The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two unprotected Amazon-hosted servers—with 272GB and 1.3TB in size—belonging to Natura that consisted of more than 192 million records. According to the report Anurag shared with The Hacker News, the exposed data includes personally identifiable information on 250,000 Natura customers, their account login cookies, along with the archives containing logs from the servers and users. Worryingly, the leaked information also includes Moip payment account details with access tokens for nearly 40,000 wirecard.com.br users who integrated it with their Natura accounts. "Around 90% of users were Brazilian customers, although other nationalities were also present, including customers

British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers. In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their credit card details stolen, though no passport details were accessed. The airline did not disclose precisely how the breach happened, when it happened, when the company discovered it, how the sophisticated attackers unauthorizedly managed to gain access to the private information of its customers, and for how long they had that access to the airline's systems. However, EasyJet assured its users that the company had closed off the unauthorized access following the discovery and that it found "no evidence that any personal information of any nature has been misused" b

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for wireless data transfer between devices. "The Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment," the researchers outlined in the paper. "Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade." Given the widespread impact of the vulnerability, the researchers said they responsibly disclosed the findings to the Bluetooth Special Interest Group (SIG), the organization that oversees the development o

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence" based on the history of compromised victims—spread via an initial dropper that masks itself as a visa application, the Global Research and Analysis Team at Kaspersky discovered. The Turla APT , a Russian-based threat group, has a long history of carrying out espionage and watering hole attacks spanning various sectors, including governments, embassies, military, education, research, and pharmaceutical companies. First documented by G-Data in 2014, COMpfun received a significant upgrade last year (called "Reductor") after Kaspersky found that the malware was used to spy on a victim's browser activity by staging man-in-the-middle ( MitM ) attacks on encrypte

As more businesses leverage remote, mobile, and temporary workforces, the elements of business continuity planning are evolving and requiring that IT professionals look deep into the nuts and bolts of connectivity. CISOs and their team members are facing new challenges each and every day, many of which have been driven by digital transformation, as well as the adoption of other productivity-enhancing technologies. A case in point is the rapidly evolving need to support remote and mobile users as businesses change how they interact with staffers. For example, the recent COVID-19 crisis has forced the majority of businesses worldwide to support employees that work from home or other remote locations. Many businesses are encountering numerous problems with connection reliability, as well as the challenges presented by rapidly scaling connectivity to meet a growing number of remote workers. Add to that security and privacy issues, and it becomes evident that CISOs may very wel

Remember the Reverse RDP Attack —wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes. Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655. In the latest report shared with The Hacker News, Check Point researcher disclosed that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function "PathCchCanonicalize," unchanged. Apparently, the workaround works fine for the built-in RDP client in Windows operating systems, but the patch is not fool-proof en

A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks. Dubbed ' Ramsay ,' the malware is still under development with two more variants (v2.a and v2.b) spotted in the wild and doesn't yet appear to be a complex attacking framework based upon the details researcher shared. However, before reading anything further, it's important to note that the malware itself doesn't leverage any extraordinary or advanced technique that could let attackers jump air-gapped networks to infiltrate or exfiltrate data from the targeted computers. According to ESET researcher Ignacio Sanmillan, Ramsay infiltrates targeted computers through malicious documents, potentially sent via a spear-phishing email or dropped using a USB drive, and then exploits an ol

Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from target systems, according to a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD). The three new malware strains are the latest addition to a long list of over 20 malware samples , including BISTROMATH, SLICKSHOES, HOPLIGHT, and ELECTRICFISH , among others, that have been identified by the security agencies as originating as part of a series of malicious cyber activity by the North Korean government it calls Hidden Cobra , or widely known by the moniker Lazarus Group. Full

More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store. "4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said. Acquired by Google in 2014, Firebase is a popular mobile application development platform that offers a variety of tools to help third-party app developers build apps, securely store app data and files, fix issues, and ev

