#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

Sep 29, 2023 Vulnerability / Network Security
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as  CVE-2023-20109 , and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled. The company  said  the shortcoming "could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash." It further noted that the issue is the result of insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature and it could be weaponized by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker.
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

Sep 28, 2023 Supply Chain / Malware
A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code effecting any end-user submitting its password in a web form," Checkmarx  said  in a technical report. The malware is also designed to capture GitHub secrets and variables to a remote server by means of a GitHub Action. The software supply chain security firm said it observed the atypical commits to hundreds of public and private GitHub repositories between July 8 and 11, 2023. It has emerged that the victims had their GitHub personal access tokens stolen and used by the threat actors to make falsified code commits to users' repositories by posing as Dependabot. Dependabot  is d
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

Sep 28, 2023 Cyber Espionage / Threat Intel
Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a malicious cyber actor dubbed  BlackTech  by the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC). "BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers' domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets," the agencies  said  in a joint alert. Targeted sectors encompass government, industrial, technology, media, electronics
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

Sep 28, 2023 Browser Security / Cybersecurity
The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle modern web-borne threats like phishing and malicious extensions, necessitate a shift towards more advanced solutions. These are the findings of a new report, titled " The Dark Side of Browser Isolation and the Next Generation of Browser Security " ( Download here ). The Roots of Browser Isolation In the past, traditional signature-based antiviruses were commonly used to protect against on-device malware infections. However, they failed to block two main types of threats. The first, browser exploit, especially in Microsoft's Internet Explorer. The second, drive-by malware down
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Sep 28, 2023 Malware / Cyber Threat
Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as  Budworm  using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team, part of Broadcom,  said  in a report shared with The Hacker News. Budworm , also referred to by the names APT27, Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, and Red Phoenix, is known to be active since at least 2013, targeting a wide range of industry verticals in pursuit of its intelligence gathering goals.  The nation-state group leverages various tools such as China Chopper web shell, Gh0st RAT, HyperBro, PlugX, SysUpdate, and ZXShell to exfiltrate high-value information and maintain access to sensitive systems over a long period of time. A previous report from SecureWorks in
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Sep 28, 2023 Zero Day / Vulnerability
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as  CVE-2023-5217 , the high-severity vulnerability has been described as a  heap-based buffer overflow  in the VP8 compression format in  libvpx , a free software  video codec  library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can result in program crashes or execution of arbitrary code, impacting its availability and integrity. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone  noting  on X (formerly Twitter) that it has been abused by a commercial spyware vendor to target high-risk individuals. No additional details have been disclosed by the tech giant other than to acknowledge that it's "aware that an exploit for CVE-2023-5217 exists in the wild." The latest discovery b
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

Sep 27, 2023 Malware / Cyber Attack
A new threat actor known as  AtlasCross  has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs  described  the adversary as having a "high technical level and cautious attack attitude," adding that "the phishing attack activity captured this time is part of the attacker's targeted strike on specific targets and is its main means to achieve in-domain penetration." The attack chains start with a macro-laced Microsoft document that purports to be about a blood donation drive from the American Red Cross that, when launched, runs the malicious macro to set up persistence, exfiltrate system metadata to a remote server (data.vectorse[.]com) that's a sub-domain of a legitimate website belonging to a structural and engineering firm based in the U.S. It also extracts a file named KB4495667.pkg (codenamed DangerAds), which, subsequently acts as a loader to
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

Sep 27, 2023 Vulnerability / Endpoint Security
A novel side-channel attack called  GPU.zip  renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of Washington, and the University of Illinois Urbana-Champaign  said . Graphical data compression  is a feature in integrated GPUs (iGPUs) that allows for saving memory bandwidth and improving performance when rendering frames, compressing visual data losslessly even when it's not requested by software. The study found that the compression, which happens in various vendor-specific and undocumented ways, induces data-dependent  DRAM  traffic and cache occupancy that can be measured using a side-channel. "An attacker can exploit the iGPU-based compression channel to perform cro
New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On

New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On

Sep 27, 2023 Data Security / Cyber Attack
Data security is in the headlines often, and it's almost never for a positive reason. Major breaches, new ways to hack into an organization's supposedly secure data, and other threats make the news because well, it's scary — and expensive.  Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but they are even more costly when they occur, with the  average cost  of a data breach reaching $4.35 million and counting.  Accordingly, companies are investing in solutions that combat these problems and focusing on their Data security and protection more than ever, based on the results of the  WinZip Enterprise survey  of leading industry professionals responsible for implementing and maintaining security at their organizations.  Confidence is Up Among Data Security Pros While the media is reporting on a wide range of security threats, many of those surveyed reported a certain level of confidence in their organization's data security. For instan
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

Sep 27, 2023 Malware / Cyber Threat
A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint  said  in a technical report. "The malware is a modular remote access trojan (RAT) with information stealing capabilities." ZenRAT is hosted on fake websites pretending to be associated with Bitwarden, although it's uncertain as to how traffic is being directed to the domains. Such malware has been propagated via phishing, malvertising, or SEO poisoning attacks in the past. The payload (Bitwarden-Installer-version-2023-7-1.exe), downloaded from crazygameis[.]com, is a trojanized version of the standard Bitwarden installation package that contains a malicious .NET executable (ApplicationRuntimeMonitor.exe). A noteworthy aspect of the campaign is that users wh
Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

Sep 27, 2023 Zero Day / Vulnerability
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the  WebP format  that has come under active exploitation in the wild. Tracked as  CVE-2023-5129 , the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the  Huffman coding algorithm  - With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized ar
Expert Insights / Articles Videos
Cybersecurity Resources