The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis

Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

August 03, 2022Ravie Lakshmanan
A new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts. "It uses an adversary-in-the-middle (AitM) attack technique capable of bypassing multi-factor authentication," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu  said  in a Tuesday report. "The campaign is specifically designed to reach end users in enterprises that use Microsoft's email services." Prominent targets include fintech, lending, insurance, energy, manufacturing, and federal credit union verticals located in the U.S., U.K., New Zealand, and Australia. This is not the first time such a phishing attack has come to light. Last month, Microsoft  disclosed  that over 10,000 organizations had been targeted since September 2021 by means of AitM techniques to breach accounts secured with multi-factor authentication (MFA). The ongoing campaign, effective June 2022,
VMware Releases Patches for Several New Flaws Affecting Multiple Products

VMware Releases Patches for Several New Flaws Affecting Multiple Products

August 02, 2022Ravie Lakshmanan
Virtualization services provider VMware on Tuesday shipped updates to  address 10 security flaws  affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager. The most severe of the flaws is CVE-2022-31656 (CVSS score: 9.8), an authentication bypass vulnerability affecting local domain users that could be leveraged by a bad actor with network access to obtain administrative rights. Also resolved by VMware are three remote code execution vulnerabilities (CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665) related to JDBC and SQL injection that could be weaponized by an adversary with administrator and network access. Elsewhere, it has also remediated a reflec
Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

August 02, 2022Ravie Lakshmanan
Researchers have disclosed a new offensive framework referred to as Manjusaka that they call is a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control (C2), written in Golang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors," Cisco Talos  said  in a new report. Sliver  and  Cobalt Strike  are legitimate adversary emulation frameworks that have been repurposed by threat actors to carry out post-exploitation activities such as network reconnaissance, lateral movement, and facilitating the deployment of follow-on payloads. Written in Rust, Manjusaka -- meaning "cow flower" -- is advertised as an equivalent to the Cobalt Strike framework with capabilities to target both Windows and Linux operating systems. Its developer is believed to be located
New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications

New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications

August 02, 2022Ravie Lakshmanan
Security researchers have discovered a new vulnerability called  ParseThru  affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm Oxeye said in a report shared with The Hacker News. The issue, at its core, has to do with inconsistencies stemming from changes introduced to Golang's URL parsing logic that's implemented in the "net/url" library. While versions of the programming language prior to 1.17 treated semicolons as a valid query delimiter (e.g., example.com?a=1;b=2&c=3), this behavior has since been modified to throw an error upon finding a query string containing a semicolon. "The net/url and net/http packages used to accept ";" (semicolon) as a setting separat
What is ransomware and how can you defend your business from it?

What is ransomware and how can you defend your business from it?

August 02, 2022The Hacker News
Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat actors typically provide victims with a decryption key or tool to unlock their data or device, though this is not guaranteed. Oliver Pinson-Roxburgh, CEO of  Defense.com , the all-in-one cybersecurity platform, shares knowledge and advice in this article on how ransomware works, how damaging it can be, and how your business can mitigate ransomware attacks from occurring. What does a ransomware attack comprise? There are three key elements to a ransomware attack: Access In order to deploy malware to encrypt files and gain control, cybercriminals need to initially gain access to an organiza
LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

August 02, 2022Ravie Lakshmanan
A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the  Log4Shell vulnerability  against an unpatched VMware Horizon Server. "Once initial access had been achieved, the threat actors performed a series of enumeration commands and attempted to run multiple post-exploitation tools, including Meterpreter, PowerShell Empire, and a new way to side-load Cobalt Strike," researchers Julio Dantas, James Haughom, and Julien Reisdorffer  said . LockBit 3.0 (aka LockBit Black), which comes with the tagline "Make Ransomware Great Again!," is the  next iteration  of the prolific  LockBit RaaS family  that emerged in June 2022 to iron out  critical weaknesses  discovered in its predecessor. It's notable for insti
Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys

Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys

August 01, 2022Ravie Lakshmanan
Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News. "Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said.  This can range from reading direct messages to carrying out arbitrary actions such as retweeting, liking and deleting tweets, following any account, removing followers, accessing account settings, and even changing the account profile picture. Access to the Twitter API  requires  generating secret keys and access tokens, which act as the usernames and
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.