The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackersUnknownnoreply@blogger.comBlogger11169125
Aktualizace: 53 min 10 sek zpět

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

21 Březen, 2023 - 13:41
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLab Security Emergency response Center (ASEC) said in a report. ShellBot is installed on servers that Ravie Lakshmanan / Server Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

The Best Defense Against Cyber Threats for Lean Security Teams

21 Březen, 2023 - 13:28
H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… You. That is, if you're in charge of cybersecurity for a small-to-midsize enterprise (SME). Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and The Hacker News Threat / Cyber Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

21 Březen, 2023 - 11:54
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The Ravie Lakshmanan Threat Intel / Vulnerability37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

21 Březen, 2023 - 08:55
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the Ravie Lakshmanan / Hacking37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads

20 Březen, 2023 - 15:39
A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families," Check Ravie Lakshmanan Threat / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen

20 Březen, 2023 - 14:26
A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu (Ravie Lakshmanan Threat / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches

20 Březen, 2023 - 12:44
2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in risky ways you may not expect. Evaluating stolen The Hacker News Breach / Dark Web37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Researchers Shed Light on CatB Ransomware's Evasion Techniques

20 Březen, 2023 - 12:26
The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora based on code-level similarities. It's worth noting that the useRavie Lakshmanan Security / Ransomware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Emotet Rises Again: Evades Macro Security via OneNote Attachments

20 Březen, 2023 - 07:51
The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A Ravie Lakshmanan Security / Email Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

18 Březen, 2023 - 13:30
The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. American cybersecurity company Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim Ravie Lakshmanan Security / Cyber Espionage37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York

18 Březen, 2023 - 07:59
U.S. law enforcement authorities have arrested a 21-year-old New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill." "At one point, investigatorsRavie Lakshmanan Crime / Data Breach37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter

18 Březen, 2023 - 07:55
Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do The Hacker News Trust / Access Control37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions

18 Březen, 2023 - 07:17
U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit," Ravie Lakshmanan Security / Encryption37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps

17 Březen, 2023 - 20:15
An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said. Ravie Lakshmanan Security / Scam Alert37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

17 Březen, 2023 - 14:07
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a Ravie Lakshmanan / Botnet37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

A New Security Category Addresses Web-borne Threats

17 Březen, 2023 - 12:46
In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of The Hacker News Security / Endpoint Protection37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware

17 Březen, 2023 - 12:22
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of Ravie Lakshmanan / Mobile Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials

17 Březen, 2023 - 09:06
The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The Ravie Lakshmanan Attack / Cyber Espionage37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips

17 Březen, 2023 - 08:53
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 Ravie Lakshmanan Security / Firmware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

16 Březen, 2023 - 17:30
Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver the commercial adversary simulation software. The development comes as Ravie Lakshmanan Threat Intelligence37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security