🔒
There are new articles available, click to refresh the page.
✇The Hacker News

Cybercriminals Developing BugDrop Malware to Bypass Android Security Features

By: Ravie Lakshmanan
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals
✇The Hacker News

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

By: Ravie Lakshmanan
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on
✇The Hacker News

Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers

By: Ravie Lakshmanan
A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future disclosed in a new
✇The Hacker News

Lean Security 101: 3 Tips for Building Your Framework

By: The Hacker News
Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it's hard to keep track. Until…they infiltrate your system. But you know what's even more overwhelming than rampant cybercrime? Building your organization's security framework.  CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and
✇The Hacker News

Malicious Browser Extensions Targeted Over a Million Users So Far This Year

By: Ravie Lakshmanan
More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company said. As many as
✇The Hacker News

North Korea Hackers Spotted Targeting Job Seekers with macOS Malware

By: Ravie Lakshmanan
The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into
✇The Hacker News

RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers

By: Ravie Lakshmanan
RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI. To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022. <!--adsense--> "Users in this category who do not
✇The Hacker News

ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors

By: Ravie Lakshmanan
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution
✇The Hacker News

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

By: Ravie Lakshmanan
Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider
✇The Hacker News

Unified Threat Management: The All-in-One Cybersecurity Solution

By: The Hacker News
UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a
✇The Hacker News

Microsoft Warns About Phishing Attacks by Russia-linked Hackers

By: Ravie Lakshmanan
Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM, which it said overlaps with a hacking group also known as Callisto, COLDRIVER, and TA446. "
✇The Hacker News

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

By: Ravie Lakshmanan
Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated 
✇The Hacker News

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack

By: Ravie Lakshmanan
Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said. "All users can rest assured that
✇The Hacker News

Credential Theft Is (Still) A Top Attack Method

By: The Hacker News
Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals. The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations
✇The Hacker News

SOVA Android Banking Trojan Returns With New Capabilities and Targets

By: Ravie Lakshmanan
The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out. That's according to the latest findings from Italian cybersecurity firm Cleafy, which found newer versions of the malware sporting functionality to intercept
✇The Hacker News

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

By: Ravie Lakshmanan
A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as "secrets matching and verification made easy." <!--adsense--> "On a closer
✇The Hacker News

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer

By: Ravie Lakshmanan
Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and
✇The Hacker News

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

By: Ravie Lakshmanan
A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the
✇The Hacker News

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

By: Ravie Lakshmanan
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader
❌