Security News

Week in review: Account pre-hijacking, Sigstore, ransomware still winning
2022-05-29 08:15

With the rapid adoption of container-based technologies, organizations are increasingly concerned about the security of their Kubernetes clusters. How confident are CISOs about their security posture?Proofpoint released its annual Voice of the CISO report, which explores key challenges facing chief information security officers.

Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers
2022-05-26 22:57

Dubbed ChromeLoader, the malware is a "Pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red Canary said in a new report. ChromeLoader is a rogue Chrome browser extension and is typically distributed in the form of ISO files via pay-per-install sites and baited social media posts that advertise QR codes to cracked video games and pirated movies.

Hijacking of popular ctx and phpass packages reveals open source security gaps
2022-05-26 07:32

The Python module "Ctx" and a fork of the PHP library "Phpass" have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. What at first seemed like the work of a malicious actor turned out to be an exploit by a security researcher, who wanted to demonstrate how easy it is to take control of popular packages and the repositories hosting them.

Hacker says hijacking libraries, stealing AWS keys was ethical research
2022-05-25 13:42

The hacker behind this hijack has now broken silence and explained his reasons to BleepingComputer. The hijacker of these libraries is an Istanbul-based security researcher, Yunus Aydın aka SockPuppets, who has attested to the fact when approached by BleepingComputer.

About half of popular websites tested found vulnerable to account pre-hijacking
2022-05-25 07:28

"The distinctive feature of these attacks is that the attacker performs some action before the victim creates an account, which makes it trivial for the attacker to gain access after the victim has created/recovered the account," explain Sudhodanan and Paverd in their paper. Their threat model makes certain assumptions: that the attacker can access the target service and third-party IdP services; that the attacker can create free and paid accounts at the target service but doesn't have admin rights; that the attacker can create accounts with IdP services and use these with the target service; and that the attacker knows the victim's email address and other basic details like first and last name.

Account pre-hijacking attacks possible on many online services
2022-05-24 13:51

Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on preemptive account hijacking by way of single sign-on technology, researchers Avinash Sudhodanan and Andrew Paverd wanted to see whether an action by an attacker performed before a victim creates an account may allow the former to gain access to it once the the victim has created/recovered the account.

How to find NPM dependencies vulnerable to account hijacking
2022-05-23 07:58

Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains. Taking over an NPM package tied to that domain then becomes a matter of resetting the password of the NPM account associated with the commandeered email address - the password reset message goes to the new account holder.

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners
2022-05-17 02:37

Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers.

Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
2022-03-30 02:18

SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks. Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.

Microsoft Exchange targeted for IcedID reply-chain hijacking attacks
2022-03-28 13:32

The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot.The ongoing IcedID campaign was discovered this month by researchers at Intezer, who have shared their findings with Bleeping Computer prior to publication.