Source
The Hacker News
Cybersecurity researchers have disclosed a novel technique adopted by a threat actor to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code — which is used in a number of security scanning products," Google<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/A0oFzthS174" height="1" width="1" alt=""/>
A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced as a beta with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields users'<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/s4zOAPnxFu8" height="1" width="1" alt=""/>
Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. <!--adsense--> Traced as CVE-2021-40847 (CVSS score: 8.1), the security weakness impacts the following models - R6400v2 (fixed in firmware version 1.0.4.120) R6700<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/RMNDc21JRlo" height="1" width="1" alt=""/>
Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices. The list of three flaws is as follows - CVE-2021-34770 (CVSS score:<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/2UFqPvKE-Fw" height="1" width="1" alt=""/>
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/AhpTI3xcGPs" height="1" width="1" alt=""/>
An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text (HTTP<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/nI_vQihlxnA" height="1" width="1" alt=""/>
An "insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of an ongoing campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot." <!--adsense--> "The<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/onZZ-BuixwQ" height="1" width="1" alt=""/>
Sysadmins know what the risks are of running unpatched services. Given the choice, and unlimited resources, most hardworking administrators will ensure that all systems and services are patched consistently. But things are rarely that simple. Technical resources are limited, and patching can often be more complicated than it appears at first glance. Worse, some services are so hidden in the<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/Q0tJHjYUBvY" height="1" width="1" alt=""/>
More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/wX0ySGIpjl0" height="1" width="1" alt=""/>
As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks. Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/xeFHS3DnjBY" height="1" width="1" alt=""/>