#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

Oct 16, 2017
FinSpy —the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis . The critical type confusion vulnerability, tracked as CVE-2017-11292 , could lead to code execution and affects Flash Player 21.0.0.226 for major operating systems including Windows, Macintosh, Linux and Chrome OS. Researchers say BlackOasis is the same group of attackers which were also responsible for exploiting another zero-day vulnerability ( CVE-2017-8759 ) discovered by FireEye researchers in September 2017. Also, the final FinSpy payload in the current attacks exploiting Flash zero-day (CVE-2017-11292) shares the same command and control (C&C) server as the
Yet Another Linux Kernel Privilege-Escalation Bug Discovered

Yet Another Linux Kernel Privilege-Escalation Bug Discovered

Oct 16, 2017
Security researchers have discovered a new privilege-escalation vulnerability in Linux kernel that could allow a local attacker to execute code on the affected systems with elevated privileges. Discovered by Venustech ADLab (Active-Defense Lab) researchers, the Linux kernel vulnerability (CVE-2017-15265) is due to a use-after-free memory error in the Advanced Linux Sound Architecture (ALSA) sequencer interface of the affected application. The Advanced Linux Sound Architecture (ALSA) provides audio and MIDI functionality to the Linux operating system, and also bundles a userspace driven library for application developers, enabling direct (kernel) interaction with sound devices through ALSA libraries. Successful exploitation of this vulnerability requires an attacker—with local access on the targeted system—to execute a maliciously crafted application on a targeted system, which allows the attacker to elevate his privilege to root on the targeted system, a Cisco advisory warned
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
How A Drive-by Download Attack Locked Down Entire City for 4 Days

How A Drive-by Download Attack Locked Down Entire City for 4 Days

Oct 16, 2017
We don't really know the pain and cost of a downtime event unless we are directly touched. Be it a flood, electrical failure, ransomware attack or other broad geographic events; we don't know what it is really like to have to restore IT infrastructure unless we have had to do it ourselves. We look at other people's backup and recovery issues and hope we are smarter or clever enough to keep it from happening to us. Recovery from a downtime event includes inconvenience, extra work, embarrassment and yes, real pain. A ransomware attack is a good example. Unitrends—an American company specialised in backup and business continuity solutions—recently shared with us a real cyber-attack incident happened with one of their customers to describe the required steps they took to recover functionality following a CryptoLocker attack against a US city. Also, how it cost city's Governance team days of production and hundreds of man-hours to recover. The Challenge
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

Oct 16, 2017
Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them. Dubbed KRACK — Key Reinstallation Attack —the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos. Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individua
Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack

Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack

Oct 14, 2017
Remember NotPetya ? The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year. Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack. According to a press release published Thursday by the Secret Service of Ukraine (SBU), the next major cyber attack could take place between October 13 and 17 when Ukraine celebrates Defender of Ukraine Day (in Ukrainian: День захисника України, Den' zakhysnyka Ukrayiny). Authorities warn the cyber attack can once again be conducted through a malicious software update against state government institutions and private companies. The attackers of the NotPetya ransomware also used the same tactic—compromising the update mechanism for Ukrainian financial software provider called MeDoc and swapping in a dodgy update including the NotPetya computer v
Cybersecurity Resources