Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

The Hacker News Daily Updates [Newsletter]( [cover]( [The 5 Dimensions of Data Maturity]( Webinar [Download Now]( Sponsored LATEST NEWS Dec 10, 2022 [Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant]( Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls]( A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware]( Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score: 8.1) ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Using XDR to Consolidate and Optimize Cybersecurity Technology]( Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren’t actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify it. Frustrated with the inefficiencies that come with using multiple vendors for cybersecurity, ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm]( Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Why is Robust API Security Crucial in eCommerce?]( API attacks are on the rise. One of their major targets is eCommerce firms like yours. APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world. ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owing to their increased use, APIs are attractive targets for hackers, as the following numbers ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver]( The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [What Stricter Data Privacy Laws Mean for Your Cybersecurity Policies]( For today's businesses data privacy is already a big headache, and with modern privacy laws expanding to more of the world's population, regulatory compliance is on track to become a more complicated, high-stakes process touching on every aspect of an organization. In fact, Gartner predicts that by 2024, 75% of the Global Population will have its personal data covered under privacy ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [The 5 Dimensions of Data Maturity]( Webinar [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India