The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The ransomware attack  against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a  regional emergency declaration  in 17 states and the District of Columbia (D.C.). The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations ( FMCSRs ), allowing alternate transportation of gasoline, diesel, and refined petroleum products to address supply shortages stemming from the attack. "Such [an] emergency is in response to the unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the Affected States," the directive said. "This Declaration addresses the emergency conditions creating a need for immediate transportation of gasoline, diesel, jet fuel, and other refined petroleum products and provides necessary relief." The states

An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu  said  in a write-up published on Sunday. "The average exit fraction this entity controlled was above 14% throughout the past 12 months." It's the latest in a series of efforts undertaken to bring to light malicious Tor activity perpetrated by the actor since  December 2019 . The attacks, which are said to have begun in January 2020, were first  documented and exposed  by the same researcher in August 2020. Tor is open-source software for enabling anonymous communication on the Internet. It obfuscates the source and destination of a web request by directing network traffic through

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

For as long as corporate IT has been in existence, users have been required to change their passwords periodically. In fact, the need for scheduled password changes may be one of the most long-standing of all IT best practices. Recently, however, things have started to change. Microsoft has reversed course on the best practices that it has had in place for decades and  no longer recommends that organizations require users to change passwords periodically . Organizations are being forced to consider, perhaps for the first time, whether or not requiring periodic password changes is a good idea. Microsoft password reset recommendations According to Microsoft, requiring users to change their passwords frequently does more harm than good.  Humans are notoriously resistant to change. When a user is forced to change their password, they will often come up with a new password that is based on their previous password. A user might, for example, append a number to the end of their password

Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S. The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, have been accused of renting their wares to cybercriminal clients, who used the infrastructure to disseminate malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit that were capable of co-opting victim machines into a botnet, and stealing sensitive information. The deployment of malware caused or attempted to cause millions of dollars in losses to U.S. victims, the U.S. Department of Justice (DoJ) said in a statement on Friday. "A key service provided by the defendants was helping their clients to evade detection by

Colonial Pipeline , which carries 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack,  once again demonstrating  how critical infrastructure is vulnerable to cyber attacks. "On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack," the company  said  in a statement posted on its website. "We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems." Colonial Pipeline is the largest refined products pipeline in the U.S., a 5,500 mile (8,851 km) system involved in transporting over 100 million gallons from the Texas city of Houston to New York Harbor. Cybersecurity firm FireEye's Mandiant incident response division is said to be assisting with the investigation, according to reports from  B

WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its  new privacy policy  rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service  said  in a statement. The move marks a turnaround from its previous stance earlier this year when the company outlined plans to make the accounts completely inaccessible should users choose not to comply with the data-sharing agreement and opt not to have their WhatsApp account information shared with Facebook. "If you haven't accepted by [May 15], WhatsApp will not delete your account. However, you won't have full functionality of WhatsApp until you accept," the company had  previously said . "For a short time, you'll be able to receive calls and notifications, but won't be able to

Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods, according to a  new advisory  jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operators appear to have reacted [...] by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders," the National Cyber Security Centre (NCSC)  said . These include the deployment of an open-source tool called  Sliver  to maintain their access to compromised victims as well as leveraging the ProxyLogon flaws in Microsoft Exchange servers to conduct post-exploitation activities. The development follows the  public attribution  of SVR-linked actors to the  SolarWinds  supply-chain attack last month. The adversary is also tracked under different monikers, such as Advanced Persistent Threat 29 (APT29), the Dukes, CozyBear, and Yttrium. T

Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app listings. "Today we ask people who have enrolled in  two-step verification  (2SV) to confirm it's really them with a simple tap via a Google prompt on their phone whenever they sign in," the company  said . "Soon we'll start automatically enrolling users in 2SV if their accounts are appropriately configured." Google Play To Get Apple-Like Privacy Labels The Google Play Store for Android is also getting a huge overhaul on the privacy front. The search giant said it plans to include a new  safety section  for app listings that highlights the type of data being collected and stored — such as approximate or precise location, contacts, personal information, photos and videos, and audio files — and how the dat

As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named ' Mouse Trap, ' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration." Remote Mouse is a remote control application for Android and iOS that turns mobile phones and tablets into a wireless mouse, keyboard, and trackpad for computers, with support for voice typing, adjusting computer volume, and switching between applications with the help of a Remote Mouse server installed on the machine. The Android app alone has been installed over 10 million times. In a nutshell, the issues, which were identified by analysing the packets sent from the Android app to its Windows ser