In the past, the autonomous breach protection company Cynet announced that it is making Cynet 360 threat detection and response platform available at no charge for IR (incident response) service providers and consultants. Today Cynet takes another step and announces a $500 grant for Incident Responders for each IR engagement in which Cynet 360 was used, with an additional $1,000 grant if the customer if the customer purchases an annual Cynet 360 subscription after the IR process is concluded. Learn about this new offering here . Incident response investigations come in a thousand different variations, but most can be broken down into two main parts. The first is discovering the few suspicious machines, user accounts, and network connections out of the mass activities within the attacked environment. The second part follows these discoveries and involves a surgical-like collection and analysis of forensic artifacts to refute or validate the suspicion and if validated to disclo

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720 . Written in PHP programming language, vBulletin is a widely used Internet forum software that powers over 100,000 websites on the Internet, including forums for some Fortune 500 and many other top companies. Considering that the popular forum software is also one of the favorite targets for hackers, holding back details of the flaw could, of course, help many websites apply patches before hackers can exploit them to compromise sites, servers, and their user databases. However, just like previous times, researchers and hackers have already started reverse-engineering the software patch to locate and understan

A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past 9 years with Thunderbolt, or Thunderbolt-compatible USB-C ports. Collectively dubbed 'ThunderSpy,' the vulnerabilities can be exploited in 9 realistic evil-maid attack scenarios, primarily to steal data or read/write all of the system memory of a locked or sleeping computer—even when drives are protected with full disk encryption. In a nutshell, if you think someone with a few minutes of physical access to your computer—regardless of the location—can cause any form of significant harm to you, you're at risk for an evil maid attack. According to Björn Ruytenberg of the Eindhoven University of Technology, the ThunderSpy attack "may require opening a target laptop's case with a screwdriver, [but] it leaves no trace of intrusion and can be pulled off in just a few minutes." In other words, the flaw is not li

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email. According to the breach notification email that affected customers [ 1 , 2 ] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password. "This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018," the company said in the warning email as shown below. Upon discovery, a qui

An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei—which went undetected for at least five years and is still an ongoing threat. The group, named 'Naikon APT,' once known as one of the most active APTs in Asia until 2015, carried out a string of cyberattacks in the Asia-Pacific (APAC) region in search of geopolitical intelligence. According to the latest investigation report Check Point researchers shared with The Hacker News, the Naikon APT group had not gone silent for the last 5 years, as initially suspected; instead, it was using a new backdoor, called " Aria-body ," to operate stealthily. "Given the characteristics of the victims and capabilities presented by the group, it is evident that the group's purpose is to gather intelligence and spy on the countries whose governments it

More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back at it again with a new zero-rating initiative called Discover . The service, available as a mobile web and Android app, allows users to browse the Internet using free daily data caps. Facebook Discover is currently being tested in Peru in partnership with local telecom companies such as Bitel, Claro, Entel, and Movistar. Unlike the regular rich-content browsing, Facebook's latest connectivity project only provides low-bandwidth text-only based browsing, meaning other forms of data-intensive content such as audio and video are not supported. Another key differentiator is that it treats all websites equally, whereas users of Free Basics are limited to a handful of sites that are submitted by developers and meet technical criteria set by Facebook. The move, ultimately, drew criticism for violating principles of net neutrality ,

The Coronavirus crisis introduces critical operational challenges to business continuity, placing high stress on organizations' management. As a result, CIOs and CISOs face a double challenge on the cyber risk front – apart from the new risks that the mass transfer of employees working remotely brings, capturing the management mindshare for further investments in security becomes harder than ever. The Definitive Corona Cyber Security for Management PPT template provides security executives with an easy and intuitive tool to present management their existing security posture and translate it to tangible business risk, as well as making the case on how to address gaps if such exist. From the CISO perspective, it's hard to understand what there is to explain – working remotely equals a mass increase in remote credential theft attempts. Monitoring for malicious remote connection to critical resources becomes extremely hard, if not impossible. Employees working from p