The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource exhaustion, the security flaw could be exploited by unauthenticated, remote attackers to cause a DoS of the RAVPN service. "An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device," Cisco said in an advisory. "A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device." Restoration of the RAVPN service may require a reload of the device depending on the impact of the attack, the networking equipment company added. While there are no dire...

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it's a pretty good idea to at least read the joint advisory. In their advisory AA24-242A, DHS/CISA and the FBI told the entire cybercriminal-stopping world that to stop ransomware attacks, organizations needed to implement phishing-resistant MFA and ditch SMS-based OTP MFA.  The Best Advice I Never Followed  This year, we have experienced an astonishing surge in ransomware payments, with the average payment increasing by a staggering 500%. Per the "State of Ransomware 2024" report from cybersecurity leader Sophos, the average ransom has jumped by 5X reaching $2 million from $400,000 last year. Even more troubling, RISK &...

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it made the discovery after it came across a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the zero-day exploit simply upon visiting a fake game website ("detankzone[.]com") that was aimed at individuals in the cryptocurrency sector. The campaign is estimated to have commenced in February 2024. "On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version," Kaspersky researchers Boris Larin and Vasily Berdnikov said . "But that was just a disguise. Under the...

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager ( FGFM ) protocol. "A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests," the company said in a Wednesday advisory. The shortcoming impacts FortiManager versions 7.x, 6.x, FortiManager Cloud 7.x, and 6.x. It also affects old FortiAnalyzer models 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E that have at least one interface with fgfm service enabled and the below configuration on - config system global set fmg-status enable end Fortinet has also provided three workarounds for the flaw depending on the...

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking users all over the world, further developing new malware and establishing new infrastructure," Kaspersky said in an analysis published Tuesday. Some of the other freshly incorporated tricks include the use of a domain generation algorithm (DGA) for command-and-control (C2) communications, ciphertext stealing ( CTS ) encryption, and mouse tracking. Also observed are "lighter, local versions" that are specifically focused on targeting banking customers in Mexico. Grandoreiro , active since 2016, has consistently evolved over time, taking efforts to stay undetected, while also widening its geog...

Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point.  Identity security is more than just provisioning access  The conventional view of viewing identity security as primarily concerned with provisioning and de-provisioning access for applications and services, often in a piecemeal manner, is no longer sufficient. This view was reflected as a broad theme in the Permiso Security State of Identity Security Report (2024) , which finds that despite growing levels of confidence in the ability to identify security risk, nearly half of organizations (45%) remain "concerned" or "extremely concerned" about their current tools being able to detect and protect against identity security attacks.  The Permiso commissioned survey co...

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities ( KEV ) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result in remote code execution. "An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," Microsoft said in an alert for the flaw. Patches for the security defect were released by Redmond as part of its Patch Tuesday updates for July 2024. The exploitation risk is compounded by the fact that proof-of-concept (PoC) exploits for the flaw are available in the public domain. "The PoC script [...] automates authentication to a target SharePoint site using NTLM, creates a spe...

Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models (LLMs) during the course of an interactive conversation by sneaking in an undesirable instruction between benign ones. The approach has been codenamed Deceptive Delight by Palo Alto Networks Unit 42, which described it as both simple and effective, achieving an average attack success rate (ASR) of 64.6% within three interaction turns. "Deceptive Delight is a multi-turn technique that engages large language models (LLM) in an interactive conversation, gradually bypassing their safety guardrails and eliciting them to generate unsafe or harmful content," Unit 42's Jay Chen and Royce Lu said. It's also a little different from multi-turn jailbreak (aka many-shot jailbreak) methods like Crescendo , wherein unsafe or restricted topics are sandwiched between innocuous instructions, as opposed to gradually leading the model to produce harmful outpu...

It may come as a surprise to learn that 34% of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And it's no wonder—the recent AppOmni 2024 State of SaaS Security Report reveals that only 15% of organizations centralize SaaS security within their cybersecurity teams. These statistics not only highlight a critical security blind spot, they also point to the fact that organizational culture is often overlooked as a driving factor behind these risks. As SaaS environments become more decentralized, the lack of clarity around roles and responsibilities is leaving companies exposed.  Most security teams focus solely on technical matters, often overlooking how their company's culture—its everyday practices, attitudes, and default policy enforcement processes—shapes their organization's security posture. Overconfidence, unclear responsibilities, and a lack of continuous monitoring can lead to SaaS security breaches. Let's exami...