The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.  In this post, we'll explore hybrid attacks — what they are and the most common types. We'll also discuss how your organization can defend against them. The blended approach of hybrid attacks Threat actors are always looking for better, more successful ways to crack passwords — and hybrid attacks allow them to combine two different hacking techniques into a single attack. By integrating attack methodologies, they can take advantage of the strengths associated with each method, increasing their chances of success. And hybrid attacks aren't just limited to cracking passwords. Cybercriminals regularly combine technical cyberattacks with other tactics, ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who is behind the activity, or what the end goals of the campaign are. "A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network," CISA said in an advisory. It has also recommended organizations encrypt persistent cookies employed in F5 BIG-IP devices by configuring cookie encryption within the HTTP profile. Furthermore, it's urging users to verify the protection of their systems by running a diagnostic...

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. "An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches," GitLab said in an advisory. Of the remaining seven issues, four are rated high, two are rated medium, and one is rated low in severity - CVE-2024-8970 (CVSS score: 8.2), which allows an attacker to trigger a pipeline as another user under certain circumstances CVE-2024-8977 (CVSS score: 8.2), which allows SSRF attacks in GitLab EE instances with Product Analytics Dashboard configured and enabled CVE-...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said. The marketplace discontinued its operations in late 2023 following reports of service disruptions and exit scams after one of its developers allegedly went rogue in what was characterized by one of the administrators as a "shameful and disgruntled set of events." Bohemia is said to have served 82,000 ads worldwide every day, with about 67,000 transactions taking place each month. In September 2023 alone, the estimated turnover was €12 million. "Some of the sellers in the market advertised shipping from the Netherlands," the Politie said . "An initial analysis shows that at least 14...

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X. "Threat actors continue to evolve and experiment with our models, but we have not seen evidence of this leading to meaningful breakthroughs in their ability to create substantially new malware or build viral audiences," the artificial intelligence (AI) company said . It also said it disrupted activity that generated social media content related to elections in the U.S., Rwanda, and to a lesser extent India and the European Union, and that none of these networks attracted viral engagement or sustained audiences. This included efforts undertaken by an Israeli commercial company named STOIC (als...

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441 , carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck . "A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary command," SSD Disclosure said in an advisory for the flaw released late last month, stating the vendor has yet to provide a fix or a workaround. The flaw impacts the following versions of Nortek Linear eMerge E3 Access Control: 0.32-03i, 0.32-04m, 0.32-05p, 0.32-05z, 0.32-07p, 0.32-07e, 0.32-08e, 0.32-08f, 0.32-09c, 1.00.05, and 1.00.07. Proof-of-concept (PoC) exploits for the flaw have been released following public disclosure, raising concerns that it could be exploited by threat actors. It's worth noting ...

The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of better pay, the opportunity to move beyond the SOC into more rewarding roles, or simply to take much-needed breaks. This high churn rate puts the SOC in a vulnerable position, jeopardizing the overall effectiveness of cybersecurity operations. To keep your team resilient and maintain operational efficiency, it's essential to take proactive steps to reduce burnout and improve retention. Here are five strategies that can make a difference. Why Analyst Burnout Matters More Than Ever SOC analyst burnout is becoming a critical issue as the cybersecurity landscape evolves. Security Operations Centers (SOCs) face a growing number of daily al...

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many of them invisible, does make the code very hard to read for humans." The script, at its core, has been found to leverage JavaScript's capability to use any Unicode character in identifiers to hide the malicious functionality. The end goal of the malware is to steal sensitive data entered on e-commerce checkout or admin pages, including financial information, which are then exfiltrated to an attacker-controlled server. The skimmer, which typically manifests in the form of an inline script on compromised sites that fetches the actual payload from an external serv...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to a case of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests," Fortinet noted in an advisory for the flaw back in February 2024. As is typically the case, the bulletin is sparse on details related to how the shortcoming is being exploited in the wild, or who is weaponizing it and against whom. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the vendor-provided mitigations by Oc...