The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis

Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

July 05, 2022Ravie Lakshmanan
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest sensitive data from forms embedded downstream mobile applications and websites. "These clearly malicious attacks relied on typo-squatting, a technique in which attackers offer up packages via public repositories with names that are similar to — or common misspellings of — legitimate packages," security researcher Karlo Zanki  said  in a Tuesday report. "Attackers impersonated high-traffic NPM modules like umbrellajs and packages published by ionic.io." The packages in question, most of which were published in the last months, have been collectively downloaded more than 27,000 t
Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies

Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies

July 05, 2022Ravie Lakshmanan
A pro-China  influence campaign  singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China's benefit. Targeted firms included Australia's Lynas Rare Earths Ltd, Canada's Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a report last week, calling the digital campaign  Dragonbridge . "It targeted an industry of strategic significance to the PRC, including specifically three commercial entities challenging the  PRC's global market dominance  in that industry," Mandiant  noted . The goal, the company noted, was to instigate environmental protests against the companies and propagate counter-narratives in response to potential or planned rare earths production activities involving the targets. This comprised a network of thousands of inauthentic accounts across numerous social medi
As New Clues Emerges, Experts Wonder: Is REvil Back?

As New Clues Emerges, Experts Wonder: Is REvil Back?

July 05, 2022The Hacker News
Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil  ransomware  gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia. The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In this apprehension, the 14 members of the gang were found in possession of 426 million roubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars were brought to justice. REvil Ransomware Gang- The Context The financially-motivated cybercriminal threat group Gold Southfield controlled ransomware group known as REvil emerged in 2019 and spread like wildfire after extorting $11 million from the meat-processor JBS. REvil would incentivize its affiliates to carry out cyberattacks for them by giving a percentage of the ransom pay-outs to those who help with infiltration activitie
Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web

Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web

July 05, 2022Ravie Lakshmanan
Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks  said . "They use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote administration tasks." Also prominent are the use of the TOR network and DNS proxy registration services to provide an added layer of anonymity for their illegal operations. But by taking advantage of the threat actors' operational security missteps and other techniques, the cybersecurity firm disclosed last week that it was able to identify TOR hidden services hosted on public IP addresses, some of which are previously unknown in
Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

July 04, 2022Ravie Lakshmanan
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as  CVE-2022-2294 , relates to a heap overflow flaw in the  WebRTC  component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps. Heap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the  heap area of the memory , leading to arbitrary code execution or a denial-of-service (DoS) condition. "Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code," MITRE  explains . "When the consequence is arbitrary code execution, this can often be used to subvert any other security service." Credited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Thre
Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH

Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH

July 04, 2022Ravie Lakshmanan
The Cyber Police of Ukraine last week disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campaign aimed at capitalizing on the ongoing conflict. "Criminals created more than 400 phishing links to obtain bank card data of citizens and appropriate money from their accounts," the agency  said  in a press statement last week. "The perpetrators may face up to 15 years behind bars." The law enforcement operation culminated in the seizure of computer equipment, mobile phones, bank cards as well as the criminal proceeds illicitly obtained through the scheme. Some of the rogue domains registered by the actors included ross0.yolasite[.]com, foundationua[.]com, ua-compensation[.]buzz, www.bless12[.]store, help-compensation[.]xyz, newsukraine10.yolasite[.]com, and euro24dopomoga0.yolasite[.]com, among others. The mali
Some Worms Use Their Powers for Good

Some Worms Use Their Powers for Good

July 04, 2022The Hacker News
Gardeners know that worms are good. Cybersecurity professionals know that worms are  bad . Very bad. In fact, worms are literally the most devasting force for evil known to the computing world. The  MyDoom  worm holds the dubious position of most costly computer malware  ever  – responsible for some  $52 billion  in damage. In second place…  Sobig , another worm. It turns out, however, that there are exceptions to every rule. Some biological worms are actually  not welcome  in most gardens. And some cyber worms, it seems, can use their powers for good …  Meet Hopper, The Good Worm Detection tools are not good at  catching non-exploit-based propagation , which is what worms do best. Most cybersecurity solutions are less resilient to worm attack methods like token impersonation and others that take advantage of deficient internal configurations - PAM, segmentation, insecure credential storage, and more. So, what better way to beat a stealthy worm than with … another stealthy worm?
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.