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw, called  'TsuNAME ,' was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains '.nl' and '.nz' for the Netherlands and New Zealand, respectively. "TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers," the researchers said. A recursive DNS resolver is one of the core components involved in  DNS resolution , i.e., converting a hostname such as www.google.com into a computer-friendly IP address like 142.250.71.36. To achieve this, it responds to a client's r

An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. Called  'Moriya ,' the malware is a "passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for the malware and respond to them," said Kaspersky researchers Mark Lechtik and Giampaolo Dedola in a Thursday deep-dive. The Russian cybersecurity firm termed the ongoing espionage campaign  'TunnelSnake .' Based on telemetry analysis, less than 10 victims around the world have been targeted to date, with the most prominent targets being two large diplomatic entities in Southeast Asia and Africa. All the other victims were located in South Asia. The first reports of Moriya emerged last November when Kaspersky said it discovered the stealthy implant in the networks

InfoSec leaders tend to be a specific type. Their jobs require them to think of possible threats, take actions that may not pay immediate results, plan for unknown security risks, and react quickly when emergencies arise, often before the morning's first coffee. The high-stakes position also means that CISOs need to keep their knowledge and skills sharp – you can never really know what's around the corner. So, what can security leaders do to make sure they're prepared and hone their skills ahead of the next inevitable threat? Now, they can test themselves and their knowledge at a new website, 'The CISO Challenge' ( visit it here ). The website, launched by XDR provider Cynet, aims to let information security leaders test their cybersecurity mettle. The website features a challenge for InfoSec leaders (and those who are looking to become one) to test their knowledge in an exciting, high-stakes, realistic series of scenarios. The challenge consists of 25 scenario

Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information. In a series of advisories published on May 5, the company said there are no workarounds that remediate the issues. The HyperFlex HX command injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498 (CVSS scores 9.8), affect all Cisco devices running HyperFlex HX software versions 4.0, 4.5, and those prior to 4.0. Arising due to insufficient validation of user-supplied input in the web-based management interface of Cisco HyperFlex HX Data Platform, the flaws could enable an unauthenticated, remote attacker to perform a command injection attack against a vulnerable device. "An attacker could exploit this vulnerability by sending a crafted request to the web-based management int

Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected. "If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations," researchers from Israeli security firm Check Point  said  in an analysis published today. The heap overflow vulnerability, tracked as CVE-2020-11292 , resides in the QMI voice service API exposed by the modem to the high level operating system, and could be exploited by a malicious app to conceal its activities "underneath" the OS in the modem chip itself, thus making it invisible to the security protections built into the device. Designed since the 1990s, Qualcomm  MSM  chip

When Spectre, a class of critical vulnerabilities impacting modern processors, was  publicly revealed  in January 2018, the researchers behind the discovery  said , "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration behind naming the speculative execution attacks. Indeed, it's been more than three years, and there is no end to Spectre in sight. A team of academics from the University of Virginia and University of California, San Diego, have discovered a  new line of attack  that bypasses all current Spectre protections built into the chips, potentially putting almost every system — desktops, laptops, cloud servers, and smartphones — once again at risk just as they were three years ago. The disclosure of  Spectre and Meltdown  opened a  floodgates  of sorts, what with  endless   variants  of the  attacks  coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorpo

A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners' online accounts at popular websites, potentially enabling account hijacks by simply recovering the accounts tied to those numbers. "An attacker can cycle through the available numbers shown on online number change interfaces and check if any of them are associated with online accounts of previous owners," the researchers  said . If so, the attacker can then obtain these numbers and reset the password on the accounts, and receive and correctly enter the OTP sent via SMS upon login." The findings are part of an analysis of a sample of 259 phone numbers available to new su

PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named "dbutil_2_3.sys" that comes pre-installed on its devices. Hundreds of millions of desktops, laptops, notebooks, and tablets manufactured by the company are said to be vulnerable. "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. Local authenticated user access is required," Dell  said  in an advisory. All five separate flaws have been assigned the CVE identifier CVE-2021-21551 with a CVSS score of 8.8. A breakdown of the shortcomings is as follows -  CVE-2021-21551: Local Elevation Of Privilege