❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayThe Hacker News

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

By: Newsroom
20 December 2023 at 08:10
A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

By: Newsroom
20 December 2023 at 08:39
A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as voice phishing, romance scams, online sextortion, investment fraud, money laundering

Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

By: Newsroom
20 December 2023 at 10:20
The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. "These criminals send malicious links to their victims' mobile devices through SMS or

Product Explained: Memcyco's Real-Time Defense Against Website Spoofing

20 December 2023 at 11:05
Hands-On Review: Memcyco’s Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant threat to online businesses. Malicious actors clone legitimate websites to trick customers, leading to financial scams and data theft causing reputation damage and financial losses for both organizations and customers. The Growing Threat of

Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster

By: Newsroom
20 December 2023 at 13:32
Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. "Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network," Mark Loman, vice

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

By: Newsroom
21 December 2023 at 03:41
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. ClΓ©ment

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

By: Newsroom
21 December 2023 at 07:22
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's

German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation

By: Newsroom
21 December 2023 at 10:03
German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales of narcotics and malware to "tens of thousands of users." The exercise, which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine, began on December 16, 2023, the Federal Criminal Police Office (BKA) said. Kingdom

Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

21 December 2023 at 10:53
John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial impacts of breaches. With this data, they can make data driven decisions about how they implement

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

By: Newsroom
21 December 2023 at 12:38
A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

By: Newsroom
21 December 2023 at 16:21
Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region,

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

By: Newsroom
21 December 2023 at 16:48
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

By: Newsroom
22 December 2023 at 05:34
Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

By: Newsroom
22 December 2023 at 07:46
The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine," cybersecurity firm Deep Instinct said in a Thursday analysis. UAC-0099 was first

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

By: Newsroom
22 December 2023 at 12:46
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara&nbsp

Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

By: Newsroom
22 December 2023 at 13:19
Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE. "New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate

Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft

By: Newsroom
22 December 2023 at 16:47
Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake WordPress plugins it contains some deceptive information at

British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

By: Newsroom
24 December 2023 at 05:48
Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent to get back to cybercrime "as soon as possible," BBC reported. Kurtaj, who is autistic, was

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

By: Newsroom
25 December 2023 at 07:47
The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB's formal exit from Russia earlier this year. Cloud Atlas, active since at

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

By: Newsroom
26 December 2023 at 07:26
The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

By: Newsroom
27 December 2023 at 05:29
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat actors can also choose to install only scanners and sell the breached IP and account credentials on

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

By: Newsroom
27 December 2023 at 08:24
A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives.

Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

By: Newsroom
27 December 2023 at 12:35
Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoors on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library named Spreadsheet::ParseExcel that's used by the Amavis scanner

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

By: Newsroom
27 December 2023 at 15:39
A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released

New Rugmi Malware Loader Surges with Hundreds of Daily Detections

By: Newsroom
28 December 2023 at 05:56
A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware is a loader with three types of components: a downloader that downloads an

Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature

By: Newsroom
28 December 2023 at 11:19
The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

By: Newsroom
28 December 2023 at 13:20
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks

By: Newsroom
29 December 2023 at 05:16
Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. β€œThe observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence

Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks

By: Newsroom
29 December 2023 at 09:09
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky. β€œA notable point about attacks that

❌
❌