The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after successful user authentication. Why companies adopt Zero Trust security Companies adopt Zero Trust security to protect against complex and increasingly sophisticated cyber threats. This addresses the limitations of traditional, perimeter-based security models, which include no east-west traffic security, the implicit trust of insiders, and lack of adequate visibility.  Traditional vs. Zero Trust security Zero Trust security upgrades an organization's security posture by offering: Improved security posture : Organizations can improve their security posture by continuously gathering data on...

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an "unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices," the Dutch company said . The zero-click nature of the vulnerability means it does not require any user interaction to trigger the exploitation, thereby allowing attackers to gain access to the devices to steal sensitive data and plant additional malware. The flaw impacts the following versions - BeePhotos for BeeStation OS 1.0 (Upgrade to 1.0.2-10026 or above) BeePhotos for BeeStation OS 1.1 (Upgr...

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx , Phylum , and Socket published over the past few days. The activity was first flagged on October 31, 2024, although it's said to have been underway at least a week prior. No less than 287 typosquat packages have been published to the npm package registry. "As this campaign began to unfold in earnest, it became clear that this attacker was in the early stages of a typosquat campaign targeting developers intending to use the popular Puppeteer, Bignum.js, and various cryptocurrency libraries," Phylum said. The packages contain obfuscated JavaScript that's executed during (or post) the installation process, ultimately le...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S. The development was first reported by Bloomberg and corroborated by 404 Media . The exact nature of the charges against Moucka is currently not known. In June 2024, Snowflake disclosed that a "limited number" of its customers were targeted as part of a targeted campaign. Later, Google-owned Mandiant attributed it to a financially motivated threat group called UNC5537. "UNC5537 comprises members based in North America, and collaborates with an additional member in Turkey," the company assessed with moderate confidence at the time, adding approximately 16...

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective sub-directories, according to a code commit message . There are currently no details about how the vulnerability is being weaponized in real-world attacks, but Google acknowledged in its monthly bulletin that there are indications it "may be under limited, targeted exploitation." The tech giant has also flagged CVE-2024-43047, a now-patched security bug in Qualcomm chipsets, as having been actively exploited. A use-after-free vulnerability in the Digital Signal Processor (DSP) Service, a successful exploitation of the security flaw could lead to memory corrupti...

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including denial-of-service (DoS) attacks, model poisoning, model theft, and more," Oligo Security researcher Avi Lumelsky said in a report published last week. Ollama is an open-source application that allows users to deploy and operate large language models (LLMs) locally on Windows, Linux, and macOS devices. Its project repository on GitHub has been forked 7,600 times to date. A brief description of the six vulnerabilities is below - CVE-2024-39719 (CVSS score: 7.5) - A vulnerability that an attacker can exploit using /api/create an endpoint to determine the existence of a file in the se...

German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical skills of their own," the Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said . "The use of stresser services to carry out DDoS attacks has recently become increasingly known in the context of police investigations." The BKA described dstat[.]cc as a platform that offered recommendations and evaluations of stresser services in order to conduct DDoS attacks against websites of interest and render them unresponsive. According to an alert published by Radware in January 2023, dstat[.]cc offered botnet owners the ability to assess the capacity and capabilities of their DDoS attack services. "Bot herders use DStat sites ...

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We're talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 It's enough to make you want to chuck your phone in the ocean. (But don't do that, you need it to read this newsletter!) The good news? We've got the inside scoop on all the latest drama. Think of this newsletter as your cheat sheet for surviving the digital apocalypse. We'll break down the biggest threats and give you the knowledge to outsmart those pesky hackers. Let's go! ⚡ Threat of the Week North Korean Hackers Deploy Play Ransomware: In what's a sign of blurring boundaries between nation-state groups and cybercrime actors, it has emerged that the North Korean state-sponsored hacking crew called Andariel ...

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain.  Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide . Data from the Imperva Threat Research team's six-month analysis (April 2024 – September 2024) revealed that AI-driven threats need to be top of mind for retailers this year. As generative AI tools and large language models (LLMs) become more widespread and advanced, cybercriminals are increasingly leveraging these technologies to scale and refine their attacks on eCommerce platforms. Imperva Threat Research also found that retail sites collectively experience an average of 569,884 AI-driven attacks each day. Understanding what types of threats are accounting for these attacks, and how to protect against them, is critical for retail businesses ...