The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackersUnknownnoreply@blogger.comBlogger10716125
Aktualizace: 1 min 7 sek zpět

Boost Your Security with Europe's Leading Bug Bounty Platform

24 Listopad, 2022 - 12:03
As 2022 comes to an end, now's the time to level up your bug bounty program with Intigriti. Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global community of ethical hackers are enabling businesses to protect themselves against every emerging cybersecurity threat. Join the likes of Intel, The Hacker News
Kategorie: Hacking & Security

Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps

24 Listopad, 2022 - 11:55
The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new Ravie Lakshmanan
Kategorie: Hacking & Security

This Android File Manager App Infected Thousands of Devices with SharkBot Malware

24 Listopad, 2022 - 07:19
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week. SharkBot, first discovered towards Ravie Lakshmanan
Kategorie: Hacking & Security

Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware

24 Listopad, 2022 - 07:06
Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and Ravie Lakshmanan
Kategorie: Hacking & Security

34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware

23 Listopad, 2022 - 14:08
As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised card details is estimated around $5.8 million," Singapore-headquartered Group-IB said in a report shared with The Hacker News. Aside from lootingRavie Lakshmanan
Kategorie: Hacking & Security

Ducktail Malware Operation Evolves with New Malicious Capabilities

23 Listopad, 2022 - 13:39
The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account," WithSecure researcher Mohammad Kazem Ravie Lakshmanan
Kategorie: Hacking & Security

Top Cyber Threats Facing E-Commerce Sites This Holiday Season

23 Listopad, 2022 - 13:13
Delivering a superior customer experience is essential for any e-commerce business. For those companies, there's a lot at stake this holiday season. According to Digital Commerce 360, nearly $1.00 of every $4.00 spent on retail purchases during the 2022 holiday season will be spent online, resulting in $224 billion in e-commerce sales. To ensure your e-commerce site is ready for the holiday rushThe Hacker News
Kategorie: Hacking & Security

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

23 Listopad, 2022 - 10:28
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The findings build on a prior report Ravie Lakshmanan
Kategorie: Hacking & Security

Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-U.S. Influence Operation

23 Listopad, 2022 - 08:46
Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which originated from the U.S., primarily singled out Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan,Ravie Lakshmanan
Kategorie: Hacking & Security

Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike

23 Listopad, 2022 - 06:40
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test emails sent using generic subject lines such as "Just checking in" and "Hope this works2." However, thereRavie Lakshmanan
Kategorie: Hacking & Security

This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos

22 Listopad, 2022 - 18:36
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an Ravie Lakshmanan
Kategorie: Hacking & Security

Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware

22 Listopad, 2022 - 13:30
A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of multiple campaigns designed to steal sensitive information from compromised hosts. "These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised Ravie Lakshmanan
Kategorie: Hacking & Security

Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers

22 Listopad, 2022 - 13:07
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities.  The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to The Hacker News
Kategorie: Hacking & Security

Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns

22 Listopad, 2022 - 10:45
The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures. Palo Alto Ravie Lakshmanan
Kategorie: Hacking & Security

U.S. Authorities Seize Domains Used in 'Pig butchering' Cryptocurrency Scams

22 Listopad, 2022 - 10:10
The U.S. Justice Department (DoJ) on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said. Pig butchering, also called Sha Zhu Pan, is a type of scam in which swindlers lure unsuspecting investors into sending Ravie Lakshmanan
Kategorie: Hacking & Security

Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data

21 Listopad, 2022 - 16:16
The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per The threat actors allegedly claim to have obtained the personal data associated with five million Ravie Lakshmanan
Kategorie: Hacking & Security

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

21 Listopad, 2022 - 15:24
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery Ravie Lakshmanan
Kategorie: Hacking & Security

Been Doing It The Same Way For Years? Think Again.

21 Listopad, 2022 - 14:00
As IT professionals, we all reach a certain point in our IT career where we realize that some of our everyday tasks are done the same way year after year without anyone questioning why it's done that way. Despite the constant change and improvement in technology, some things just get done the same ineffective way without any real thought behind it because "that's the way it's always been done." The Hacker News
Kategorie: Hacking & Security

Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet

21 Listopad, 2022 - 11:02
Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel. The defendants have also been asked to pay Google's attorney fees. The defendants' move to press Ravie Lakshmanan
Kategorie: Hacking & Security

Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild

21 Listopad, 2022 - 06:42
Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI) team. The latest version of Cobalt Strike is version 4.7.2. Cobalt Ravie Lakshmanan
Kategorie: Hacking & Security