Search Results for “Hacker News”


May 28, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
HackerOne Reaches $100 Million White-Hat Hacker Bug Bounty Payout Milestone

Bug bounty platform HackerOne announced that it has paid out $100,000,000 in rewards to white-hat hackers around the world as of May 26, 2020. Since its first bounty award in 2013, HackerOne bug bounty hunters have found roughly 170,000 security vulnerabilities, according to the company’s CEO Mårten Mickos.

March 28, 2020
Ravie Lakshmanan / The Hacker News

Ravie Lakshmanan / The Hacker News  
New Watering Hole Campaign Called ‘Operation Poisoned News’ Lures iPhone Users in Hong Kong With LightSpy Links to Local News

A newly discovered watering-hole campaign, dubbed “Operation Poisoned News,” is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices, according to Trend Micro and Kaspersky Lab. The attack leverages a remote iOS exploit chain to deploy a feature-rich implant called ‘LightSpy’ through links to local news websites. The links, when clicked, leverage a remote iOS exploit chain to deploy a feature-rich implant called ‘LightSpy’ through links to local news websites. The threat group behind the attacks, dubbed “TwoSail Junk” by Kaspersky, is said to be leveraging vulnerabilities present in iOS 12.1 and 12.2 spanning all models from iPhone 6 to the iPhone X, with the attacks first identified on January 10, before intensifying around February 18.

Related: ZDNet, Security Affairs, Sec.Today, CERT-EU , SecurityWeek, Beta News, Securelist, Kaspersky Lab official blog, Global Security Mag


March 10, 2020
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Hackers Are Targeting Hackers in Newly Discovered, Years-Long Malware Campaign Aimed at Exfiltrating Data Using njRat Trojan

A years-long malware campaign suggesting that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with njRat, a powerful trojan, was discovered by Amit Serper of Cybereason. Serper found that the attackers are taking existing hacking tools, some of which are designed to exfiltrate data from a database through cracks and product key generators that unlock full versions of trial software and injecting a powerful remote-access trojan. The attackers are “baiting” other hackers by posting the repackaged tools on hacking forums. The injected malware, njRat, gives the attacker full access to the target’s desktop, including files, passwords, and even access to their webcam and microphone.

May 12, 2020
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Database of Private Conversations Among Hackers Who Used Hacker Forum WeLeakData Now Circulating on Dark Web

The database for the defunct hacker forum and data breach marketplace called WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site, researchers at Cyble say. A dump of WeLeakData.com’s vBulletin forum database from January 9th, 2020, is now being sold on dark web marketplaces. WeLeakData.com mysteriously shut down at the end of April, and rumors began circulating that the operator may have been arrested and that the forum database had been stolen or sold to another member.

May 13, 2020
Raphael Satter / Reuters

Raphael Satter / Reuters  
FBI and DHS Issue Official Warning That Chinese Hackers Are Targeting U.S. COVID-19 Research

As widely expected, the U.S. government warned that Chinese hackers are targeting healthcare research facilities and other institutions to gain access to COVID-19 research. The Federal Bureau of Investigation and the Department of Homeland Security said the FBI was investigating digital break-ins at U.S. organizations by China-linked “cyber actors” that it had monitored “attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.” Earlier this month, reports indicated that hackers targeted U.S. drugmaker Gilead Sciences, whose antiviral drug remdesivir is the only treatment so far proven to help COVID-19 patients. Earlier, reports stated that hackers had targeted the World Health Organization.

Related: BleepingComputer.com, The Hill: Cybersecurity, ic3, ProPublica, Bloomberg, Task & Purpose, Slashdot, Techmeme,NBC News Top Stories, Cyberscoop, TechCrunch,Business Insider, CNN.com – Politics, WashingtonExaminer.com, Boing Boing, Politico, US-CERT Current Activity

