#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

Feb 22, 2024 Network Security / Penetration Testing
A recently open-sourced network mapping tool called  SSH-Snake  has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández  said . "The worm automatically searches through known credential locations and shell history files to determine its next move." SSH-Snake was first released on GitHub in early January 2024, and is described by its developer as a "powerful tool" to carry out  automatic network traversal  using SSH private keys discovered on systems. In doing so, it creates a comprehensive map of a network and its dependencies, helping determine the extent to which a network can be compromised using SSH and SSH private keys starting from a particular host. It also supports  resolution of domains  which have multiple IPv4 addresses. "It's comp
A New Age of Hacktivism

A New Age of Hacktivism

Feb 22, 2024 Hacktivism / Information Warfare
In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or joining existing hacker collectives.  We understand hacktivism as a form of computer hacking that is done to further the goals of political or social  activism 1 . While  activism  describes a normal, non-disruptive use of the Internet in order to support a specific cause (online petitions, fundraising, coordinating activities),  hacktivism  includes operations that use hacking techniques with the intent to disrupt but not to cause serious harm (e.g., data theft, website defacements, redirects, Denial-of-Service attacks). Cyber operations that inherit a willingness or intent to cause harm to physical property, severe economic damage or loss of life would be referred to as  cyberterrorism, 2, 3  Th
Russian Government Software Backdoored to Deploy Konni RAT Malware

Russian Government Software Backdoored to Deploy Konni RAT Malware

Feb 22, 2024 Malware / Cyber Espionage
An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called  Konni RAT  (aka  UpDog ). The findings come from German cybersecurity company DCSO, which linked the activity as originating from the Democratic People's Republic of Korea (DPRK)-nexus actors targeting Russia. The Konni (aka Opal Sleet, Osmium, or  TA406 ) activity cluster has an established pattern of deploying Konni RAT against Russian entities, with the threat actor also linked to  attacks directed against MID  at least since October 2021. In November 2023, Fortinet FortiGuard Labs  revealed  the use of Russian-language Microsoft Word documents to deliver malware capable of harvesting sensitive information from compromised Windows hosts. DCSO said the packaging of Konni RAT within software installers is a technique  previously adopted  by the group in October 2023, when it was found to leverage a backd
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

Feb 22, 2024 Ransomware / Cybercrime
The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and around the world, causing costly disruptions to operations and the destruction or exfiltration of sensitive information," the State Department  said . "More than $144 million in ransom payments have been made to recover from LockBit ransomware events." The development comes as a sweeping law enforcement operation led by the U.K. National Crime Agency (NCA)  disrupted  LockBit, a Russia-linked ransomware gang that has been active for more than four years, wreaking havoc on business and critical infrastructure entities around the world. Ransomware-as-a-service (RaaS) operations like LockBit and others work by e
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

Feb 21, 2024 Network Security / Vulnerability
Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a security evaluation of  wpa_supplicant  and Intel's iNet Wireless Daemon ( IWD ), respectively. The flaws "allow attackers to trick victims into connecting to malicious clones of trusted networks and intercept their traffic, and join otherwise secure networks without needing the password," Top10VPN  said  in a new research conducted in collaboration with Mathy Vanhoef, who has previously uncovered Wi-Fi attacks like  KRACK ,  DragonBlood , and  TunnelCrack . CVE-2023-52161, in particular, permits an adversary to gain unauthorized access to a protected Wi-Fi network, exposing exis
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

Feb 21, 2024 Malware / Cyber Espionage
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu and Pierre Lee  said  in a new technical write-up. Targets of DOPLUGS have been primarily located in Taiwan, and Vietnam, and to a lesser extent in Hong Kong, India, Japan, Malaysia, Mongolia, and even China. PlugX is a staple tool of  Mustang Panda , which is also tracked as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, TA416, and TEMP.Hex. It's known to be active since at least 2012, although it first came to light in 2017. The threat actor's tradecraft entails carrying out well-forged spear-phishing campaigns that a
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
6 Ways to Simplify SaaS Identity Governance

6 Ways to Simplify SaaS Identity Governance

Feb 21, 2024 SaaS Security / Identity Management
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can't possibly become experts in the nuances of the native security settings and access controls for hundreds (or thousands) of apps. And, even if they could, the sheer volume of tasks would easily bury them. Modern IT teams need a way to orchestrate and govern SaaS identity governance by engaging the application owners in the business who are most familiar with how the tool is used, and who needs what type of access.  Nudge Security is a  SaaS security and governance solution  that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to learn how it works. 1 . Discover all SaaS apps used b
New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

Feb 21, 2024 Malware / Cyber Threat
Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed  VietCredCare  at least since August 2022. The malware is "notable for its ability to automatically filter out Facebook session cookies and credentials stolen from compromised devices, and assess whether these accounts manage business profiles and if they maintain a positive Meta ad credit balance," Singapore-headquartered Group-IB  said  in a new report shared with The Hacker News. The end goal of the large-scale malware distribution scheme is to facilitate the takeover of corporate Facebook accounts by targeting Vietnamese individuals who manage the Facebook profiles of prominent businesses and organizations. Facebook accounts that have been successfully seized are then used by the threat actors behind the operation to post political content or to propagate phishing and affiliate scams for financial gain. VietCredCare is offered to other aspiring cybercriminals under the stealer-as
Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery

Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery

Feb 21, 2024 Endpoint Security / Healthcare
On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were  hit by a ransomware attack , and in that moment, the real-world repercussions came to light—it wasn't just computer networks that were brought to a halt, but actual patient care itself.  Cybercriminals are more brazen than ever, targeting smaller healthcare organizations for big payouts. Sure, it would be nice to believe thieves once lived by a code of conduct, but if one ever existed, it's been torn to shreds and tossed into the wind. Sophisticated hacker groups are now more than happy to launch cyberattacks on medical clinics, nursing homes, and other health service providers. Small- to mid-sized healthcare organizations have, unfortunately, become vulnerable targets from which cybercriminals can easily steal sensitive data, extort heavy ransoms, and, worst of all,
Cybersecurity Resources