The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the  2022 SaaS Security Survey Report.  The survey report, completed by Adaptive Shield in conjunction with Cloud Security Alliance (CSA), dives into how CISOs today are managing the growing SaaS app attack surface and the steps they are taking to secure their organizations.  The report finds that at least 43% of organizations have experienced a security incident as a result of a SaaS misconfiguration; however, with another 20% being "unsure," the real number could be  as high as 63% . These numbers are particularly striking when compared to the 17% of organizations experiencing security incidents due to an IaaS misconfiguration.  Bearing this

A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity company Check Point  said  in a report. "Whoever crafted the Nim loader took special care to give it the same executable icon as the SMS Bomber that it drops and executes," the researchers said. "Therefore the entire bundle works as a trojanized binary." SMS Bomber, as the name indicates, allows a user to input a phone number (not their own) so as to flood the victim's device with messages and potentially render it unusable in what's a denial-of-service (DoS) attack. The fact that the binary doubles up as SMS Bomber and a backdoor suggests that t

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor  said  in an advisory. "If exploited, the vulnerability allows attackers to gain remote code execution." The vulnerability, tracked as  CVE-2019-11043 , is rated 9.8 out of 10 for severity on the CVSS vulnerability scoring system. That said, it's required that Nginx and php-fpm are running in appliances using the following QNAP operating system versions - QTS 5.0.x and later QTS 4.5.x and later QuTS hero h5.0.x and later QuTS hero h4.5.x and later QuTScloud c5.0.x and later "As QTS, QuTS hero or QuTScloud does not have nginx installed by default, QNAP NAS are not aff

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled " MEGA: Malleable Encryption Goes Awry ," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files. "Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client," ETH Zurich's Matilda Backendal, Miro Haller, and Kenneth G. Paterson said in an analysis of the service's cryptographic architecture. MEGA, which  advertises  itself as the "privacy company" and claims to provide user-controlled end-to-end encrypted cloud storage, has more than 10 million daily active users, w

The Computer Emergency Response Team of Ukraine (CERT-UA) has  cautioned  of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap. Follina ( CVE-2022-30190 , CVSS score: 7.8), which concerns a case of remote code execution affecting the Windows Support Diagnostic Tool (MSDT), was addressed by Microsoft on June 14, as part of its Patch Tuesday updates , but not before it was subjected to widespread zero-day exploit activity by numerous threat actors. According to an independent report published by Malwarebytes,  CredoMap  is a variant of the .NET-based credenti

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that  two   malware  domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis. "We were able to connect these two domains with a  previous campaign from November 2021  which was the first instance to our knowledge of a skimmer checking for the use of virtual machines," Jérôme Segura  said . "However, both of them are now devoid of VM detection code. It's unclear why the threat actors removed it, unless perhaps it caused more issues than benefits." The earliest evidence of the campaign's activity, based on the additional domains uncovered, suggests it dates back to at least May 2020. Magecart  refers to a cybercrim

Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse and a 25-year-old woman from Deventer, according to a  statement  from the National Police Force. Also confiscated as part of 24 house searches were firearms, ammunition, jewelry, designer clothing, expensive watches, electronic devices, tens of thousands of euros in cash, and cryptocurrency, the officials said. "The criminal group contacted victims by email, text message and through mobile messaging applications," the agency  noted . "These messages were sent by the members of the gang and contained a phishing link leading to a bogus banking website." Unsu