BleepingComputer.com: US warns of Chinese hackers targeting COVID-19 research orgs
The Hill: Cybersecurity: Officials warn Chinese hackers targeting groups developing coronavirus treatments
ic3 : People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations
ProPublica: Pence’s “Special Envoy” in Foreign Aid Office Sparked an Ethics Complaint Just Weeks After He Started His Job
Bloomberg: U.S. Warns That Chinese Hackers Are Targeting Virus Research
Task & Purpose: US accuses China-linked hackers of stealing COVID-19 vaccine research
Slashdot: US Warns That Chinese Hackers Are Targeting Virus Research
NBC News Top Stories: Feds warn that Chinese attempts to hack health-care, drug firms threaten U.S. COVID-19 response
Cyberscoop: U.S. accuses Chinese hackers of trying to steal coronavirus vaccine research
TechCrunch: FBI and DHS accuse Chinese hackers of targeting U.S. COVID-19 research
Business Insider: US federal agencies warn that Chinese hackers are targeting COVID-19 research on vaccines and treatments
CNN.com – Politics: US expected to officially warn China is launching cyberattacks to steal coronavirus research
Washington Examiner: US accuses Chinese hackers of attempting to steal coronavirus vaccine research
Boing Boing: FBI and DHS’s CISA warn China-backed hackers are targeting U.S. COVID-19 research
Politico: Feds warn Chinese hackers targeting U.S. coronavirus research
US-CERT Current Activity: CISA-FBI Joint Announcement on PRC Targeting of COVID-19 Research Organizations


May 28, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
NSA Warns That Russian State-Backed Hacker Group Sandworm Has Been Exploiting Known Flaw in Exim Mail Transfer Agent

Using its newly created blog, and its even more brand new Twitter account devoted to cybersecurity, the NSA issued an advisory that the Russian hacker group known as Sandworm, a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent that runs on email servers around the world. Exim is an alternative to more prominent players like Exchange and Sendmail. NSA says that Sandworm has been exploiting vulnerable Exim mail servers since at least August of 2019, using the hacked servers as an initial infection point on target systems and likely pivoting to other parts of the victim’s network. The vulnerability used by Sandworm allows an attacker to merely send a malicious email to the server and immediately gain the ability to run code on the server remotely. In its intrusions, the NSA warns. The spy agency recommends that administrators patch their Exim software immediately, comb their traffic logs for signs of exploitation, and segment their networks to make it harder for intruders to exploit their initial compromise of a mail server.

Related: Cyberscoop, ZDNet, NSA, Washington Examiner, SiliconANGLE, iTnews – Security, Security Affairs, Bleeping Computer, CBSNews.com, RT USA, Dark Reading: Attacks/Breaches, Law & Disorder – Ars Technica, Japan Today, Associated Press Technology, TribLIVE, Washington Examiner, FCW, Jerusalem Post, Task & Purpose, Reuters: U.S., Security – Computing, Infosecurity Magazine, HOTforSecurity, Help Net Security, The State of Security, Computer Business Review, The Register

Tweets:@NSACyber @a_greenberg @campuscodi @shanvav @Adam_K_Levin @Bing_Chris @bleepincomputer @bleepincomputer @bleepincomputer

Cyberscoop: NSA calls out Russian military hackers targeting mail relay software
ZDNet: NSA warns of new Sandworm attacks on email servers
NSA: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors
Washington Examiner: NSA accuses Russian military hackers of targeting US systems
SiliconANGLE: NSA warns Russian hacking group is targeting unpatched email servers
iTnews – Security: NSA warns ‘Sandworm’ hackers targeting email servers
Security Affairs: NSA warns Russia-linked APT group is exploiting Exim flaw since 2019
Bleeping Computer: NSA: Russian govt hackers exploiting critical Exim flaw since 2019
CBSNews.com: NSA warns of new “Sandworm” cyberattacks by Russia-backed hackers
RT USA: NSA urges email providers to update software warning that ‘Russian military hackers’ already gained ‘dream access’ to them
Dark Reading: Attacks/Breaches: NSA Warns Russia’s ‘Sandworm’ Group Is Targeting Email Servers
Law & Disorder – Ars Technica: Russian hackers are exploiting bug that gives control of US servers
Japan Today: NSA: Russian agents have been hacking major email program
Associated Press Technology: NSA: Russian agents have been hacking major email program
TribLIVE: NSA: Russian agents have been hacking major email program
Washington Examiner: NSA accuses Russian military hackers of targeting US systems
FCW: NSA warns Russian hackers exploited email flaw
Jerusalem Post: NSA warns of ongoing Russian hacking campaign against US systems
Task & Purpose: NSA warns of ongoing Russian hacking campaign against US systems
Reuters: U.S.: NSA warns of ongoing Russian hacking campaign against U.S. systems
Security – Computing: Hackers linked with Russian military intelligence are exploiting Exim mail transfer agent bug to target US organisations, NSA warns
CyberSecurity Help s.r.o.: Sandworm hacking group exploiting Exim flaw since at least 2019
Infosecurity Magazine: NSA: Russian Military Sandworm Group is Hacking Email Servers
HOTforSecurity: Russian ’Sandworm‘ Hackers Attacking Exim Email Servers, Says NSA
Help Net Security: NSA warns about Sandworm APT exploiting Exim flaw
The State of Security: Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent
Computer Business Review: Exim Vulnerability: GRU Widely Exploited Critical 2019 Bug, Warns NSA
The Register: It’s not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously

