication in October 2023. NTLM's lack of support for cryptographic methods such as AES or SHA-256 notwithstanding, the protocol has also been rendered susceptible to relay attacks, a technique that has been widely exploited by the Russia-linked  APT28 actor  via zero-day flaws in Microsoft Outlook. Other changes coming to Windows 11 include enabling  Local Security Authority (LSA) protection  by default for new consumer devices and the use of v...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  added  a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The flaw, tracked as  CVE-2023-43208  (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete patch for another critical flaw CVE-2023-37679 (CVSS score: 9.8). Details of the vulnerability were first revealed by Horizon3.ai in late October 2023, with additional technical specifics and a proof-of-concept (PoC) exploit released earlier this January. Mirth Connect is an open-source data integration platform widely used by healthcare companies, allowing for data exchange between different systems in a standardized manner. CVE-2023-43208 is "ultimately related to insecure usage of the Java XStream library for unmarshalling XML payloads," security researcher Naveen Sunkava...

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution. The vulnerability, tracked as  CVE-2024-4323 , has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.7 through 3.0.3, with fixes  available  in  version 3.0.4 . The issue relates to a case of memory corruption in Fluent Bit's built-in HTTP server that could allow for DoS, information leakage, or remote code execution. Specifically, it relates to sending maliciously crafted requests to the  monitoring API  through endpoints such as /api/v1/traces and /api/v1/trace. "Regardless of whether or not any traces are configured, it is still possible for any user with access to this API endpoint to query it," security researcher Jimi Sebree  said . "During the parsing of incomi...

An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the moniker  Void Manticore , which is also referred to as  Storm-0842  (formerly DEV-0842) by Microsoft. "There are clear overlaps between the targets of Void Manticore and  Scarred Manticore , with indications of systematic hand off of targets between those two groups when deciding to conduct destructive activities against existing victims of Scarred Manticore," the company  said  in a report published today. The threat actor is known for its disruptive cyber attacks against Albania since July 2022 under the name Homeland Justice that involve the use of bespoke wiper malware called  Cl Wiper  and  No-Justice  (aka LowEraser). Si...

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands," Check Point  said  in a technical report. "This exploit has been used by multiple threat actors, from e-crime to espionage." It's worth noting that Adobe Acrobat Reader – which is more prevalent in sandboxes or antivirus solutions – is not susceptible to this specific exploit, thus contributing to the campaign's low detection rate. The issue stems from the fact that the application shows "OK" as the default selected option in a pop-up when users are asked to trust the document prior to enabling certain features to avoid potential security risks. Once a user clicks OK, they are displayed a second pop-up warning that the file is about to execute...

All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a w...