#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

Nov 16, 2023 Cloud Security / Ransomware
A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with  GCPW  installed, gain access to the cloud platform with custom permissions, or decrypt locally stored passwords to continue their attack beyond the Google ecosystem," Martin Zugec, technical solutions director at Bitdefender,  said  in a new report. A prerequisite for these attacks is that the bad actor has already gained access to a local machine through other means, prompting Google to mark the bug as  not eligible for fixing  "since it's outside of our threat model and the behavior is in line with Chrome's practices of storing local data." However, the Romanian cybersecurity firm has wa
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure

Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure

Nov 16, 2023 Cyber Warfare / Threat Intelligence
Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023.  "22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace," Denmark's SektorCERT  said  [PDF]. "The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target." The agency said it found evidence connecting one or more attacks to Russia's GRU military intelligence agency, which is also tracked under the name  Sandworm  and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on artifacts communicating with IP addresses that have been traced to the hacking crew. The unprecedented and coordinated cyber attacks took place on
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty

U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty

Nov 15, 2023 Cyber Crime / Network Security
The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty. "The botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, Europe, North America and South America," the Department of Justice (DoJ)  said  in a press statement. Sergei Makinin, who developed and deployed the malicious software to infiltrate thousands of internet-connected devices from June 2019 through December 2022, faces a maximum of 30 years in prison. The Golang-based botnet malware, prior to its dismantling,  turned the infected devices into proxies  as part of a for-profit scheme, which was then offered to other customers via proxx[.]io and proxx[.]net. "IPStorm is a botnet that abuses a legitimate peer-to-peer (p2p) network c
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

Nov 15, 2023 Ransomware / Vulnerability
Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as  CVE-2023-46604  (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month. The vulnerability has since  come under   active exploitation  by ransomware outfits to deploy ransomware such as HelloKitty and a strain that shares similarities with TellYouThePass as well as a remote access trojan called SparkRAT. According to  new findings  from VulnCheck, threat actors weaponizing the flaw are  relying  on a public proof-of-concept ( PoC ) exploit originally disclosed on October 25, 2023. The attacks have been found to use  ClassPathXmlApplicationContext , a class that's part of the Spring framework and available within Active
Three Ways Varonis Helps You Fight Insider Threats

Three Ways Varonis Helps You Fight Insider Threats

Nov 15, 2023 Insider Threat / Risk Management
What do basketball teams, government agencies, and car manufacturers have in common? Each one has been breached, having confidential, proprietary, or private information stolen and exposed by insiders. In each case, the motivations and methods varied, but the risk remained the same: insiders have access to too much data with too few controls. Insider threats  continue to prove difficult for organizations to combat because — unlike an outsider — insiders can navigate sensitive data undetected and typically without suspicion. Cybersecurity is not the first industry to tackle insider threats, however. Espionage has a long history of facing and defending against insiders by using the "CIA Triad" principles of confidentiality, integrity, and availability. Varonis' modern cybersecurity answer to insider risk is the data security triad of "sensitivity, access, and activity." Using these three dimensions of data security, you can help reduce the risk and impact of an insider attack. Sen
Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

Nov 15, 2023 Vulnerability / Hardware Security
Intel has released fixes to close out a high-severity flaw codenamed  Reptar  that impacts its desktop, mobile, and server CPUs. Tracked as  CVE-2023-23583  (CVSS score: 8.8), the  issue  has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's security boundaries, according to Google Cloud, which described it as an issue stemming from how redundant prefixes are interpreted by the processor. "The impact of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized environment, as the exploit on a guest machine causes the host machine to crash resulting in a Denial of Service to other guest machines running on the same host," Google Cloud's Phil Venables  said . "Additionally, the vulnerability could potentially lead to information disclosure or privilege escala
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Nov 15, 2023 Patch Tuesday / Zero-Day
Microsoft has released fixes to address  63 security bugs  in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in addition to  more than 35 security shortcomings  addressed in its Chromium-based Edge browser since the release of Patch Tuesday updates for October 2023. The five zero-days that are of note are as follows - CVE-2023-36025  (CVSS score: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2023-36033  (CVSS score: 7.8) - Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36036  (CVSS score: 7.8) - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2023-36038  (CVSS score: 8.2) - ASP.NET Core Denial of Service Vulnerability CV
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Nov 15, 2023 Network Securit / Vulnerability
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as  CVE-2023-34060  (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console)," the company  said  in an alert. "This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present." The virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by  CVE-2023-34060 . Dustin Hartle from IT solutions provider Idea
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

Nov 14, 2023 Hardware Security / Virtualization
A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization ( SEV ) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed  CacheWarp  (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security and the Graz University of Technology. It impacts AMD CPUs supporting all variants of SEV. "For this research, we specifically looked at AMD's newest TEE, AMD SEV-SNP, relying on the experience from previous attacks on Intel's TEE," security researcher Ruiyi Zhang told The Hacker News. "We found the 'INVD' instruction [flush a processor's cache contents] could be abused under the threat model of AMD SEV." SEV, an  extension  to the AMD-V architecture and introduced in 2016, is designed to isolate VMs from the hypervisor by encrypting the me
Expert Insights / Articles Videos
Cybersecurity Resources