@NSACyber: Sandworm Team, Russian GRU Main Center for Special Technologies actors, continue to exploit Exim mail transfer agent #vulnerability, CVE-2019-10149. Patch to the latest version to protect your networks. Learn more here: https://nsa.gov/News-Features/
@a_greenberg: NSA warns Russia's Sandworm hackers have been exploiting Exim mail servers using a bug from last June. Not exactly surprising, but given the source and Sandworm's history—from NotPetya to the attacks on US State Boards of Election in 2016—worth watching.
@campuscodi: BREAKING: NSA warns of new Sandworm APT attacks on email servers - attacks target Exim email server - they exploit CVE-2019-10149 (Return of the WIZard) - attacks have been happening since August 2019 - Sandworm plants backdoors, creates new admin user https://zdnet.com/article/nsa-wa
@shanvav: BREAKING: NSA calls out Russian military hackers targeting mail relay software https://hubs.ly/H0qVX_P0 by @shanvav
@Adam_K_Levin: A Russian hacking group tied to power-grid attacks in Ukraine, and other nefarious Kremlin operations is exploiting a vulnerability that allows it to take control of computers operated by the US government and its partners.
@Bing_Chris: NSA warns of ongoing Russian hacking campaign against U.S. systems
@bleepincomputer: The @NSACyber attributes the attacks to Sandworm Team, a.k.a: * BlackEnergy Group * ELECTRUM * Hades/OlympicDestroyer * Voodoo Bear
@bleepincomputer: The earliest attacks were tracked to August 2019, less than a month after Exim was patched for CVE-2019-10149 The flaw allows execution of arbitrary commands with root privileges on Exim mail servers.
@bleepincomputer: Attackers can exploit this vulnerability remotely on servers where "verify = recipient" ACL is removed by sending an email


April 17, 2020
Raphael Satter, Christopher Bing / Reuters

Raphael Satter, Christopher Bing / Reuters  
FBI Official Says That Foreign Government Hackers Have Broken Into Companies Conducting COVID-19 Treatment Research

FBI Deputy Assistant Director Tonya Ugoretz said that foreign government hackers have broken into companies conducting research into treatments for COVID-19. Ugoretz said during an online panel discussion hosted by the Aspen Institute that the bureau had recently seen state-backed hackers poking around a series of healthcare and research institutions and that hackers had often targeted the biopharmaceutical industry.

Related: Reddit – cybersecurity, Forbes, Security News | Tech TimesWashington Examiner, Daily Mail, DataBreachToday.com, Silicon UK, Tickle The Wire, DataBreaches.net


April 26, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Sophos Issues Emergency Patch for Zero-Day Flaw in XG Enterprise Firewall That Was Exploited in the Wild by Hackers

Cyber-security firm Sophos has published an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product that it learned only last Wednesday was being abused in the wild by hackers. Sophos said that the attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices that was designed to download payloads intended to exfiltrate XG Firewall-resident data. The stolen data could include usernames and hashed passwords for the firewall device admin, for the firewall portal admins, and user accounts used for remote access to the device.

Related: ibtimes.sg: Top News, Security Affairs, Sophos, Security Affairs, Reddit – cybersecurity, BleepingComputer.com, Economic Times, The State of Security, E Hacking News, Tenable Blog, Spyware news, IT Pro, GBHackers On Security, SecurityWeek, Help Net Security, The Daily Swig, SC Magazine, Webpronews,  Rapid7, Ars Technica, Tenable BlogSlashdot, CRN, BleepingComputer.com, TechTarget, Threatpost

