The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable - intellectual property, bank account credentials, company plans, whatever. The attacker makes his way to a certain host on a network node to browse the directories, and suddenly, his connection is cut off. The stolen username and password he acquired no longer works.  Unknowingly, the attacker triggered a well-concealed trap that detected his presence, took immediate action to sever his connection, and then blocked his reconnect ability. Very cool. The concept of Deception technology is pretty cool. And it can be an extremely valuable security layer that comes into play when other security layers are successfully bypassed. The problem, however, is that only very large enterprises have been able to leverage Deception technology due to its cost and complexity to implement and maintain. Unfortunately, small to medium-sized enterprises, the so-called SMEs, just don't hav

The Secure Access Service Edge (or SASE)  has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform. The capabilities that SASE delivers aren't new and include  SD-WAN , threat prevention, remote access, and others that were available from multiple vendors over the years.  So, what is, in fact, new about SASE? This is the main topic for our discussion with Yishay Yovel, Chief Marketing Office at  Cato Networks , one of the first companies that entered the SASE market. THN: Cato had been a big proponent of SASE. Why is SASE important to end customers? Yishay:  SASE is a wake-up call for our industry and IT organizations. IT infrastructure got fragmented with many point solutions that, in turn, created complexity, rigidity, high cost, and increased risk. These are systemic issues. Each point product by itself does

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A week after the US government issued an advisory about a "global intelligence gathering mission" operated by North Korean  state-sponsored hackers , new findings have emerged about the threat group's spyware capabilities. The APT — dubbed " Kimsuky " (aka Black Banshee or Thallium) and believed to be active as early as 2012 — has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework. "The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe," Cybereason researchers said in an  analysis  yesterday. Last week, the FBI and department

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company  released  86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users. The zero-day flaw, tracked as  CVE-2020-16009 , was reported by Clement Lecigne of Google's Threat Analysis Group (TAG) and Samuel Groß of Google Project Zero on October 29. The company also warned that it "is aware of reports that an exploit for CVE-2020-16009 exists in the wild." Google hasn't made any details about the bug or the exploit used by threat actors public so as to allow a majority of users to install the updates and prevent other adversaries from developing their own exploits leveraging the flaw. But Ben Hawkes, Google Project Zero's technical lead,  said  CVE-2020-16009 concerned an "inappropriate implementation" of its

Many businesses are currently looking at how to bolster security across their organization as the pandemic and remote work situation continues to progress towards the end of the year. As organizations continue to implement security measures to protect business-critical data, there is an extremely important area of security that often gets overlooked –  passwords . Weak passwords have long been a security nightmare for your business. This includes reused and  pwned  passwords. What are these? What tools are available to help protect against their use in your environment? Different types of dangerous passwords There are many different types of dangerous passwords that can expose your organization to tremendous risk. One way that cybercriminals compromise environments is by making use of breached password data. This allows launching  password spraying  attacks on your environment. Password spraying involves trying only a few passwords against a large number of end-users. In a passwor

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called  NAT Slipstreaming , the method involves sending the target a link to a malicious site (or a legitimate site loaded with malicious ads) that, when visited, ultimately triggers the gateway to open any TCP/UDP port on the victim, thereby circumventing browser-based port restrictions. The findings were revealed by privacy and security researcher Samy Kamkar over the weekend. "NAT Slipstreaming exploits the user's browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse," Kamkar said in

Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The elevation of privileges (EoP) vulnerability, tracked as  CVE-2020-17087 , concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver ("cng.sys") that can be exploited for a sandbox escape. "The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue," Google's Project Zero researchers Mateusz Jurczyk and Sergei Glazunov noted in their technical write-up. The security team made the details public following a seven-day disclosure deadline because of evidence that it's under active exploit. Project Zero has shared a proof-of-concept exploit (PoC) that can be used to corrupt kernel data and crash vulnerable Windows devices even under default system configurations. What's notable is that the exploit ch

Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed " Operation Earth Kitsune " by Trend Micro, the campaign involves the use of SLUB (for SLack and githUB) malware and two new backdoors —  dneSpy and agfSpy  — to exfiltrate system information and gain additional control of the compromised machine. The attacks were observed during the months of March, May, and September, according to the cybersecurity firm. Watering hole attacks allow a bad actor to compromise a targeted business by compromising a carefully selected website by inserting an exploit with an intention to gain access to the victim's device and infect it with malware. Operation Earth Kitsune is said to have deployed the spyware samples on websites associated with North Korea, although access to these websites