There are new articles available, click to refresh the page.
Before yesterdayThe Hacker News

New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

24 June 2022 at 05:24
A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention supportΒ UACΒ andΒ Windows SmartScreenΒ bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

24 June 2022 at 03:36
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,

NSO Confirms Pegasus Spyware Used by at least 5 European Countries

23 June 2022 at 11:08
The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to aΒ reportΒ from Politico.

Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation

23 June 2022 at 11:07
When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in theΒ 2022 SaaS Security Survey Report.Β  The survey report,

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

23 June 2022 at 07:14
A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity

Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks

23 June 2022 at 06:36
QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendorΒ saidΒ in an

Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service

22 June 2022 at 15:05
A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a

Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine

22 June 2022 at 12:51
The Computer Emergency Response Team of Ukraine (CERT-UA) hasΒ cautionedΒ of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism

Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign

22 June 2022 at 10:08
A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light thatΒ twoΒ malwareΒ domains identified as hosting credit card skimmer code β€” "scanalytic[.]org" and "js.staticounter[.]net" β€” are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis

Europol Busts Phishing Gang Responsible for Millions in Losses

22 June 2022 at 08:45
Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and

RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer

22 June 2022 at 05:41
The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi,Β spottedΒ by Romanian company Bitdefender, comes in the wake of Raccoon StealerΒ temporarily closing the projectΒ after one of its team members responsible for critical operations passed away in

New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers

21 June 2022 at 13:22
An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at government and military entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell

Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors

21 June 2022 at 11:25
Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology (OT) vendors due to what researchers call are "insecure-by-design practices." Collectively dubbedΒ OT:ICEFALLΒ by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. "Exploiting these

Mitigate Ransomware in a Remote-First World

21 June 2022 at 11:20
Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge forΒ organizations everywhere. 2021 was a case study in ransomware due to the wide variety of attacks, significant financial and economic impact, and diverse ways that organizations responded.Β These attacksΒ should be seen as a

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach

21 June 2022 at 10:46
A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in theΒ 2019 Capital One breach. Paige Thompson, who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain

21 June 2022 at 08:02
A new kind of Windows NTLM relay attack dubbedΒ DFSCoerceΒ has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory

Do You Have Ransomware Insurance? Look at the Fine Print

20 June 2022 at 13:34
Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

20 June 2022 at 10:10
A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked asΒ CVE-2022-22620Β (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to

BRATA Android Malware Gains Advanced Mobile Threat Capabilities

20 June 2022 at 06:18
The operators behindΒ BRATAΒ have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm CleafyΒ saidΒ in a report last week. "This term is used to describe an attack campaign in which