#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

Jun 28, 2024 Software Security / DevOps
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the vulnerabilities is CVE-2024-5655 (CVSS score: 9.6), which could permit a malicious actor to trigger a pipeline as another user under certain circumstances. It impacts the following versions of CE and EE - 17.1 prior to 17.1.1 17.0 prior to 17.0.3, and 15.8 prior to 16.11.5 GitLab said the fix introduces two breaking changes as a result of which GraphQL authentication using CI_JOB_TOKEN is disabled by default and pipelines will no longer run automatically when a merge request is re-targeted after its previous target branch is merged. Some of the other important flaws fixed as part of the lates
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

Jun 28, 2024 Malware / Cryptocurrency
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms," Trend Micro researchers Ahmed Mohamed Ibrahim, Shubham Singh, and Sunil Bharti said in a new analysis published today. The cybersecurity firm is tracking the financially motivated actor under the name Water Sigbin, which is known to weaponize vulnerabilities in Oracle WebLogic Server such as CVE-2017-3506 , CVE- 2017-10271 , and CVE-2023-21839 for initial access and drop the miner payload via a multi-stage loading technique. A successful foothold is followed by the deployment of PowerShell script that's responsible for dropping a first-stage loader ("wireguard2-3.exe") that mimics the legiti
NIST Cybersecurity Framework (CSF) and CTEM – Better Together

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

Sep 05, 2024Threat Detection / Vulnerability Management
It's been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally tailored for Critical infrastructure, 2018's version 1.1 was designed for any organization looking to address cybersecurity risk management.  CSF is a valuable tool for organizations looking to evaluate and enhance their security posture. The framework helps security stakeholders understand and assess their current security measures, organize and prioritize actions to manage risks, and improve communication within and outside organizations using a common language. It's a comprehensive collection of guidelines, best practices, and recommendations, divided into five core functions: Identify, Protec
Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

Jun 28, 2024 Cybersecurity / Cloud Security
The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS .  SaaS continues to dominate software adoption , and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem pegs into SaaS security holes  The mature security controls CISOs and their teams depended on in the age of on-prem dominance have vanished. Firewalls now protect a small perimeter, visibility is limited, and even if SaaS vendors offer logs, security teams need homegrown middleware to digest them and push into their SIEM.  SaaS vendors do have well-defined security scopes for their products, but their customers must manage SaaS compliance and data governance, identity and access management (IAM), and application controls — the areas where most incidents occur. While this SaaS shared responsibility mod
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

Jun 28, 2024 Network Security / Data Protection
A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches." A defining characteristic of the approach is that it obviates the need for carrying out an adversary-in-the-middle (AitM) attack or being in physical proximity to the Wi-Fi connection to sniff network traffic. Specifically, it entails tricking a target into loading a harmless asset (e.g., a file, an image, or an ad) from a threat actor-controlled server, which then exploits the victim's
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Jun 28, 2024 Industrial Security / Critical Infrastructure
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior. According to operational technology (OT) security firm Claroty, the vulnerabilities include two command injection flaws and two separate authentication and authorization vulnerabilities that could be weaponized by unauthenticated attackers to perform a wide range of malicious actions ranging from authentication bypass to command injection. "Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition, and bypass authentication to acquire admin capabilities," the U.S. Cybersecurity and Infrastructure Security
TeamViewer Detects Security Breach in Corporate IT Environment

TeamViewer Detects Security Breach in Corporate IT Environment

Jun 28, 2024 Data Breach / Enterprise Security
TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures," the company said in a statement. It further noted that its corporate IT environment is completely cut off from the product environment and that there is no evidence to indicate that any customer data has been impacted as a result of the incident. It did not disclose any details as to who may have been behind the intrusion and how they were able to pull it off, but said an investigation is underway and that it would provide status updates as and when new information becomes available. TeamViewer, based in Germany, is the maker of remote monitoring and management (RMM) software that allows managed service providers (MSPs) and IT departments to mana
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

Jun 27, 2024 Cryptojacking / Data Protection
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates the malware author's continued efforts into profiting off their illicit access and spreading the network further, as it continues to worm across the internet," Cado Security said in a report published this week. P2PInfect came to light nearly a year ago, and has since received updates to target MIPS and ARM architectures. Earlier this January, Nozomi Networks uncovered the use of the malware to deliver miner payloads. It typically spreads by targeting Redis servers and its replication feature to transform victim systems into a follower node of the attacker-controlled server
The Secrets of Hidden AI Training on Your Data

The Secrets of Hidden AI Training on Your Data

Jun 27, 2024 Artificial Intelligence / SaaS Security
While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable, providing seamless experiences from collaboration and communication to work management and decision-making. However, beneath these conveniences lies a largely unrecognized risk: the potential for AI capabilities in these SaaS tools to compromise sensitive business data and intellectual property (IP). Wing's recent findings reveal a surprising statistic: 70% of the top 10 most commonly used AI applications may use your data for training their models. This practice can go beyond mere data learning and storage. It can involve retraining on your data, having human reviewers analyze it, and even sharing it with third parties. Often, these threats are buried deep in the fine print of Term
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Jun 27, 2024 Artificial Intelligence / Vulnerability
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary commands, supply chain security firm JFrog said . Vanna is a Python-based machine learning library that allows users to chat with their SQL database to glean insights by "just asking questions" (aka prompts) that are translated into an equivalent SQL query using a large language model (LLM). The rapid rollout of generative artificial intelligence (AI) models in recent years has brought to the fore the risks of exploitation by malicious actors, who can weaponize the tools by providing adversarial inputs that bypass the safety mechanisms built into them. One such prominent clas
Expert Insights / Articles Videos
Cybersecurity Resources