The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The 2021 spring edition of  Pwn2Own  hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, Apple Safari, Microsoft Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu Desktop operating systems. Some of the major highlights are as follows — Using an authentication bypass and a local privilege escalation to completely take over a Microsoft Exchange server, for which the Devcore team netted $200,000 Chaining a pair of bugs to achieve code execution in Microsoft Teams, earning researcher OV $200,000 A zero-click exploit targeting Zoom that employed a three-bug chain to exploit the messenger app and gain code execution on the target system. ($200,000) The exploitation

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications  equipment manufacturer Gigaset , the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users into downloading and installing malicious applications linked to the malicious code built into the APKpure app. The development was reported by researchers from  Doctor Web  and  Kaspersky . "This trojan belongs to the dangerous Android.Triada malware family capable of downloading, installing and uninstalling software without users' permission," Doctor Web researchers said. According to Kaspersky, the APKPure version 3.17.18 was tweaked to incorporate an advertisement SDK that acts as a Trojan dropper designed to deliver other malware to a victim's device. "This

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed " Saint Bot ," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was seen dropping stealers (i.e.  Taurus  Stealer) or further loaders ( example ), yet its design allows [it] to utilize it for distributing any kind of malware," said Aleksandra "Hasherezade" Doniec, a threat intelligence analyst at Malwarebytes . "Furthermore, Saint Bot employs a wide variety of techniques which, although not novel, indicate some level of sophistication considering its relatively new appearance." The infection chain analyzed by the cybersecurity firm begins with a phishing email containing an embedded ZIP file ("bitcoin.zip&qu

For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the DoD supply chain, this means adhering to a strict regulatory framework, which can be quite complex. For one, must ensure that cybersecurity processes and practices are aligned with the type and sensitivity of the information that needs to be protected. Even though the model is tiered (from "basic cybersecurity hygiene" to "advanced"), organizations will expend a significant effort to ensure they align with the compliance level appropriate for their contracts. This is why one XDR provider has created a new guide to demonstrate how it helps organizations achieve CMMC compliance ( download the whitepaper here ). T

Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, remote attacker to execute arbitrary code on an affected appliance. The flaw, which stems from improper validation of user-supplied input in the web-based management interface, could be exploited by a malicious actor to send specially-crafted HTTP requests to the targeted device and achieve remote code execution. "A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device," Cisco  said  in its advisory. Security researcher Treck Zhou has been credited with reporting the vulnerability. Although th

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple  unwanted apps  that were downloaded and installed through a pre-installed system update app. The infections are said to have occurred starting  March 27 . The German manufacturer of telecommunications devices said it took steps to alert the update service provider of the issue, following which further infections were prevented on April 7. "Measures have been taken to automatically rid infected devices of the malware. In order for this to happen the devices must be connected to the internet (WLAN, WiFi or mobile data). We also recommend connecting the devices to their chargers. Affected devices should automatically be freed from the malware within 8 hours," the comp

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology. APT34  (aka OilRig) is known for its reconnaissance campaigns aligned with the strategic interests of Iran, primarily hitting financial, government, energy, chemical, and telecommunications industries in the Middle East. The group typically resorts to targeting individuals through the use of booby-trapped job offer documents, delivered directly to the victims via LinkedIn messages. Although the latest campaign bears some of the same hallmarks, the exact mode of delivery remains unclear as yet. The Word document analyzed by Check Point — which was  uploaded  to VirusTotal from Lebanon on January 10 — claims to of

Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim. The attacks happened in the first quarter of 2021, between January and March. "Various details of the attack indicate that the attackers had carefully analyzed the infrastructure of the targeted organization and prepared their own infrastructure and toolset based on the information collected at the reconnaissance stage,"  said  Vyacheslav Kopeytsev, a security researcher at Kaspersky ICS CERT. The disclosure comes days after the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA)  warned  of advanced persistent threat (APT) actor

When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA? We'll discuss each compliance measure and its importance in this article. What is NIST compliance? Defined by the National Institute of Standards and Technology, NIST compliance aims to harden federal systems against cyber-attacks. While the agency is non-regulatory, it  is  part of the U.S. Department of Commerce, which has plenty of influence over government agencies and their contractors. For example, NIST guidelines help agencies  satisfy the requirements of the Federal Information Security Management Act  (FISMA). NIST is instrumental in creating Federal Information Proce