The Hacker News | #1 Trusted Cybersecurity News Site

Jobin John | February 19, 2018 | Hacker News, Uncategorized | No Comments

Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Files

Could 26, 2023
Files Security / Cloud Security

A new security flaw has been disclosed in the Google Cloud Platform’s (GCP) Cloud SQL carrier that will most definitely be potentially exploited to fabricate derive admission to to confidential details. “The vulnerability could salvage enabled a malicious actor to escalate from a fundamental Cloud SQL user to a corpulent-fledged sysadmin on a container, gaining derive admission to to internal GCP details like secrets, sensitive files, passwords, moreover to customer details,” Israeli cloud security firm Dig said . Cloud SQL is a unconditionally-managed technique to construct MySQL, PostgreSQL, and SQL Server databases for cloud-essentially based mostly mostly capabilities. The multi-stage assault chain known by Dig, in a nutshell, leveraged a hole in the cloud platform’s security layer associated with SQL Server to escalate the privileges of a user to that of an administrator characteristic. The elevated permissions subsequently made it imaginable to abuse one more serious misconfiguration to fabricate device administrator rights and steal corpulent withhold an eye on of the database server.

5 Should-Know Info about 5G Network Security and Its Cloud Advantages

Could 26, 2023
Network Security / Cloud Security

5G is a game changer for cell connectivity, including cell connectivity to the cloud. The technology affords high scamper and low latency when connecting smartphones and IoT devices to cloud infrastructure. 5G networks are a serious a part of all infrastructure layers between the cease user and the cease carrier; these networks transmit sensitive details that can moreover moreover be crucial for governments and businesses, no longer to mumble other folks. As a result, 5G networks are a top target for attackers. That is why, cybersecurity has been a key consideration in rising the 5G favorite. 5G encompasses great security points that guarantee confidentiality, integrity, and availability of community services and user details. Listed right here, Seva Vayner, Product Owner of Gcore’s Edge Cloud carrier , affords a deep dive into five of 5 G’s chopping-edge security measures. He also delves into the pivotal performance capabilities of 5G, accompanied by exercise conditions that present how contemporary, cloud

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Energy Grids

Could 26, 2023
ICS/SCADA Security

A new stress of malicious tool that’s engineered to penetrate and disrupt serious systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY , including it changed into once uploaded to the VirusTotal public malware scanning utility in December 2021 by a submitter in Russia. There isn’t the form of thing as a proof that it has been place to make exercise of in the wild. “The malware is designed to cause electric energy disruption by interacting with IEC 60870-5-104 (IEC-104) devices, equivalent to a ways-off terminal devices ( RTUs ), which would possibly perhaps per chance per chance be normally leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia,” the company said . COSMICENERGY is the most smartly-liked addition to in actuality excellent malware like Stuxnet, Havex, Triton, IRONGATE, BlackEnergy2, Industroyer, and PIPEDREAM, that are in a position to sabotaging serious systems and wreaking havoc. Mandiant said that there are circumstantial links that it could moreover unprejudiced salvage bee

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

Could 25, 2023
Gaming / Server Security

A new botnet known as Dark Frost has been seen launching distributed denial-of-carrier (DDoS) assaults in opposition to the gaming industrial. “The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware lines, has expanded to encompass hundreds of compromised devices,” Akamai security researcher Allen West said in a new technical diagnosis shared with The Hacker News. Targets consist of gaming companies, game server details superhighway internet place hosting suppliers, online streamers, and even other gaming community contributors with whom the threat actor has interacted straight. As of February 2023, the botnet comprises 414 machines operating quite loads of instruction spot architectures equivalent to ARMv4, x86, MIPSEL, MIPS, and ARM7. Botnets are on the general made up of a pleasant community of compromised devices around the enviornment. The operators tend to make exercise of the enslaved hosts to mine cryptocurrency, steal sensitive details, or harness the collective details superhighway bandwidth from these bots to knock down other internet sites and details superhighway