The Hacker News

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

Sat, 23 Jan 2021 11:02:29 GMT

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide text

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

Sat, 23 Jan 2021 11:00:46 GMT

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact details of the flaw text

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw

Sat, 23 Jan 2021 08:43:20 GMT

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end text

Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!

Fri, 22 Jan 2021 12:09:41 GMT

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones with near-seamless fluidity, and the best part is that text

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

Fri, 22 Jan 2021 10:40:32 GMT

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary text

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

Thu, 21 Jan 2021 14:58:01 GMT

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the text

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Thu, 21 Jan 2021 11:59:10 GMT

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history. Calling the threat actor "skillful and methodic operators who follow text

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

Thu, 21 Jan 2021 11:15:57 GMT

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point text

Importance of Application Security and Customer Data Protection to a Startup

Thu, 21 Jan 2021 11:09:23 GMT

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do list. One other reason to ignore web application protectioncould be your belief that only large text

Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps

Wed, 20 Jan 2021 11:16:59 GMT

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group text

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Wed, 20 Jan 2021 04:59:14 GMT

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applicationstext

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Tue, 19 Jan 2021 15:04:55 GMT

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that text

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

Tue, 19 Jan 2021 13:43:04 GMT

Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The seven flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in text

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

Tue, 19 Jan 2021 13:40:47 GMT

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage (NAS) devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency. The attacks deploy a new malware variant called "FreakOut" by leveraging critical flaws fixed in Laminas text

New Educational Video Series for CISOs with Small Security Teams

Tue, 19 Jan 2021 11:05:29 GMT

Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are text

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

Mon, 18 Jan 2021 06:42:40 GMT

Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network text

WhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 Months

Sat, 16 Jan 2021 17:10:04 GMT

WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of text

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

Sat, 16 Jan 2021 07:30:40 GMT

The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by text

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

Sat, 16 Jan 2021 05:35:26 GMT

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name "JokerStash"— said "it's time for us to leave forever" and that "we will never ever open again,"text

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Fri, 15 Jan 2021 11:31:43 GMT

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A text