The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder supports your compliance goals Intruder's continuous vulnerability scanning and automated reporting help you meet the security requirements of multiple frameworks, including SOC 2, ISO 27001, HIPAA, Cyber Essentials, and GDPR. Here are three core ways Intruder can support you: 1. Making vulnerability management easy Security can be complicated, but your tools shouldn't be. Intruder's always-on platform brings together multiple powerful scanning engines, delivering comprehensive protection that goes beyond traditional vulnerability management. Covering application, cloud, internal, and netwo...

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform. The most severe of the flaws are two shortcomings impacting Lunary, a production toolkit for large language models (LLMs) - CVE-2024-7474 (CVSS score: 9.1) - An Insecure Direct Object Reference (IDOR) vulnerability that could allow an authenticated user to view or delete external users, resulting in unauthorized data access and potential data loss CVE-2024-7475 (CVSS score: 9.1) - An improper access control vulnerability that allows an attacker to update the SAML configuration, thereby making it possible to log in as an unauthorized user and access sensitive information Also discovered in Lunary is anot...

Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: "When you have eliminated the impossible, whatever remains, however improbable, must be the truth." Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution. In cybersecurity, exposure validation mirrors Holmes' approach: Security teams are usually presented with an overwhelming list of vulnerabilities, yet not every vulnerability presents a real threat. Just as Holmes discards irrelevant clues, security teams must eliminate exposures that are unlikely to be exploited or do not pose significant risks. Exposure validation (sometimes called Adversarial Exposure Validation) enables teams to concentrate on the most significant issues and minimize distractions. Similar to Holmes' deductive reasoning, validation of exposures directs organizations towa...

The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer . The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and Australia. Eurojust, in a statement published today, said the operation led to the shut down of three servers in the Netherlands and the confiscation of two domains (fivto[.]online and spasshik[.]xyz). In total, over 1,200 servers in dozens of countries are estimated to have been used to run the malware. As part of the efforts, one administrator has been charged by the U.S. authorities and two people have been arrested by the Belgian police, the Politie said , adding one of them has since been released, while the other remains in custody. The U.S. Department of Justice (DoJ) has charge...

The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol ( TLP ) to handle threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. "The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in conflict with existing law or policy," it said . "We adhere to these markings because trust in data handling is a key component of collaboration with our partners." In using these designations, the idea is to foster trust and collaboration in the cybersecurity community while ensuring that the information is shared in a controlled manner, the government added. TLP is a standardized framework for classifying and sharing sensitive information. It comprises four colors -- Red, Amber, Green, and White -- that determine how it can be distributed further and only to those who need to...

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier ( IBPB ) on x86 chips, a crucial mitigation against speculative execution attacks. Speculative execution refers to a performance optimization feature wherein modern CPUs execute certain instructions out-of-order by predicting the branch a program will take beforehand, thus speeding up the task if the speculatively used value was correct. If it results in a misprediction, the instructions, called transient, are declared invalid and squashed, before the processor can resume execution with the correct value. While the execution results of transient instructions are not committed to the architectural program state, it's still ...

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said . "Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda's signature malware framework." The use of the .NET-based malware tool, per the Slovak cybersecurity company, was detected between May 2022 and February 2023. It incorporates 10 different modules, written in C#, out of which three are meant for stealing data from Google Drive, Gmail, and Outlook. The purpose of the remaining modules remains unknown. Evasive Panda, also tracked as Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that has a track record of striking various entitie...

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the knowledge you need to stay safe. So grab your popcorn (and maybe a firewall), and let's dive into the latest cybersecurity drama! ⚡ Threat of the Week Critical Fortinet Flaw Comes Under Exploitation: Fortinet revealed that a critical security flaw impacting FortiManager (CVE-2024-47575, CVSS score: 9.8), which allows for unauthenticated remote code execution, has come under active exploitation in the wild. Exactly who is behind it is currently not known. Google-owned Mandiant is tracking the activity under the name UNC5820. 🚢🔐 K...

A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google's Threat Analysis Group (TAG) and Mandiant are tracking the activity under the name UNC5812 . The threat group, which operates a Telegram channel named civildefense_com_ua , was created on September 10, 2024. As of writing, the channel has 184 subscribers. It also maintains a website at civildefense.com[.]ua that was registered on April 24, 2024. "'Civil Defense' claims to be a provider of free software programs designed to enable potential conscripts to view and share crowdsourced locations of Ukrainian military recruiters," the company said in a report shared with The Hacker News. Should these programs be installed on Android devices that have Google Play Protect disabled, they are engineered to deploy an operating system-specific commodity malware alo...