The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023. "In this incident, the threat actor abused anonymous access to an Internet-facing cluster to launch malicious container images hosted at Docker Hub, some of which have more than 10,000 pulls," Wiz researchers Avigayil Mechtinger, Shay Berkovich, and Gili Tikochinski said . "These docker images contain a UPX-packed DERO miner named 'pause.'" Initial access is accomplished by targeting externally accessible Kubernetes API servers with anonymous authentication enabled to deliver the miner payloads. Unlike the 2023 version that deployed a Kubernetes DaemonSet named "proxy-api," the latest flavor makes use of seemingly b...

Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of a live event company's clientele, igniting a firestorm of concern and outrage.  Let's review the facts: two large organizations announced that they suffered a data breach, identifying unauthorized activity within a third-party cloud database environment. The accessed business records contained critical information on some employees, a large number of customers and other key business data.  The cloud connection  What might link these two breaches is the cloud data company Snowflake, which counts among its users both organizations. Snowflake did publish a warning with CISA , indicating a "recent increase in cyber threat activity targeting customer accounts on its cloud data platform." Snowflake issued a reco...

Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve SYSTEM privileges. It was patched by Microsoft in March 2024. "Analysis of an exploit tool deployed in recent attacks revealed evidence that it could have been compiled prior to patching, meaning at least one group may have been exploiting the vulnerability as a zero-day," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. The financially motivated threat cluster is being tracked by the company under the name Cardinal. It's also monitored by the cybersecurity community under the names Storm-1811 and UNC4393 . It's known to mon...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads," Elastic Security Labs researcher Daniel Stepanic said in a new analysis. "Each sample is compiled with a hard-coded [command-and-control] IP address and RC4 key." The backdoor comes with capabilities to fingerprint infected machines, capture screenshots, and drop more malicious programs. The company is tracking the activity under the name REF6127. The attack chains observed since late April involve the use of email messages purporting to be from recruitment firms like Hays, Michael Page, and PageGroup, urging recipients to click on an embedded link to view details about a job opportunity. Users who end up clicking on the link are then prompted to download a docume...

State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. "The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the vulnerability," the Dutch National Cyber Security Centre (NCSC) said in a new bulletin. "During this so-called zero-day period, the actor alone infected 14,000 devices." The campaign targeted dozens of Western governments, international organizations, and a large number of companies within the defense industry. The names of the entities were not disclosed. The findings build on an earlier advisory from February 2024, which found that the attackers had breached a computer network used by the Dutch armed forces by exploiting CVE-2022-42475 (CVSS score: 9.8), which allows...

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month. None of the security flaws have been actively exploited in the wild, with one of them listed as publicly known at the time of the release. This concerns a third-party advisory tracked as CVE-2023-50868 (CVSS score: 7.5), a denial-of-service issue impacting the DNSSEC validation process that could cause CPU exhaustion on a DNSSEC-validating resolver. It was reported by researchers from the National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt back in February, alongside KeyTrap ( CVE-2023-50387 , CVSS score: 7.5). "NSEC3 is an improved version of NSEC (Next Secure) that provides authenticated denial of existence," Tyler Reguly, associate director of Security...

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand their client base. By unifying a full suite of cybersecurity capabilities in a simple, cost-effective solution, Cynet's All-in-One Cybersecurity Platform empowers MSPs to provide a full breach protection service with a single tool, backed by 24/7 expert support, for rapid profit. All-in-One Advantages for MSPs Traditionally, MSPs have cobbled together security solutions from variety of vendors, leading to a complex and expensive tech stack. Cynet solved this challenge with an All-in-One Platform that includes Extended Detection and Response (XDR), Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), Security Information and Event Ma...

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the China Education and Research Network ( CERNET ), a project funded by the Chinese government. "These probes seek to find and measure DNS responses at open resolvers," they said in a report published last week. "The end goal of the SecShow operations is unknown, but the information that is gathered can be used for malicious activities and is only for the benefit of the actor." That said, there is some evidence to suggest that it may have been linked to some kind of academic research related to "performing measurements using IP Address Spoofing Techniques on domains within secshow.net" modeled on the same approach as the Closed Resolver Project . This, howeve...

One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's security posture, revealing weaknesses that could potentially lead to data breaches or other security incidents.  Vonahi Security , the creators of vPenTest, an automated network penetration testing platform, just released their annual report, " The Top 10 Critical Pentest Findings 2024 ." In this report, Vonahi Security conducted over 10,000 automated network pentests, uncovering the top 10 internal network pentest findings at over 1,200 organizations. Let's dive into each of these critical findings to better understand the common exploitable vulnerabilities organizations face and how to address them effectively. Top 10 Pentest Findings & Recommendations 1. Multicast DNS (MDNS) S...