❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayThe Hacker News

Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign

By: Newsroom
1 February 2024 at 13:36
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign calledΒ Commando Cat. "The campaign deploys a benign container generated using theΒ Commando project," Cado security researchers Nate Bill and Matt MuirΒ saidΒ in a new report published today. "The attackerΒ escapes this containerΒ and runs multiple payloads on the

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

By: Newsroom
1 February 2024 at 15:44
The threat actor behind a peer-to-peer (P2P) botnet known asΒ FritzFrogΒ has made a return with a new variant that leverages theΒ Log4Shell vulnerabilityΒ to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

By: Newsroom
2 February 2024 at 06:21
Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place between November 14 and 24, 2023, and detected on November 23, was carried out "with the goal of

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs

By: Newsroom
2 February 2024 at 10:23
An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. TheΒ law enforcement effort, codenamedΒ Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime." Involving 60 law

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

By: Newsroom
2 February 2024 at 10:40
A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally charged in June 2018. He wasΒ found guiltyΒ in July 2022. On September 13, 2023, he was&

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking

By: Newsroom
2 February 2024 at 13:17
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agencyΒ attributedΒ the campaign to a threat actor it callsΒ UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

By: Newsroom
2 February 2024 at 14:49
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew calledΒ APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

By: Newsroom
3 February 2024 at 02:55
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. "We have revoked all security-related certificates and systems have been remediated or replaced

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

By: Newsroom
3 February 2024 at 06:51
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked asΒ CVE-2024-23832, has a severity rating of 9.4 out of

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

By: Newsroom
3 February 2024 at 07:33
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. TheΒ officialsΒ include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

By: Newsroom
5 February 2024 at 03:45
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week. Propagated via phishing mails, Mispadu is a Delphi-based information stealer

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

By: Newsroom
5 February 2024 at 07:37
The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have beenΒ publicly confirmedΒ asΒ targeted, out of whom six had their devices compromised with the mercenary

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

By: Newsroom
5 February 2024 at 13:18
The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan calledΒ VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

By: Newsroom
5 February 2024 at 16:36
A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was extradited to the U.S. and is currently being held in custody. If convicted, he faces a maximum penalty

U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance

By: Newsroom
6 February 2024 at 05:00
The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. "TheΒ misuse of commercial spywareΒ threatens privacy and freedoms of expression, peaceful assembly, and association," Secretary of State Antony BlinkenΒ said. "Such targeting has been

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

By: Newsroom
6 February 2024 at 06:58
A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver FoundationΒ saidΒ it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploitΒ CVE-2024-21893Β (CVSS

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

By: Newsroom
6 February 2024 at 10:14
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known asΒ ResumeLootersΒ since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

By: Newsroom
6 February 2024 at 14:02
Three new security vulnerabilities have been discovered in Azure HDInsight's ApacheΒ Hadoop,Β Kafka, andΒ SparkΒ services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

By: Newsroom
6 February 2024 at 14:09
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamedΒ Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now

By: Newsroom
7 February 2024 at 05:05
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances. The vulnerability, tracked asΒ CVE-2024-23917, carries a CVSS rating of 9.8 out of 10, indicative of its severity. "The vulnerability may enable an unauthenticated

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

By: Newsroom
7 February 2024 at 06:29
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD)Β saidΒ in a statement. "Because this system was self-contained, it did not lead to any damage to the

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

By: Newsroom
7 February 2024 at 09:45
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed theΒ Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

By: Newsroom
7 February 2024 at 13:33
The maintainers of shim have releasedΒ version 15.8Β to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked asΒ CVE-2023-40547Β (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been&

After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back

By: Newsroom
7 February 2024 at 15:11
The threat actors behind theΒ KV-botnetΒ made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert data transfer system for other Chinese

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

By: Newsroom
8 February 2024 at 05:10
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow an

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

By: Newsroom
8 February 2024 at 06:53
The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer calledΒ Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2WΒ saidΒ in a new technical report. Troll

Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore

By: Newsroom
8 February 2024 at 10:17
Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts

HijackLoader Evolves: Researchers Decode the Latest Evasion Methods

By: Newsroom
8 February 2024 at 10:28
The threat actors behind a loader malware calledΒ HijackLoaderΒ have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver additional payloads and tooling. "The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe,"

Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade

By: Newsroom
8 February 2024 at 13:05
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known asΒ Volt TyphoonΒ had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam. "Volt Typhoon's choice of targets and pattern

❌
❌