The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's reputation in tatters. This isn't just a hypothetical scenario – it's the harsh reality faced by countless individuals and organizations every day. Recent data reveals that compromised credentials are the single biggest attack vector in 2024. That means stolen passwords, not exotic malware or zero-day exploits, are the most common way hackers breach systems and wreak havoc. To help you navigate this critical issue, we invite you to join our exclusive webinar, " Compromised Credentials in 2024: What to Know About the World's #1 Attack Vector. " What You...

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability , tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users," according to a description shared on the U.S. National Vulnerability Database (NVD). Exim is a free, mail transfer agent that's used in hosts that are running Unix or Unix-like operating systems. It was first released in 1995 for use at the University of Cambridge.  Attack surface management firm Censys said 4,830,719 of the 6,540,044 public-facing SMTP mail servers are running Exim. As of July 12, 2024, 1,563,085 internet-accessible...

The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives," the DoJ said . The bot network, comprising 968 accounts on X, is said to be part of an elaborate scheme hatched by an employee of Russian state-owned media outlet RT (formerly Russia Today), sponsored by the Kremlin, and aided by an officer of Russia's Federal Security Service (FSB), who created and led an unnamed private intelligence organization. The developmental efforts for the bot farm began in April 2022 when the individuals procured online infrastructure while anon...

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition," the company said in an advisory. "Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue." The flaw impacts all versions of Expedition prior to version 1.2.92, which remediates the problem. Synopsys Cybersecurity Research Center's (CyRC) Brian Hysell has been credited with discovering and reporting the issue. While there is no evidence that the vulnerability has be...

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply chain security firm ReversingLabs said. The attackers pivoted from using NuGet's MSBuild integrations to "a strategy that uses simple, obfuscated downloaders that are inserted into legitimate PE binary files using Intermediary Language (IL) Weaving, a .NET programming technique for modifying an application's code after compilation," security researcher Karlo Zanki said . The end goal of the counterfeit packages, both old and new, is to deliver an off-the-shelf remote access trojan called SeroXen RAT . All the identified packages have since been taken down. The latest coll...

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has been designated DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in April 2024. "DodgeBox is a loader that proceeds to load a new backdoor named MoonWalk," security researchers Yin Hong Chang and Sudeep Singh said . "MoonWalk shares many evasion techniques implemented in DodgeBox and utilizes Google Drive for command-and-control (C2) communication." APT41 is the moniker assigned to a prolific state-sponsored threat actor affiliated with China that's known to be active since at least 2007. It's also tracked by the broader cybersecurity community under the names Axiom, Blackfly, Brass Typhoon (formerly Barium), Bronze Atl...

Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit perceived vulnerabilities in smaller firms for expedient profit.  Small to medium-sized organizations often lack the resources and expertise for robust privileged identity management . Yet they increasingly require PAM solutions. Fortunately, the market now offers numerous vendors specializing in these needs. Recognizing the demand for accessible solutions, these vendors provide affordable options tailored to organizations aiming to meet stringent compliance standards or enhance security practices, requiring minimal installation and maintenance to gain full access controls .  To enhance t...

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense. "The majority of the custom code in the malware appears to be focused on anti-analysis, communicating with its command-and-control center (C2), and downloading and running files with a limited focus on monitoring or harvesting credentials," it said . Infection chains begin with phishing messages bearing finance-themed lures that trick recipients into clicking on an embedded URL pointing to a 7-Zip archive file hosted on Google Drive. Other methods observed include the use of HTML or PDF files directly attached to the emails or downloaded via another embedded Google Drive link. The abuse of legitimate services by threat actors is not a new phenomenon as it allows them to bypass...

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It was publicly disclosed in early June 2024. "CVE-2024-4577 is a flaw that allows an attacker to escape the command line and pass arguments to be interpreted directly by PHP," Akamai researchers Kyle Lefton, Allen West, and Sam Tinklenberg said in a Wednesday analysis. "The vulnerability itself lies in how Unicode characters are converted into ASCII." The web infrastructure company said it began observing exploit attempts against its honeypot servers targeting the PHP flaw within 24 hours of it being public knowledge. This included exploits designed to deliver a remote...