#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

Jan 17, 2023 Threat Response / Malware
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces  is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code. It also comes with a port forwarding feature that makes it possible to access a web application that's running on a particular port within the codespace directly from the browser on a local machine for testing and debugging purposes. "You can also forward a port manually, label forwarded ports, share forwarded ports with members of your organization, share forwarded ports publicly, and add forwarded ports to the codespace configuration," GitHub  explains  in its documentation. It's  important  to note here that any forwarded port that's made public will also permit any party with knowledge of the URL
4 Places to Supercharge Your SOC with Automation

4 Places to Supercharge Your SOC with Automation

Jan 17, 2023 Security Automation / SOC Platform
It's no secret that the job of SOC teams continues to become increasingly difficult. Increased volume and sophistication of attacks are plaguing under-resourced teams with false positives and analyst burnout. However, like many other industries, cybersecurity is now beginning to lean on and benefit from advancements in automation to not only maintain the status quo, but to attain better security outcomes. Automation across multiple phases of the SOC workflow The need for automation is clear, and it is apparent that it is becoming table stakes for the industry. Of all cyber resilient organizations, IBM estimates that  62%  have deployed automation, AI and machine learning tools and processes.  Up until now, much of these advancements in automation have been focused on response, with SOAR and incident response tools playing an instrumental role in tackling the most urgent phase of the SOC workflow.  Centering the focus only on response, however, means we're treating the sym
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!

Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!

Jan 17, 2023 Cyber Threat / Vulnerability
Users of Zoho ManageEngine are being urged to patch their instances against a critical security vulnerability ahead of the release of a proof-of-concept ( PoC ) exploit code. The issue in question is  CVE-2022-47966 , an unauthenticated remote code execution vulnerability affecting several products due to the use of an outdated third-party dependency, Apache Santuario. "This vulnerability allows an unauthenticated adversary to execute arbitrary code," Zoho  warned  in an advisory issued late last year, noting that it affects all ManageEngine setups that have the SAML single sign-on (SSO) feature enabled, or had it enabled in the past. Horizon3.ai has now released Indicators of Compromise (IOCs) associated with the flaw, stating that it was able to successfully reproduce the exploit against ManageEngine ServiceDesk Plus and ManageEngine Endpoint Central products. "The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' acr
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

Jan 17, 2023 Software Security / Supply Chain
A threat actor by the name  Lolip0p  has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named  colorslib  (versions 4.6.11 and 4.6.12),  httpslib  (versions 4.6.9 and 4.6.11), and  libhttps  (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023. They have since been yanked from PyPI but not before they were cumulatively downloaded over 550 times. The modules come with identical setup scripts that are designed to invoke PowerShell and run a malicious binary (" Oxzy.exe ") hosted on Dropbox, Fortinet  disclosed  in a report published last week. The executable, once launched, triggers the retrieval of a next-stage, also a binary named  update.exe , that runs in the Windows temporary folder ("%USER%\AppData\Local\Temp\"). update.exe is flagged by antivirus vendors on VirusTotal as an information stealer that's also capable of
Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software

Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software

Jan 16, 2023 Data Security / Cyber Threat
A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such as  Raccoon  and  Vidar  since early 2020. The infection chain "uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub," cybersecurity firm SEKOIA  said  in an analysis published earlier this month. The French cybersecurity company assessed the domains to be operated by a threat actor running a traffic direction system ( TDS ), which allows other cybercriminals to rent the service to distribute their malware. The attacks target users searching for cracked versions of software and games on search engines like Google, surfacing fraudulent websites on top by leveraging a technique called search engine optimization (SEO) poisoning to lure victims into downloading and executing the malicious payloads. The poisoned result
A Secure User Authentication Method – Planning is More Important than Ever

A Secure User Authentication Method – Planning is More Important than Ever

Jan 16, 2023 Identity Management / MFA
When considering authentication providers, many organizations consider the ease of configuration, ubiquity of usage, and technical stability. Organizations cannot always be judged on those metrics alone. There is an increasing need to evaluate company ownership, policies and the stability, or instability, that it brings. How Leadership Change Affects Stability In recent months, a salient example is that of Twitter. The Twitter platform has been around since 2006 and is used by millions worldwide. With many users and a seemingly robust authentication system, organizations used Twitter as a primary or secondary authentication service. Inconsistent leadership and policies mean the stability of a platform is subject to change, which is especially true with Twitter as of late. The ownership change to Elon Musk precipitated widespread changes to staffing and policies. Due to those changes,  a large portion of staff was let go , but this included many individuals responsible for the techn
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

Jan 16, 2023 Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS)  advisories  warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio, which could be exploited by an attacker to "obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code,"  according to CISA . This includes CVE-2022-45444 (CVSS score: 10.0), a case of hard-coded passwords for select users in the application's database that potentially grant remote adversaries unrestricted access. Also notable are two command injection flaws (CVE-2022-47911 and CVE-2022-43483, CVSS scores: 9.1) and an out-of-bounds write vulnerability (CVE-2022-41989, CVSS score: 9.1) that could result in denial-of-service condition or code execution. The vulnerabilities
New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild

New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild

Jan 16, 2023 Threat Landscape / Malware
Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s  Hive  multi-platform  malware suite , the source code of which was  released  by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive attack kit in the wild, and we named it  xdr33  based on its embedded Bot-side certificate CN=xdr33," Qihoo Netlab 360's Alex Turing and Hui Wang  said  in a technical write-up published last week. xdr33 is said to be propagated by exploiting an unspecified N-day security vulnerability in F5 appliances. It communicates with a command-and-control (C2) server using SSL with forged Kaspersky certificates. The intent of the backdoor, per the Chinese cybersecurity firm, is to harvest sensitive information and act as a launchpad for subsequent intrusions. It improves upon Hive by adding new C2 instructions and functionalities, among other implementation changes. The  ELF
Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

Jan 14, 2023 DevOps / Data Security
DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus software. "The malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems," Rob Zuber, CircleCI's chief technology officer,  said  in an incident report. Further analysis of the security lapse revealed that the unauthorized third-party pilfered data from a subset of its databases by abusing the elevated permissions granted to the targeted employee. This included customer environment variables, tokens, and keys. The threat actor is believed t
Expert Insights / Articles Videos
Cybersecurity Resources