The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon . The intrusion campaign — which breached "several French entities" — is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French information security agency ANSSI in an advisory. "On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet," the agency  said  on Monday. "This backdoor was identified as being the PAS webshell, version number 3.1.4. On the same servers, ANSSI found another backdoor identical to one described by ESET and named Exaramel." The Russian hacker group (also called APT28, TeleBots, Voodoo Bear, or Iron Viking) is said to be behind some of the most devastating cyberattacks in p

Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. The issues were discovered by Italy-based Shielder in iOS, Android, and macOS versions of the app. Following responsible disclosure, Telegram addressed them in a series of patches on September 30 and October 2, 2020. The flaws stemmed from the way secret chat functionality operates and in the app's handling of  animated stickers , thus allowing attackers to send malformed stickers to unsuspecting users and gain access to messages, photos, and videos that were exchanged with their Telegram contacts through both classic and secret chats. One caveat of note is that exploiting the flaws in the wild may not have been trivial, as it requires chaining the aforementioned weaknesses to at least one additional vulnerability in order to get around security defenses in modern devices to

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, " Fraudulent Website Warning ," alerts users about dangerous websites that have been reported as deceptive, malicious, or harmful. To achieve this, Apple relies on  Google Safe Browsing  — or Tencent Safe Browsing for users in Mainland China — a blocklist service that provides a list of URLs for web resources that contain malware or phishing content, to compare a hash prefix calculated from the website address and check if the website is fraudulent. Any match against the database will prompt Safari to request Google or Tencent for the full list of URLs that correspond to the hashed prefix and subsequently block a user's access to the site with a warning. While the approach ensures t

Russian Dutch-domiciled search engine, ride-hailing and  email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain. "The employee was one of three system administrators with the necessary access rights to provide technical support for the service," Yandex said in a statement. The company said the security breach was identified during a routine audit of its systems by its security team. It also said there was no evidence that user payment details were compromised during the incident and that it had notified affected mailbox owners to change their passwords. It's not immediately clear when the breach occurred or when the employee began offering unauthorized access to third-parties. "A thorough internal investigation of the incident is under way, and Yandex will be

Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was  discovered  by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020. The issue has since been resolved in  version 7.4 , released on January 29. Unlike Signal or WhatsApp, conversations on Telegram by default are not end-to-end encrypted, unless users explicitly opt to enable a device-specific feature called " secret chat ," which keeps data encrypted even on Telegram servers. Also available as part of secret chats is the option to send self-destructing messages. What Mishra found was that when a user records and sends an audio or video message via a regular chat, the application leaked the exact path where the recorded message is stored in ".mp4" format. With the secret chat

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover its tracks, only to stealthily collect SMS, encrypted messaging app content, and geolocation, among other types of sensitive information. The findings published by Lookout is the result of an analysis of 18GB of exfiltrated data that was publicly exposed from at least six insecurely configured command-and-control (C2) servers located in India. "Some notable targets included an individual who applied for a position at the Pakistan Atomic Energy Commission, individuals with numerous contacts in the Pakistan Air Force (PAF), as well as officers responsible for electoral rolls (Booth Level Officers) located in the Pulwama district of Kashmir," the researchers  said  in a Wednesday ana

In the era of hacking and malicious actors, a company's cloud security posture is a concern that preoccupies most, if not all, organizations. Yet even more than that, it is the SaaS Security Posture Management (SSPM) that is critical to today's company security. Recently Malwarebytes released a statement on how they were targeted by Nation-State Actors implicated in SolarWinds breach. Their investigation suggested abuse of privileged access to Microsoft Office 365 and Azure environments. Often left unsecured, it's SaaS setting errors like misconfigurations, inadequate legacy protocols, insufficient identity checks, credential access, and key management that leave companies open to account hijacking, insider threats, and other types of leaks or breaches in the organization.  Gartner has defined  the SaaS Security Posture Management (SSPM) category in 2020's Gartner Hype Cycle for Cloud Security as solutions that continuously assess the security risk and manage SaaS a

Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated  year-long investigation  was jointly conducted by law enforcement authorities from the U.K., U.S., Belgium, Malta, and Canada. "The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families," Europol  said  in a statement. "The criminals are believed to have stolen from them over $100 million in cryptocurrencies after illegally gaining access to their phones." The eight suspects, aged 18 to 26, are said to be part of a larger ring, two members of which were nabbed previously in Malta and Belgium. The latest arrests were made in England and Scotland. The sweep comes almost a year afte

New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach involved an  unsuccessful attempt  on the part of an adversary to increase sodium hydroxide dosage in the water supply to dangerous levels by remotely accessing the SCADA system at the water treatment plant. The system's plant operator, who spotted the intrusion, quickly took steps to reverse the command, leading to minimal impact. Now, according to an  advisory  published on Wednesday by the state of Massachusetts, unidentified cyber actors accessed the supervisory control and data acquisition (SCADA) system via TeamViewer software installed on one of the plant's several computers that were connected to the control system. Not only were these computers running 32-bit versions of the Windows 7 operating system, but the machines also shared the