πŸ”’
❌
There are new articles available, click to refresh the page.
βœ‡The Hacker News

Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals

By: Ravie Lakshmanan β€”
The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya SharmaΒ saidΒ in a Wednesday report. "The group has been continuously enhancing the malware, adding
βœ‡The Hacker News

Details Released for Recently Patched new macOS Archive Utility Vulnerability

By: Ravie Lakshmanan β€”
Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked asΒ CVE-2022-32910, is rooted in the built-in Archive Utility and "could lead to the execution of an unsigned and unnotarized application
βœ‡The Hacker News

The Ultimate SaaS Security Posture Management Checklist, 2023 Edition

By: The Hacker News β€”
It's been a year since the release of The Ultimate SaaS Security Posture Management (SSPM) Checklist. If SSPM is on your radar, here's the 2023 checklist edition, which covers the critical features and capabilities when evaluating a solution. The ease with which SaaS apps can be deployed and adopted today is remarkable, but it has become a double-edged sword. On the one hand, apps are quickly
βœ‡The Hacker News

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

By: Ravie Lakshmanan β€”
The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipients transfer $2,000 to a bank account or risk getting their personal information misused for
βœ‡The Hacker News

Former Uber Security Chief Found Guilty of Data Breach Coverup

By: Ravie Lakshmanan β€”
A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporting the incident and another for misprision. He faces a maximum of five years in prison for the
βœ‡The Hacker News

Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices

By: Ravie Lakshmanan β€”
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, ZimperiumΒ saidΒ in a report shared with
βœ‡The Hacker News

Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information

By: Ravie Lakshmanan β€”
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region,Β said. "And no customer account data was involved." <!--adsense--> It
βœ‡The Hacker News

Want More Secure Software? Start Recognizing Security-Skilled Developers

By: The Hacker News β€”
Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the day, with our data widely considered highly desirable β€œdigital gold”. Attackers are constantly
βœ‡The Hacker News

FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization

By: Ravie Lakshmanan β€”
U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base (DIB) Sector organization's enterprise network" as part of a cyber espionage campaign. "[Advanced persistent threat] actors used an open-source toolkit calledΒ ImpacketΒ to gain their foothold within the environment and further compromise the
βœ‡The Hacker News

Canadian Netwalker Ransomware Affiliate Sentenced to 20 Years in U.S. Prison

By: Ravie Lakshmanan β€”
A former affiliate of the Netwalker ransomware has been sentenced to 20 years in prison in the U.S., a little over three months after theΒ Canadian national pleaded guiltyΒ to his role in the crimes. Sebastien Vachon-Desjardins, 35, has also been ordered to forfeit $21,500,000 that was illicitly obtained from dozens of victims globally, including companies, municipalities, hospitals, law
βœ‡The Hacker News

Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds

By: Ravie Lakshmanan β€”
Microsoft has updated its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamedΒ ProxyNotShellΒ due to similarities to another set of flaws calledΒ ProxyShell, which the tech giant resolved last year.
βœ‡The Hacker News

Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam

By: Ravie Lakshmanan β€”
India's Central Bureau of Investigation (CBI) on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from Almaty, Kazakhstan," the primary
βœ‡The Hacker News

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

By: Ravie Lakshmanan β€”
A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. KasperskyΒ dubbedΒ the campaignΒ OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian cybersecurity company said it detected victims appearing in its telemetry in March 2022. The malicious version
βœ‡The Hacker News

Researchers Report Supply Chain Vulnerability in Packagist PHP Repository

By: Ravie Lakshmanan β€”
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control ofΒ Packagist," SonarSource researcher Thomas ChauchefoinΒ saidΒ in a report shared with The Hacker News. Packagist is used by the PHP package manager
βœ‡The Hacker News

Back to Basics: Cybersecurity's Weakest Link

By: The Hacker News β€”
A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.Β  It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver
βœ‡The Hacker News

BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million

By: Ravie Lakshmanan β€”
A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after
βœ‡The Hacker News

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

By: Ravie Lakshmanan β€”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability
βœ‡The Hacker News

ProxyNotShell – the New Proxy Hell?

By: The Hacker News β€”
Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to
βœ‡The Hacker News

Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers

By: Ravie Lakshmanan β€”
Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of aΒ data breachΒ late last month. The company alsoΒ saidΒ it has engaged the services of Deloitte to conduct an external forensic assessment of the attack to "understand how it
❌