The Hacker News - Cybersecurity News and Analysis

Time 2020-09-29 15:04:29

Web Name: The Hacker News - Cybersecurity News and Analysis

WebSite: http://thehackernews.com

ID:64116

Keywords:

News,Hacker,The,

Description:

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army September 28, 2020 Ravie Lakshmanan Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed Operation SideCopy by Indian cybersecurity firm Quick Heal , the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay under the radar by copying the tactics of other threat actors such as the SideWinder . Exploiting Microsoft Equation Editor Flaw The campaign s starting point is an email with an embedded malicious attachment either in the form of a ZIP file containing an LNK file or a Microsoft Word document that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what s notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw ( CVE-2017Red Team Automation or Simulation? September 28, 2020 The Hacker NewsWhat is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, the difference runs deeper. In a nutshell, a pen-test is performed to discover exploitable vulnerabilities and misconfigurations that would potentially serve unethical hackers. They primarily test the effectiveness of security controls and employee security awareness. The purpose of a red team exercise, in addition to discovering exploitable vulnerabilities, is to exercise the operational effectiveness of the security team, the blue team. A red team exercise challenges the blue team s capabilities and supporting technology to detect, respond, and recover from a breach. The objective is to improve their incident management and response procedures. The challenge with pen-testing and red teFinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations September 25, 2020 Mohit Kumar Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company , FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists. FinSpy, also known as FinFisher, can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, to gain spying capabilities, including secretly turning on their webcams and microphones, recording everything the victim types on the keyboard, intercepting calls, and exfiltration of data. According to the human rights organization Amnesty International , the newly discovered campaign is not linked to NilePhish, a hacking group known for attacking Egyptian NGOs in a serMicrosoft Windows XP Source Code Reportedly Leaked Online September 25, 2020 Swati KhandelwalMicrosoft s long-lived operating system Windows XP that still powers over 1% of all laptops and desktop computers worldwide has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft s 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it s for the very first time when source code for Microsoft s operating system has been leaked to the public. Several reports suggest that the collection of torrent files, which weigh 43GB in size, also said to include the source code for Windows Server 2003 and several Microsoft s older operating systems, including: Windows 2000 Windows CE 3 Windows CE 4 Windows CE 5 Windows Embedded 7 Windows Embedded CE Windows NT 3.5 Windows NT 4 MS-DOS 3.30 MS-DOS 6.0 The torrent download also includes the alleged source code for various Windows 10 components that appeared in 2017 and sourFortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers September 25, 2020 Ravie LakshmananAs the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network , over 200,000 businesses that have deployed the Fortigate VPN solution with default configuration to enable employees to connect remotely are vulnerable to man-in-the-middle (MitM) attacks, allowing attackers to present a valid SSL certificate and fraudulently take over a connection. We quickly found that under default configuration the SSL VPN is not as protected as it should be, and is vulnerable to MITM attacks quite easily, SAM IoT Security Lab s Niv Hertz and Lior Tashimov said. The Fortigate SSL-VPN client only verifies that the CA was issued by Fortigate (or another trusted CA), therefore an attacker can easily present a certificate issued to a differenMajor Instagram App Bug Could've Given Hackers Remote Access to Your Phone September 24, 2020 Ravie LakshmananEver wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram s Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What s more worrisome is that the flaw not only lets attackers perform actions on behalf of the user within the Instagram app including spying on victim s private messages and even deleting or posting photos from their accounts but also execute arbitrary code on the device. According to an advisory published by Facebook, the heap overflow security issue (tracked as CVE-2020-1895 , CVSS score: 7.8) impacts all versions of the Instagram app prior to 128.0.0.26.128, which was released on February 10 earlier this year. This [flaw] turns the device into a tool for spying on targeted users without their knowledge, as well as enabling Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability September 23, 2020 Wang WeiIf you re administrating Windows Server, make sure it s up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed Zerologon (CVE-2020-1472) and discovered by Tom Tervoort of Secura , the privilege escalation vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions, allowing remote attackers to establish a connection to the targeted domain controller over Netlogon Remote Protocol (MS-NRPC). The attack utilizes flaws in an authentication protocol that validates the authenticity and identity of a domain-joined computer to the Domain Controller. Due to the incorrect use of an AES mode of operation, it is possible to spoof the identity of any computer account (including that of the DC itself) and set an empty password for that account in the domain, researchers at cyberA New Hacking Group Hitting Russian Companies With Ransomware September 23, 2020 Ravie Lakshmanan As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. The ransomware gang, codenamed OldGremlin and believed to be a Russian-speaking threat actor, has been linked to a series of campaigns at least since March, including a successful attack against a clinical diagnostics laboratory that occurred last month on August 11. The group has targeted only Russian companies so far, which was typical for many Russian-speaking adversaries, such as Silence and Cobalt , at the beginning of their criminal path, Singaporean cybersecurity firm Group-IB said in a report published today and shared with The Hacker News. Using Russia as a testing ground, these groups then switched to other geographies to distance themsCybersecurity Newsletter Stay InformedSign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.

TAGS:News Hacker The 

<<< Thank you for your visit >>>

Hot Websites