The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install ( SMI ) feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature." It also said it continues to observe weak password types used on Cisco network devices, thereby exposing them to password-cracking attacks. Password types refer to algorithms that are used to secure a Cisco device's password within a system configuration file. Threat actors who are able to gain access to the device in this manner would be able to easily access system configuration files, facilitating a deeper compromise of the victim networks. "Organizations must ensure all passwords on network devices are stored using a sufficient level of protection," CISA said, adding it re...

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers. Kimsuky, also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Springtail, and Velvet Chollima, is just one of the myriad offensive cyber teams operating under the direction of the North Korean government and military. It's also very active, often leveraging spear-phishing campaigns as a starting point to deliver an ever-expanding set of custom tools to conduct reconnaissance, pilfer data, and establish persistent remote access to infected hosts. The attacks are also characterized by the use of compromised hosts as staging infrastructure to deploy an obfuscated version of the Green Dinosaur web shell, which is then used...

Cybersecurity researchers have discovered a new " 0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky said . The Israeli application security company said the implications of the vulnerability are far-reaching, and that it stems from the inconsistent implementation of security mechanisms and a lack of standardization across different browsers. As a result, a seemingly harmless IP address such as 0.0.0.0 could be weaponized to exploit local services, resulting in unauthorized access and remote code execution by attackers outside the network. The loophole is said to have been around since 2006. 0.0.0.0 Day impacts Google Chrome/Chromium, Mozilla Firefox, and Apple Safar...

The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker's perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. ASV is an important element of any cybersecurity strategy and by providing a clearer picture of potential vulnerabilities and exposures in the organization, security teams can identify weaknesses before they can be exploited.  However, relying solely on ASV can be limiting. In this article, we'll take a look into how combining the detailed vulnerability insights from  ASV  with the broader threat landscape analysis provided by the Continuous Threat Exposure Management Framework (CTEM) can empower your security teams to make more informed decisions and allocate resources effectively. (Want to learn more abo...

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302 (CVSS score: 6.7) - Windows Secure Kernel Mode Elevation of Privilege Vulnerability Credited with discovering and reporting the flaws is SafeBreach Labs researcher Alon Leviev, who presented the findings at Black Hat USA 2024 and DEF CON 32 . CVE-2024-38202, which is rooted in the Windows Backup component, allows an "attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS)," the tech giant said. It, however, noted that an attacker attempting to leverage the flaw would have to c...

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim's information," Menlo Security researcher Ashwin Vamshi said . "This attack is a great example of a Living Off Trusted Sites ( LoTS ) threat." The starting point of the attack is a phishing email that directs the recipients to a graphic that appears to be an Amazon account verification link. This graphic, for its part, is hosted on Google Drawings, in an apparent effort to evade detection. Abusing legitimate services has obvious benefits for attackers in that they're not only a low-cost solution, but more importantly, ...

The Immersive Experience Happening This September in Las Vegas! In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024 , a landmark event designed to empower cybersecurity professionals with groundbreaking skills, knowledge and insights. Taking place from September 4-9, 2024, at Caesars Palace in Las Vegas and online, this event promises to deliver unparalleled learning experiences and networking opportunities. ensuring accessibility for attendees across the globe. A transformative highlight of this year's event includes AI-focused keynote led by Daniel Miessler, Founder of Unsupervised Learning and Creator of Fabric AI. In his keynote, "How to Run Your Security Program Using AI Before Someone Else Does," Daniel will explore how AI can be seamlessly integrated i...

The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That's according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). "BlackSuit actors have exhibited a willingness to negotiate payment amounts," the agencies said . "Ransom amounts are not part of the initial ransom note, but require direct interaction with the threat actor via a .onion URL (reachable through the Tor browser) provided after encryption." Attacks involving ransomware have targeted several critical infrastructure sectors spanning commercial facilities, healthcare and public health, government facilities, and critical manufacturing. An evolution of the Royal ransomware , it leverages the initial access obtained via phishing emails to disarm antivirus software and exfiltrate sensitive data before ultimately...

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3. "The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\\nmconsole privileges," the company said in an advisory released in late June 2024. According to security researcher Sina Kheirkhah of the Summoning Team, the flaw resides in the implementation of the GetFileWithoutZip method, which fails to perform adequate validation of user-supplied paths prior to its use. An attacker could take advantage of this behavior to execute code in the context of the service account. A proof-of-concept (PoC) exploit has since been released by Kheirkhah. The Shadowserver Foundation s...