#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Why Hardsec Matters: From Protecting Critical Services to Enhancing Resilience

Why Hardsec Matters: From Protecting Critical Services to Enhancing Resilience

Aug 13, 2024 Cyber Defense / Compliance
Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before they are recognized. With high-value assets, it's not good enough to have the protection, it's essential to have some assurance that the protection is effective. With software, that assurance is hard work, and this has led to a complimentary approach, called hardsec. What is Hardsec? Short for " Hardware Security ." Hardsec is about using hardware logic and electronics to implement a security defence, rather than through software alone - thereby providing a higher level of security assurance and resilience against both external and insider threats . Making it an essential component of comprehensive cybersecurity strategies. The Rise of Sophisticated Attacks When the impact of an attack ag
FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany

FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany

Aug 13, 2024 Ransomware / Network Security
The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Radar/Dispossessor. The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by individual(s) who go by the online moniker "Brain." "Since its inception in August 2023, Radar/Dispossessor has quickly developed into an internationally impactful ransomware group, targeting and attacking small-to-mid-sized businesses and organizations from the production, development, education, healthcare, financial services, and transportation sectors," the FBI said in a statement. As many as 43 companies have been identified as victims of Dispossessor attacks, including those located in Argentina, Australia, Belgium, Brazil, Canada, Croatia, Germany, Honduras, India, Peru, Pol
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Sep 09, 2024SaaS Security / Risk Management
Designed to be more than a one-time assessment— Wing Security's SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it's free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can't afford to overlook the constantly evolving risks in their SaaS ecosystems. New SaaS apps, shifting permissions, and emerging threats mean risks are always in motion. SaaS Pulse makes it easy to treat SaaS risk management as an ongoing practice, not just an occasional check-up. Security teams instantly get a real-time security "health" score, prioritized risks, contextualized threat insights, and the organization's app inventory—without setups or integrations. SaaS is a Moving Target SaaS stacks don't stand still. Business critical apps can easily slip into a state of vulnerability (i.e. supply chain attacks, account takeovers
Ukraine Warns of New Phishing Campaign Targeting Government Computers

Ukraine Warns of New Phishing Campaign Targeting Government Computers

Aug 13, 2024 Threat Intelligence / Malware
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access. The agency is tracking the activity under the name UAC-0198. More than 100 computers are estimated to have been infected since July 2024, including those related to government bodies in the country. The attack chains involve the mass distribution of emails to deliver a ZIP archive file containing an MSI installer file, the opening of which leads to the deployment of malware called ANONVNC. ANONVNC, which is based on an open-source remote management tool called MeshAgent , allows for stealthy unauthorized access to the infected hosts. The development comes as CERT-UA attributed the hacking group UAC-0102 to phishing attacks propagating HTML attachments that mimic the login page of UKR.NET to steal users' credentials. Over the past few weeks, the agency has also warned of a
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
How Phishing Attacks Adapt Quickly to Capitalize on Current Events

How Phishing Attacks Adapt Quickly to Capitalize on Current Events

Aug 12, 2024 AI in Cybersecurity / Fraud Prevention
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress . What's behind the surge in phishing? One popular answer is AI – particularly generative AI, which has made it trivially easier for threat actors to craft content that they can use in phishing campaigns, like malicious emails and, in more sophisticated cases, deepfake videos . In addition, AI can help write the malware that threat actors often plant on their victims' computers and servers as part of phishing campaigns. Phishing as a Service , or PhaaS, is another development sometimes cited to explain why phishing threats are at an all-time high. By allowing malicious parties to hire skilled attackers to carry out phishing campaigns for them, PhaaS makes it easy for anyone with a grudge – or a desire to exfiltrate some money from unsuspecting victims – to launch phishing attacks. Phishing has become agil
Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

Aug 12, 2024 Critical Infrastructure / Vulnerability
Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. "If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing blackouts," Bitdefender researchers said in an analysis published last week. The vulnerabilities have been addressed by Solarman and Deye as of July 2024, following responsible disclosure on May 22, 2024. The Romanian cybersecurity vendor, which analyzed the two PV monitoring and management platforms, said they suffer from a number of issues that, among others, could result in account takeover and information disclosure. A brief description of the issues is listed below - Full Account Takeover via Authorization Token Manipulation Using the /oauth2-s/oauth/token API endpoint  Deye
The AI Hangover is Here – The End of the Beginning

The AI Hangover is Here – The End of the Beginning

Aug 12, 2024 AI Technology / Machine Learning
After a good year of sustained exuberance, the hangover is finally here. It's a gentle one (for now), as the market corrects the share price of the major players (like Nvidia, Microsoft, and Google), while other players reassess the market and adjust priorities. Gartner calls it the trough of disillusionment , when interest wanes and implementations fail to deliver the promised breakthroughs. Producers of the technology shake out or fail. Investment continues only if the surviving providers improve their products to the satisfaction of early adopters.  Let's be clear, this was always going to be the case: the post-human revolution promised by the AI cheerleaders was never a realistic goal, and the incredible excitement triggered by the early LLMs was not based on market success.  AI is here to stay  What's next for AI then? Well, if it follows the Gartner hype cycle, the deep crash is followed by the slope of enlightenment where the maturing technology regains its footing, benefits
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

Aug 12, 2024 Cybersecurity / Network Security
The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589 , carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity. "A signal handler in sshd(8) may call a logging function that is not async-signal-safe," according to an advisory released last week. "The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges." OpenSSH is an implementation of the secure shell (SSH) protocol suite, providing encrypted and authenticated transport for a variety of services, including remote shell access. CVE-2024-7589 has been described as "another instance&
Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Aug 12, 2024 Operational Technology / Network Security
Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.509 VPN certificates for foreign devices to take over their VPN sessions. "This allows attackers hijacking VPN sessions which results in significant security risks against users of the Cosy+ and the adjacent industrial infrastructure," SySS GmbH security researcher Moritz Abrell said in a new analysis. The findings were presented at the DEF CON 32 conference over the weekend. Following responsible disclosure, the issues have been addressed in firmware versions 21.2s10 and 22.1s3 as part of an advisory [PDF] issued by Ewon on July 29, 2024 - CVE-2024-33892 (CVSS score: 7.4) - Information leakage through cookies
EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

Aug 12, 2024 Cloud Security / Malware
The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind . The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut (LNK) file that, upon opening, activates the infection sequence, culminating in the deployment of malware such as GrewApacha, an updated version of the CloudSorcerer backdoor, and a previously undocumented implant dubbed PlugY. PlugY is "downloaded through the CloudSorcerer backdoor, has an extensive set of commands and supports three different protocols for communicating with the command-and-control server," Russian cybersecurity company Kaspersky said . The initial infection vector relies on a booby-trapped LNK file, which employs DLL side-loading techniques to launch a malicious DLL file that uses Dropbox as a communications mechanism to execute reconnaissance commands and download add
Expert Insights / Articles Videos
Cybersecurity Resources