The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with  banking   malware . These 17 dropper apps, collectively dubbed  DawDropper  by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been removed from the app marketplace. "DawDropper uses Firebase Realtime Database, a third-party cloud service, to evade detection and dynamically obtain a payload download address," the researchers  said . "It also hosts malicious payloads on GitHub." Droppers are apps designed to sneak past Google's Play Store security checks, following which they are used to download more potent and intrusive malware on a device, in this case,  Octo  (Coper),  Hydra ,  Ermac , and  TeaBot . Attack chains involved the DawDropper malware establishing connections with a Firebase Re

Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum ( ONVIF ) standard implementation, which, when exploited, can lead to seizing control of IP cameras.  Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera," Nozomi Networks  said  in a Thursday report. The issue, which was  addressed  in a patch released on June 28, 2022,  impacts  the following products - Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620 Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614 Dahua IPC-HX2XXX: Versions prior to v2.820.0000000.48.R.220614 ONVIF governs the development and use of an open standard for how IP-based physical security products such as video surveillance cameras and access control systems can communicate with one an

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the spam campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS , short for InterPlanetary File System, is a peer-to-peer (P2P) network to store and share files and data using cryptographic hashes, instead of URLs or filenames, as is observed in a traditional client-server approach. Each hash forms the basis for a unique content identifier ( CID ). The idea is to create a resilient distributed file system that allows data to be stored across multiple computers. This would allow information to be accessed without having to rely on third parties such as cloud storage providers, effectively making it resistant to censorship. "Taking down phishing content stored on IPFS can be difficult

The rise of  DevOps culture  in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However,  containerization and the rise of cloud software development  are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity debt, and increasing security risks.  Let's take a look at three of the top security risks which machine identities create – and how you can combat them. Certificate renewal issues Machine identities are secured differently from human ones. While human IDs can be verified with login and password credentials, machine IDs use certificates and keys. A huge issue with these types of credentials is they have expiration dates.  Generally, certificates remain valid for two years, but the rapid pace of technological improvement has reduced some lifespans to 13 months. Given that there are

Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies ( DGPCE ) and used to monitor excessive radiation levels across the country. The reason for the attacks is unknown as yet. "The two detainees, former workers, attacked the computer system and caused the connection of the sensors to fail, reducing their detection capacity even in the environment of nuclear power plants," the Policía Nacional  said . The law enforcement probe, dubbed Operation GAMMA, commenced in June 2021 in the immediate aftermath of the attack perpetrated against the RAR network, which is a mesh of 800 gamma radiation detection sensors deployed in various parts of the country to de

A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is  CVE-2022-26138 , which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain unrestricted access to all pages in Confluence. The real-world exploitation follows the release of the hard-coded credentials on Twitter, prompting the Australian software company to prioritize patches to mitigate potential threats targeting the flaw. "Unsurprisingly, it didn't take long [...] to observe exploitation once the hard-coded credentials were released, given the high value of Confluence for attackers who often jump on Confluence vulnerabilities to execute ransomware attacks," Rapid7 security researcher Glenn Thorpe  said . It's worth noting that the bug only exists

Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox,  said . In keeping this in mind, the internet and ad tech giant said it's taking a "deliberate approach" and  extending the testing window  for its ongoing Privacy Sandbox initiatives prior to phasing out third-party cookies. Cookies are pieces of data planted on a user's computer or other device by the web browser as a website is accessed, with third-party cookies fueling much of the digital advertising ecosystem and its ability to track users across different sites to show targeted ads. Privacy Sandbox is Google's umbrella term for a set of technologies