Tweets:@campuscodi @GossiTheDog

ibtimes.sg : Top News: Sophos releases emergency patch for its enterprise firewall product
Security Affairs: Hackers exploit SQL injection zero-day issue in Sophos firewall
Sophos: Fixing SQL injection vulnerability and malicious code execution in XG Firewall/SFOS
Security Affairs: Hackers exploit SQL injection zero-day issue in Sophos firewall
Reddit – cybersecurity: Hackers are exploiting a Sophos firewall zero-day
BleepingComputer.com: Hackers exploit zero-day in Sophos XG Firewall, fix released
Economic Times : Sophos releases emergency patch for its enterprise firewall product
The State of Security: Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls
E Hacking News: Hackers abuse Sophos Firewall Zero Day Vulnerability
Tenable Blog: CVE-2020-12271: Zero-Day SQL Injection Vulnerability in Sophos XG Firewall Exploited in the Wild
Spyware news: Sophos Firewall zero-day vulnerability patched
IT Pro: Sophos fixes firewall bug being actively exploited in SQL injection attacks | IT PRO
GBHackers On Security: Hackers Exploit SQL Injection & Code Execution Zero-day Bugs in Sophos Firewall
SecurityWeek: Malware Delivered to Sophos Firewalls via Zero-Day Vulnerability
Help Net Security: Attackers exploiting a zero-day in Sophos firewalls, have yours been hit?
The Daily Swig: Sophos XG Firewall zero-day vulnerability gets patched
SC Magazine: Sophos victimized by a zero-day in its XG Firewall product | SC Media
Webpronews : Sophos Issues Hotfix For Firewall Zero-Day Being Actively Exploited
Rapid7: CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview
Ars Technica: Attackers exploit 0day code-execution flaw in the Sophos firewall
Slashdot: Hackers Are Exploiting a Sophos Firewall Zero-day
CRN: Sophos XG Firewall Exploited By Zero-Day Bug, Patch Released
BleepingComputer.com: Asnarök malware exploits firewall zero-day to steal credentials
TechTarget: Sophos firewall hit by ‘Asnarök’ Trojan attack
Threatpost : Hackers Mount Zero-Day Attacks on Sophos Firewalls

@campuscodi: BREAKING: Hackers are exploiting a Sophos firewall zero-day - Attacks detected on Wednesday - Hackers exploited an SQLi to steal device data (creds) - Patch pushed out earlier today - Patch also removes artifacts from compromised XG firewall systems https://zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/
@GossiTheDog: Sophos are getting a CVE assigned to the Sophos XG vulnerability, and they have an extensive breakdown (including much technical details and IoCs - incredible openness here) about what happened. Note that the attackers got full remote code execution here.


May 5, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Hacker Bribed Roblox Worker and Gained Access to Personal Data on Over 100 Million Active Monthly Users

A hacker said he bribed a Roblox worker to gain access to the back end customer support panel of the popular online video game, giving them access to personal information on over 100 million active monthly users and other privileges such as granting virtual in-game currency. The hacker was able to see users’ email addresses, as well as change passwords, remove two-factor authentication from their accounts, ban users, and more, according to the hacker and screenshots of the internal system. The hacker shared screenshots with Motherboard that included the personal information of some of the more high-profile users, including YouTuber Linkmon99, purportedly the “richest” Roblox player in the world. The hacker claims they hacked Roblox to prove a point. Robox said it immediately took action to address the issue and individually notified the minimal amount of customers who were impacted.

Related: Security News | Tech Times, Engadget, Boing Boing

Tweets:@waypoint @josephfcox @josephfcox @josephfcox @josephfcox @josephfcox

Security News | Tech Times: Roblox Hacked by Bribed Insider
Engadget: ‘Roblox’ insider sold user data access to a hacker
Boing Boing: ‘Roblox’ hacker got 100 million user accounts for popular online game, reports VICE

@waypoint: The hacker got access to over 100 million active Roblox monthly users and the ability to grant virtual in-game currency.
@josephfcox: One of the most high profile users in Roblox confirmed their account information was exposed. I showed them an email address the hacker found; they said this was their private, dedicated email address only for using this game https://vice.com/en_us/article/
@josephfcox: This is some of the stuff the Roblox hacker could have done, and did some of to at least a few accounts. If you can't hack a site/service/application, the customer support reps may help you out for a little bit of cash https://vice.com/en_us/article/
@josephfcox: Not only does this show how much of a threat insiders at companies can be, but also how accessing data of children can be pretty straight forward. Roblox has a huge community of children using it; also used for kids parties during COVID-19 https://vice.com/en_us/article/
@josephfcox: The hacker sent messages between them and the insider. According to LinkedIn, this person worked for a contractor that works for Roblox. Targeting customer support reps is fruitful for hackers; lots of data access, potentially fewer controls in place https://vice.com/en_us/article/
@josephfcox: Here's a screenshot the hacker shared showing Roblox's back end customer support portal. Look up private email addresses, grant players in-game currency. Hacker says they reset passwords and stole items to sell https://vice.com/en_us/article/


March 23, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hackers Are Exploiting Windows Zero-Day in Adobe Type Manager Library to Take Over Systems, Patch Not Yet Available

Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems, Microsoft said, with the zero-day located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows. There are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf. All current and supported Windows and Windows Server operating systems are vulnerable. A patch is not available, although Microsoft hinted one would become available by the next Patch Tuesday on April 14.  Microsoft has published a series of mitigations that companies and home users can take if they believe they might be targeted with a Windows zero-day attack.

