There are new articles available, click to refresh the page.
Today β€” 27 October 2021The Hacker News

Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike

27 October 2021 at 13:47
A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. "These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of the most common threats regularly observed

[eBook] The Guide to Centralized Log Management for Lean IT Security Teams

27 October 2021 at 13:03
One of the side effects of today’s cyber security landscape is the overwhelming volume of data security teams must aggregate and parse. Lean security teams don’t have it any easier, and the problem is compounded if they must do it manually. Data and log management are essential for organizations to gain real-time transparency and visibility into security events.Β  XDR provider Cynet has offered

Cyber Attack in Iran Reportedly Cripples Gas Stations Across the Country

27 October 2021 at 11:16
A cyber attackΒ in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline. Posts andΒ videosΒ circulatedΒ on social media showed messages that said, "Khamenei! Where is our gas?" β€” a reference to the country's supreme leader Ayatollah Ali Khamenei. Other signs read, "

Latest Report Uncovers Supply Chain Attacks by North Korean Hackers

27 October 2021 at 07:14
Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbedΒ BLINDINGCANΒ 
Yesterday β€” 26 October 2021The Hacker News

Over 10 Million Android Users Targeted With Premium SMS Scam Apps

26 October 2021 at 11:18
A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. TheΒ premium SMS scamΒ campaign β€” dubbed "UltimaSMS" β€” is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo

Malicious Firefox Add-ons Block Browser From Downloading Security Updates

26 October 2021 at 07:41
Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely
Before yesterdayThe Hacker News

New Attack Lets Hackers Collect and Spoof Browser's Digital Fingerprints

25 October 2021 at 13:19
A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system "Gummy Browsers," likening it to a nearly 20-year-old "Gummy Fingers" technique that can

Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM

25 October 2021 at 13:04
The average cost of a data breach, according to the latest research by IBM, now stands atΒ USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the

Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group

25 October 2021 at 10:07
Nobelium, theΒ threat actorΒ behind the SolarWinds compromise in December 2020, has been behind an ongoing wave of attacks that compromised 14 downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "compromise-one-to-compromise-many"

Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

25 October 2021 at 08:19
Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems. CVE-2021-42258, as the flaw is being tracked as, concerns anΒ SQL-based injectionΒ attack that allows for remote code execution and was successfully

NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

25 October 2021 at 06:55
The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, whichΒ publicizedΒ the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

23 October 2021 at 16:25
Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in

Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline

23 October 2021 at 08:22
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked andΒ taken offlineΒ for a second time earlier this week, in what's theΒ latest actionΒ taken by governments to disrupt the lucrative ecosystem. The takedown was first reported byΒ Reuters, quoting multiple private-sector cyber experts working with the

Popular NPM Package Hijacked to Publish Crypto-mining Malware

23 October 2021 at 04:42
The U.S. Cybersecurity and Infrastructure Security Agency on FridayΒ warnedΒ of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library. <!--adsense--> The supply-chain attack targeting the open-source

'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs

22 October 2021 at 15:01
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse

Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks

22 October 2021 at 13:28
The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme. "With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity

Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild

22 October 2021 at 12:41
A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named the malware "FiveSys," calling out its possible credential theft and in-game-purchase hijacking

Before and After a Pen Test: Steps to Get Through It

21 October 2021 at 17:52
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can also help validate remedial

Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer

21 October 2021 at 13:16
A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks. Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This