The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as JavaScript and PowerShell," Microsoft Program Manager Naveen Shankar  said . "These languages offer broader capabilities and are better suited for modern web development and automation tasks." The tech giant originally  announced  its plans to gradually sunset VBScript in October 2023. The scripting language, also called Visual Basic Scripting Edition, was first introduced by Microsoft in 1996 as a Windows system component, offering users the ability to automate tasks and develop interactive web pages using Internet Explorer and Edge (in  Internet Explorer mode ). The announced deprecation plan consists of three phases, with the first phase kicking off in the second h...

Cybersecurity researchers have disclosed details of a previously undocumented threat group called  Unfading Sea Haze  that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News. "The investigation revealed a troubling trend beyond the historical context," Martin Zugec, technical solutions director at Bitdefender,  said , adding it identified a total of eight victims to date. "Notably, the attackers repeatedly regained access to compromised systems. This exploitation highlights a critical vulnerability: poor credential hygiene and inadequate patching practices on exposed devices and web services." There are some indications that the threat actor behind the attacks is operating with goals that are aligned with Chinese interests despite the fact that the attack signatures do not overlap wit...

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both worlds by connecting your code insights with real-time runtime data. This means you get a clear, holistic view of your application's security. Instead of reacting to threats, ASPM helps you prevent them. Imagine reducing costly retrofits and emergency patches with a proactive, shift-left strategy—saving you time, money, and stress. Join Amir Kaushansky, Director of Product Management at Palo Alto Networks, as he walks you through how ASPM is changing the game. In this free webinar , you'll learn to: Close the Security Gaps: Understand why traditional AppSec tools fall short and how ASPM fills ...

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company  said  it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally." To that end, customers are required to take immediate action to determine whether they have devices that are accessible over the internet and, if so, cut off connectivity for those that are not meant to be left exposed. "Users should never configure their assets to be directly connected to the public-facing internet," Rockwell Automation further added. "Removing that connectivity as a proactive step reduces attack surface and can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors." On top of that, organizations are required to ensure that they have adopted the necessar...

Since the first edition of  The Ultimate SaaS Security Posture Management (SSPM) Checklist  was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against evolving threats. As SaaS security becomes a top priority, enterprises are turning to SaaS Security Posture Management (SSPM) as an enabler. The  2025 Ultimate SaaS Security Checklist , designed to help organizations choose an SSPM, covers all the features and capabilities that should be included in these solutions. Before diving into each attack surface, when implementing an SSPM solution, it's essential to cover a breadth of integrations, including out-of-the-box and custom app integrations, as well as in-depth security checks. While there are apps that are more sensitive and complex to secu...

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver ( BYOVD ) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese cybersecurity firm Antiy Labs has codenamed the activity as HIDDEN SHOVEL. "GHOSTENGINE leverages vulnerable drivers to terminate and delete known EDR agents that would likely interfere with the deployed and well-known coin miner," Elastic researchers Salim Bitam, Samir Bousseaden, Terrance DeJesus, and Andrew Pease said . "This campaign involved an uncommon amount of complexity to ensure both the installation and persistence of the XMRig miner." It all starts with an executable file ("Tiworker.exe"), which is used to run a PowerShell script that retrieves an obfuscated Power...

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first-ever compromise dates back to 2021. "This keylogger was collecting account credentials into a file accessible via a special path from the internet," the company  said  in a report published last week. Countries targeted by the intrusion set include Russia, the U.A.E., Kuwait, Oman, Niger, Nigeria, Ethiopia, Mauritius, Jordan, and Lebanon. The attack chains commence with the exploitation of  ProxyShell flaws  (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) that were originally patched by Microsoft in May 2021. Successful  exploitation of the vulnerabilities  could allow an attacker to bypass authent...

Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances. The  issues , which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below - CVE-2024-21902  - An incorrect permission assignment for critical resource vulnerability that could allow authenticated users to read or modify the resource via a network CVE-2024-27127  - A double free vulnerability that could allow authenticated users to execute arbitrary code via a network CVE-2024-27128, CVE-2024-27129, and CVE-2024-27130  - A set of buffer overflow vulnerabilities that could allow authenticated users to execute arbitrary code via a network All the shortcomings, that require a valid account on NAS devices, have been addressed in QTS 5.1.7.2770 build 20240520 and QuTS hero h5.1.7.2770 build 20240520. Aliz Hammond of watchTowr Labs has...

Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the company  said  in a statement. "With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data." Zoom's post-quantum E2EE uses  Kyber-768 , which aims at security roughly equivalent to AES-192. Kyber was  chosen  by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) in July 2022 as the quantum-resistant cryptographic algorithm for general encryption. However, for post-quantum E2EE to be enabled by default, it  requires  all meeting participants to be on Zoom desktop or mobile app version 6.0.10 or higher. In the e...

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as  CVE-2024-29849  (CVSS score: 9.8), the  vulnerability  could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. The company has also disclosed three other shortcomings impacting the same product - CVE-2024-29850  (CVSS score: 8.8), which allows account takeover via NTLM relay CVE-2024-29851  (CVSS score: 7.2), which allows a privileged user to steal NTLM hashes of a Veeam Backup Enterprise Manager service account if it's not configured to run as the default Local System account CVE-2024-29852  (CVSS score: 2.7), which allows a privileged user to read backup session logs All the flaws have been addressed in version 12.1.2.172. However, Veeam noted that deploying Veeam ...