There are new articles available, click to refresh the page.
Today β€” 24 January 2022The Hacker News

ZTNAs Address Requirements VPNs Cannot. Here's Why.

24 January 2022 at 14:52
I recently hopped on theΒ Lookout podcastΒ to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless,

Hackers Creating Fraudulent Crypto Tokens as Part of 'Rug Pull' Scams

24 January 2022 at 11:09
Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts areΒ programsΒ stored on the

Emotet Now Using Unconventional IP Address Formats to Evade Detection

24 January 2022 at 07:10
Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted

High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

24 January 2022 at 06:53
The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete,
Before yesterdayThe Hacker News

Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine

22 January 2022 at 14:47
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" toΒ NotPetya malwareΒ that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbedΒ WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit,

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

22 January 2022 at 10:57
An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021,Β accordingΒ to cloud-based information

Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

22 January 2022 at 07:13
In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

22 January 2022 at 04:04
Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of aΒ file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

21 January 2022 at 11:40
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkitΒ MoonBounce,Β characterizedΒ the malware as the "most advancedΒ UEFIΒ firmware implant discovered in the wild to date," adding "the purpose of the

U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine

21 January 2022 at 09:40
The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

21 January 2022 at 06:20
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked asΒ CVE-2022-20649Β (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

20 January 2022 at 13:18
An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, whoΒ discoveredΒ and reported theΒ twoΒ flawsΒ last year, said the issues

Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang

20 January 2022 at 10:20
A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbedΒ Operation Falcon IIΒ undertaken by the Interpol along with

A Trip to the Dark Site β€” Leak Sites Analyzed

20 January 2022 at 07:30
Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can

DoNot Hacking Team Targeting Government and Military Entities in South Asia

20 January 2022 at 07:41
A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

20 January 2022 at 05:26
A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot,Β Redline Stealer, andΒ WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

20 January 2022 at 04:57
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked asΒ CVE-2021-35247Β (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input and send that query

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

19 January 2022 at 14:31
Potential connections between a subscription-based crimeware-as-a-service (CaaS) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of

Cyber Threat Protection β€” It All Starts with Visibility

19 January 2022 at 14:30
Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This, however, can be a double-edged sword. Too many signals with too little advanced signal processing just