The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis. Hardhat is a development environment for Ethereum software, incorporating various components for editing, compiling, debugging and deploying smart contracts and decentralized apps (dApps). The list of identified counterfeit packages is as follows - nomicsfoundations @nomisfoundation/hardhat-configure installedpackagepublish @nomisfoundation/hardhat-config @monicfoundation/hardhat-config @nomicsfoundation/sdk-test @nomicsfoundation/hardhat-config @nomicsfoundation/web3-sdk @nomicsfoundation/sdk-...

A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei , a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405 , it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed," according to a description of the vulnerability. "This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template." Nuclei is a vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks to identify security flaws. The scanning engine makes use of templates , wh...

Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Mandiant Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT , which had its source code publicly leaked in 2008. PLAYFULGHOST's initial access pathways include the use of phishing emails bearing code of conduct-related lures or search engine optimization (SEO) poisoning techniques to distribute trojanized versions of legitimate VPN apps like LetsVPN. "In one phishing case, the infection begins by tricking the victim into opening a malicious RAR archive disguised as an image file by using a .jpg extension," the company said . "When extracted and executed by the victim, the archive drops a malicious Windows executable, which eventually dow...

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or RedJuliett ), which was outed last year as operating an Internet of Things (IoT) botnet called Raptor Train . The hacking crew has been active since at least mid-2021, targeting various entities across North America, Europe, Africa, and across Asia. Attacks mounted by Flax Typhoon have typically leveraged known vulnerabilities to gain initial access to victims' computers and then make use of legitimate remote access software to maintain persistent access.  The Treasury Department described Chinese malicious cyber actors as one of the "most active and most persistent threats to U.S. nati...

Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and Danny Tsechansky. "The technique asks the target LLM to act as a judge scoring the harmfulness of a given response using the Likert scale , a rating scale measuring a respondent's agreement or disagreement with a statement," the Unit 42 team said . "It then asks the LLM to generate responses that contain examples that align with the scales. The example that has the highest Likert scale can potentially contain the harmful content." The explosion in popularity of artificial intelligence in recent years has also led to a new class of security exploits called prompt in...

A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (CVSS score: 9.8), a critical integer overflow flaw in the same component that could result in remote code execution. Credited with discovering and reporting both vulnerabilities is independent security researcher Yuki Chen ( @guhe120 ). The CVE-2024-49113 PoC devised by SafeBreach Labs, codenamed LDAPNightmare , is designed to crash any unpatched Windows Server "with no pre-requisites except that the DNS server of the victim DC has Internet connectivity."  Specifically, it entails sending a DCE/RPC request to the victim server, ultimately causing the Local Security Authority Su...

Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program manager on the .NET team, said in a statement last week. The move is the result of the fact that some .NET binaries and installers are hosted on Azure Content Delivery Network (CDN) domains that end in .azureedge[.]net -- dotnetcli.azureedge.net and dotnetbuilds.azureedge.net -- which are hosted on Edgio. Last month, web infrastructure and security company Akamai acquired select assets from Edgio following its bankruptcy. As part of this transition, the Edgio platform is scheduled to end service on January 15, 2025. Given that the .azureedge[.]net domains could ceas...

Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the assistant "obtained by Apple and/or were shared with third-parties as a result of an unintended Siri activation" between September 17, 2014, and December 31, 2024. Eligible individuals can submit claims for up to five Siri devices – iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV – on which they claim to have experienced an accidental Siri activation during a conversation intended to be confidential or private. Class members who submit valid claims can receive $20 per device. The lawsuit was brought against Apple following a 2019 report from The Guar...

Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter , while the third vulnerability is rooted in the FetchXML API . The root cause of the first vulnerability is the lack of access control on the OData Web API Filter, thereby allowing access to the contacts table that holds sensitive information such as full names, phone numbers, addresses, financial data, and password hashes. A threat actor could then weaponize the flaw to perform a boolean-based search to extract the complete hash by guessing each character of the hash sequentially until the correct value is identified. "For example, we start by sending startswith(adx_identity_passwordhash, 'a') then startswith( adx_identity_p...