The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis

Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide

Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide

February 18, 2020Ravie Lakshmanan
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed " Fox Kitten ," the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors. "We estimate the campaign revealed in this report to be among Iran's most continuous and comprehensive campaigns revealed until now," ClearSky researchers said . "The revealed campaign was used as a reconnaissance infrastructure; however, it can also be used as a platform for spreading and activating destructive malware such as ZeroCleare and Dustman." Tying the activities to threat groups APT33, APT34, and APT39, the offensive — conducted using a mix of open source and self-developed tools — also facilitated the groups to steal sensitive information
Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations

Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations

February 18, 2020The Hacker News
Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering ( click here to learn more ) based on more than 72 hours of data collection, enabling organizations to benchmark their security posture against their vertical industry peers and take actions accordingly. Cynet Free Threat Assessment (available for organizations with 250 endpoints and above, from North America and Europe) spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment. 1.) Indication of live attacks — active malware, connection to C&C, data exfiltration, access to phishing links, user credential theft attempts, and others: 2.) Host and app attack surfaces — unpatched vulnera
Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

February 17, 2020Swati Khandelwal
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is ' ThemeGrill Demo Importer ' that comes with free as well as premium themes sold by the software development company ThemeGrill. ThemeGrill Demo Importer plugin has been designed to allow WordPress site admins to import demo content, widgets, and settings from ThemeGrill, making it easier for them to quickly customize the theme. According to a report WebARX security company shared with The Hacker News, when a ThemeGrill theme is installed and activated, the affected plugin executes some functions with administrative privileges without checking whether the user running the code is authenticated and is an admin. The flaw could eventually allow unauthenticated remote attackers to wipe the e
OpenSSH now supports FIDO U2F security keys for 2-factor authentication

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

February 17, 2020Swati Khandelwal
Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements. First, OpenSSH 8.2 added support for FIDO/U2F hardware authenticators , and the second, it has deprecated SSH-RSA public key signature algorithm and planned to disable it by default in the future versions of the software. FIDO (Fast Identity Online) protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along
A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

February 17, 2020Wang Wei
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named ' SweynTooth ,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple system-on-a-chip (SoC) have implemented Bluetooth Low Energy (BLE) wireless communication technology—powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi. According to the researchers, hackers in close physical proximity to vulnerable devices can abuse this vulnerability to remotely trigger deadlocks, crashes, and even bypass security in BLE products, allowing them to arbitrary read or write access to device's functions that are otherwise only allowed to be accessed by an authorized user. "As of today, SweynTooth vulnerabilities a
U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies

U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies

February 14, 2020Ravie Lakshmanan
The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. Accusing Huawei and its affiliates of "using fraud and deception to misappropriate sophisticated technology from US counterparts," the new charges allege the company of offering bonuses to employees who obtained "confidential information" from its competitors. The indictment adds to a list of two other charges filed by the US government last year, including violating US sanctions on Iran and stealing technology from T-Mobile — called Tappy — that's used to test smartphone durability. The development is the latest salvo fired by the Trump administration in its year-long fight against the networking equipment maker, which it deems a threat to national security. "The misappropriated
500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

February 14, 2020Ravie Lakshmanan
Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017. The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations. Upon sharing the discovery privately with Google, the company went on to identify 430 more problematic browser extensions, all of which have since been deactivated. "The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms," sa
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.