The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis

Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM

Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM

October 25, 2021The Hacker News
The average cost of a data breach, according to the latest research by IBM, now stands at  USD 4.24 million , the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the workplace. CISOs/CIOs are dealing with legacy systems, cloud hosting, on-prem, remote workers, office based, traditional software, and SaaS. How businesses adapted was laudable, but now that employees spread across locations, offices and homes – with  more than half  threatening not to return to offices unless hybrid working is implemented – the challenge morphs into securing a nonuniform perimeter.  We know passwords aren't sufficient. Knowledge-based access is usually fortified with other forms of multi-factor authentication (MFA), such as auth apps or FIDO tokens, and in highly sensitive case
Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group

Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group

October 25, 2021Ravie Lakshmanan
Nobelium, the  threat actor  behind the SolarWinds compromise in December 2020, has been behind an ongoing wave of attacks that compromised 14 downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "compromise-one-to-compromise-many" approach. Microsoft, which disclosed details of the campaign on Monday, said it notified more than 140 resellers and technology service providers since May. Between July 1 and October 19, 2021, Nobelium is said to have singled out 609 customers, who were collectively attacked a grand total of 22,868 times. "This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,
Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

October 25, 2021Ravie Lakshmanan
Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems. CVE-2021-42258 , as the flaw is being tracked as, concerns an  SQL-based injection  attack that allows for remote code execution and was successfully leveraged to gain initial access to an unnamed U.S. engineering company and mount a ransomware attack, American cybersecurity firm Huntress Labs said.  While the issue has been addressed by BQE Software in BillQuick version 22.0.9.1 released on October 7, eight other undisclosed security issues that were identified as part of the investigation are yet to be patched. According to its  website , BQE Software's products are used by 400,000 users worldwide. "Hackers can use this to access customers' BillQuick data and run malicious commands on their on-premises Windows servers,&qu
NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

October 24, 2021Ravie Lakshmanan
The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, which  publicized  the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and writing a book about Saudi Crown Prince Mohammed bin Salman." The research institute did not attribute the infiltrations to a specific government. In a  statement  shared with Hubbard, the Israeli company denied its involvement in the hacks and dismissed the findings as "speculation," while noting that the journalist was not "a target of Pegasus by any of NSO's customers." To date, NSO Group is believed to have leveraged at least three different iOS exploits — namely an iMessage zero-click exploit in December 2019, a  KISMET  exploit targeting iOS 13
Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

October 23, 2021Ravie Lakshmanan
Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in December 2020, dubbed the copy-and-paste attack infrastructure " TodayZoo ." "The abundance of phishing kits and other tools available for sale or rent makes it easy for a lone wolf attacker to pick and choose the best features from these kits," the researchers said. "They put these functionalities together in a customized kit and try to reap the benefits all to themselves. Such is the case of TodayZoo." Phishing kits, often sold as one time payments in underground forums, are packaged archive files containing images, scripts, and HTML pages that
Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline

Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline

October 23, 2021Ravie Lakshmanan
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and  taken offline  for a second time earlier this week, in what's the  latest action  taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by  Reuters , quoting multiple private-sector cyber experts working with the U.S. government, noting that the  May cyber attack  on Colonial Pipeline relied on encryption software developed by REvil associates, officially corroborating DarkSide's  connections  to the prolific criminal outfit. Coinciding with the development, blockchain analytics firm Elliptic  disclosed  that $7 million in bitcoin held by the DarkSide ransomware group were moved through a series of new wallets, with a small fraction of the amount being transferred with each transfer to make the laundered money more difficult to track and  convert   the funds  into fiat currency through
Popular NPM Package Hijacked to Publish Crypto-mining Malware

Popular NPM Package Hijacked to Publish Crypto-mining Malware

October 22, 2021Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency on Friday  warned  of crypto-mining and password-stealing malware embedded in " UAParser.js ," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library. The supply-chain attack targeting the open-source library saw three different versions — 0.7.29, 0.8.0, 1.0.0 — that were published with malicious code on Thursday following a successful takeover of the maintainer's NPM account. "I believe someone was hijacking my NPM account and published some compromised packages (0.7.29, 0.8.0, 1.0.0) which will probably install malware," UAParser.js's developer Faisal Salman  said . The issue has been patched in versions 0.7.30, 0.8.1, and 1.0.1. The development comes days after DevSecOps firm Sonatype disclosed details of three packages —  okhsa, klow, and klown  — that masqueraded
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.