Related: Threatpost, BleepingComputer.com, CyberSecurity Help s.r.o., The Register – Security, Help Net Security, CERT Recently Published Vulnerability Notes, SecurityWeek, Tenable Blog, Ars Technica, Security News | Tech Times, The Hacker News, TechNadu, Engadget, HotHardware.com, Slashdot, Bitcoinist.com, TechCrunch, Microsoft, fossBytes, BusinessLine – Home, The Next Web, Security Intelligence, GBHackers On Security, Windows Central, SC Magazine, RAPPLER, HOTforSecurity, Verdict, The Sun, Techradar, Infosecurity Magazine, gHacks, BetaNews, Softpedia News, SiliconANGLE

Tweets:@msftsecresponse

Threatpost: Microsoft Warns of Critical Windows Zero-Day Flaws
BleepingComputer.com: Microsoft Warns of Hackers Abusing Windows Adobe Library Zero-Days
CyberSecurity Help s.r.o.: Remote code execution in Adobe Type Manager Library in Microsoft Windows
The Register – Security: It’s 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either
Help Net Security: Windows users under attack via two new RCE zero-days
CERT Recently Published Vulnerability Notes: VU#354840: Microsoft Windows Type 1 font parsing remote code execution vulnerabilities
SecurityWeek: Hackers Target Two Unpatched Flaws in Windows Adobe Type Manager Library
Tenable Blog: Adobe Type Manager Library Font Parsing Remote Code Execution Vulnerabilities Exploited in the Wild (ADV200006)
Ars Technica: Windows code-execution zeroday is under active exploit, Microsoft warns
Security News | Tech Times: Are Hackers Working in the Wild? Microsoft Warns of Windows Zero-Day Hacking Exploitation
The Hacker News: Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
TechNadu: Windows Defender in Windows 10 is Skipping Files When Scanning
Engadget: Microsoft warns Windows users of two security holes already under attack
HotHardware.com: Another Windows 10 Update Is Causing Problems, This Time With Windows Defender
Slashdot: Microsoft Says Hackers Are Attacking Windows Users With a New Unpatched Bug
Bitcoinist.com: Microsoft 10 Security Flaw Threatens Crypto Users
TechCrunch: Microsoft says hackers are attacking Windows users with a new unpatched bug
Microsoft: ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability
fossBytes: A ‘Critical’ Unpatched Flaw Has Affected All Versions Of Windows: Microsoft
BusinessLine – Home: Microsoft working on fixing ‘critical’ security flaw affecting Windows users
The Next Web: An open Windows vulnerability lets attackers install malware through documents
Security Intelligence: TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany
GBHackers On Security: Hackers Exploiting 2 Unpatched Windows 0-Day Vulnerabilities in Wide – Microsoft Warns
Windows Central : Need to quickly screen-record an app? Use this hidden feature in Windows 10
SC Magazine: Unpatched Windows Zero-Day flaws exploited, Microsoft says | SC Media
RAPPLER: Hackers attacking Windows users using unpatched vulnerability – Microsoft
HOTforSecurity: Microsoft Finds Adobe Type Manager Library Exploit Used in the Wild; Patch Incoming
Verdict: Unpatched Windows 10 vulnerability exploited by hackers as working from home rises
The Sun: Microsoft warns Windows users of ‘critical’ hack attack with NO fix available – how to avoid it
Techradar: This major new security flaw affects all versions of Windows – here’s what you need to know
Infosecurity Magazine: Microsoft: Targeted Attackers Are Exploiting Two Zero-Day Bugs
gHacks: Critical font parsing issue in Windows revealed (fix inside)
BetaNews: There’s a simple fix for the Windows Defender bug in Windows 10
Softpedia News: How to Fix Windows Defender Skipping Files During Scans
SiliconANGLE: Windows vulnerabilities being targeted by hackers and no patch is available

@msftsecresponse: Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing guidance to help reduce customer risk until the security update is released. See the link for more details. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006