The Hacker News | #1 Trusted Cybersecurity News Site

A previously undocumented cyber threat dubbed  Muddling Meerkat  has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the People's Republic of China (PRC) with the ability to control the Great Firewall ( GFW ), which censors access to foreign websites and manipulates internet traffic to and from the country. The moniker is reference to the "bewildering" nature of their operations and the actor's abuse of DNS open resolvers – which are DNS servers that accept recursive queries from all IP addresses – to send the queries from the Chinese IP space. "Muddling Meerkat demonstrates a sophisticated understanding of DNS that is uncommon among threat actors today – clearly pointing out that DNS is a powerful weapon leveraged by adversaries,&

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier  CVE-2024-27322 , "involves the use of promise objects and lazy evaluation in R," AI application security company HiddenLayer said in a report shared with The Hacker News. RDS,  like pickle in Python , is a format used to serialize and save the state of data structures or objects in R, an open-source programming language used in statistical computing, data visualization, and machine learning. This process of serialization – serialize() or saveRDS() – and deserialization – unserialize() and readRDS() – is also leveraged when saving and loading R packages. The root cause behind CVE-2024-27322 lies in the fact that it could lead to arbitrary code execution when deserializing untrusted data, thus leavi

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian cybersecurity firm Tanto Security said in a report report published today. Judge0 (pronounced "judge zero") is  described  by its maintainers as a "robust, scalable, and open-source online code execution system" that can be used to build applications that require online code execution features such as candidate assessment, e-learning, and online code editors and IDEs. According to its website, the service is used by 23 customers like AlgoDaily, CodeChum, and PYnative, among others. The project has been  forked 412 times on GitHub  to date. The flaws, discovered and reported by Daniel Cooper in March 2024

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the company  said  in an alert published Saturday. The findings build on a  recent advisory  from Cisco, which cautioned of a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Talos noted at the time, adding targets of the attacks comprise VPN appliances from Cisco, Check Point, Fortinet, Soni

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with the filename implying that it may have been shared via the Signal instant messaging app. That having said, there is no actual evidence to indicate that the PPSX file was distributed in this manner, even though the Computer Emergency Response Team of Ukraine (CERT-UA) has uncovered  two different campaigns  that have used the  messaging app  as a  malware delivery vector  in the past. Just last week, the agency  disclosed  that Ukrainian armed forces are being increasingly targeted by the UAC-0184 group via messaging and dating platforms to serve malware like  HijackLoader  (aka  GHOSTPULSE  

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name  DEV#POPPER , linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked to perform tasks that involve downloading and running software from sources that appear legitimate, such as GitHub," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov  said . "The software contained a malicious Node JS payload that, once executed, compromised the developer's system." Details of the campaign first emerged in late November 2023, when Palo Alto Networks Unit 42 detailed an activity cluster dubbed  Contagious Interview  in which the threat actors pose as employers to lure software developers into installing malware such as BeaverTail and InvisibleFerret through the

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws  impact  all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules, insecure root access, and Docker misconfigurations to lack of authentication and encryption, thus allowing an attacker to intercept credentials, overwrite arbitrary files, and completely breach the device. Some of the most severe flaws are listed below - CVE-2024-2859  (CVSS score: 8.8) - A vulnerability that could allow an unauthenticated, remote attacker to log in to an affected device using the root account and execute arbitrary commands CVE-2024-29960  (CVSS score: 7.5) - The use of hard-coded SSH keys in the OVA image, which could be exploited by an attacker to decrypt the SSH traffic to the SANnav applianc

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's