#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Nov 16, 2020
Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra , Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services. The attack, while limited in scope, exploits WIZVERA VeraPort, which is billed as a "program designed to integrate and manage internet banking-related installation programs," such as digital certificates issued by the banks to individuals and businesses to secure all transactions and process payments. The development is the latest in a long history of espionage attacks against victims in South Korea, including Opera
Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs

Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs

Nov 13, 2020
Complexity is the bane of effective cybersecurity. The need to maintain an increasing array of cybersecurity tools to protect organizations from an expanding set of cyber threats is leading to runaway costs, staff inefficiencies, and suboptimal threat response. Small to medium-sized enterprises (SMEs) with limited budgets and staff are significantly impacted. On average, SMEs manage more than a dozen different security tools, making it very difficult for security teams to manage and orchestrate. SMEs are, understandably, looking to consolidate their security tools to make cybersecurity more manageable and cost-effective. The challenge for these companies is to figure out how to consolidate cybersecurity tools without losing needed protections safely. An upcoming webinar is set to help SMEs with this very issue ( sign up here ). The Cybersecurity Complexity Problem Cannot Be Overemphasized Over the past decade (at least), CISOs have continuously lobbied for increased cybersecurity
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

Nov 13, 2020
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed " SAD DNS attack " (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications. "This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts," the researchers said. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache." Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS '20) held this week. The flaw affects operating systems Linux 3.18-5.10, Windows Serv
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Uncovered: APT 'Hackers For Hire' Target Financial, Entertainment Firms

Uncovered: APT 'Hackers For Hire' Target Financial, Entertainment Firms

Nov 12, 2020
A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed " CostaRicto " by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities. "CostaRicto targets are scattered across different countries in Europe, Americas, Asia, Australia and Africa, but the biggest concentration appears to be in South Asia (especially India, Bangladesh and Singapore and China), suggesting that the threat actor could be based in that region, but working on a wide range of commissions from diverse clients," the researchers said. The modus operandi in itself is quite straight-forward. Upon gaining an initial foothold in the target's environment via stolen credentials, the attacker proceeds to set up an SSH tunnel to download a backdoor and a p
New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

Nov 12, 2020
Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed "ModPipe" — impacts Oracle MICROS Restaurant Enterprise Series (RES) 3700 POS systems, a widely used software suite in restaurants and hospitality establishments to efficiently handle POS, inventory, and labor management. A majority of the identified targets are primarily located in the US. "What makes the backdoor distinctive are its downloadable modules and their capabilities, as it contains a custom algorithm designed to gather RES 3700 POS database passwords by decrypting them from Windows registry values," ESET researchers said in an analysis . "Exfiltrated credentials allow ModPipe's operators access to database contents, including various definitions and configuration, status tables and information ab
MISSIONS — The Next Level of Interactive Developer Security Training

MISSIONS — The Next Level of Interactive Developer Security Training

Nov 12, 2020
If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that can be done to make their experience more engaging, productive, and fun is going to be a powerful motivator in helping them gain valuable secure coding skills. And after dedicating precious time to mastering new abilities that can help beat attackers at their own game, the opportunity to test these new powers is not easily found in a safe environment. So, what is a battle-hardened, security-aware engineer to do? A new feature released on the Secure Code Warrior platform, named ' Missions ,' is a challenge category that elevates users from the recall of learned security knowledge to the application of it in a real-world simulation environment. This scaffolded, microlearning app
Two New Chrome 0-Days Under Active Attacks – Update Your Browser

Two New Chrome 0-Days Under Active Attacks – Update Your Browser

Nov 12, 2020
Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. The company released  86.0.4240.198  for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users. Tracked as CVE-2020-16013 and CVE-2020-16017, the flaws were discovered and reported to Google by "anonymous" sources, unlike previous cases, which were uncovered by the company's Project Zero elite security team. Google acknowledged that exploits for both the vulnerabilities exist in the wild but stopped short of sharing more specifics to allow a majority of users to install the fixes. According to the release notes, the two flaws are: CVE-2020-16013:  An "inappropriate implementation" of its V8 JavaScript rendering engine was reported on November 9. CVE-2020-16017:  An  use-after-free  memory corruption issue in Chrome
Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers

Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers

Nov 11, 2020
A wave of cyberattacks against retailers running the Magento 1.x e-commerce platform earlier this September has been attributed to one single group, according to the latest research. "This group has carried out a large number of diverse Magecart attacks that often compromise large numbers of websites at once through supply chain attacks, such as the Adverline incident , or through the use of exploits such as in the September Magento 1 compromises," RiskIQ said in an analysis published today. Collectively called Cardbleed , the attacks targeted at least 2,806 online storefronts running Magento 1.x, which reached end-of-life as of June 30, 2020. Injecting e-skimmers on shopping websites to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems. These virtual credit card skimmers, also known as formjacking attacks , are typically JavaScript code that the operators stealth
Cybersecurity Resources