The Hacker News - Cybersecurity News and Analysis

A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server," researchers from Jamf Threat Labs  said  in a report. UpdateAgent, first detected in late 2020, has since  evolved  into a malware dropper, facilitating the distribution of second-stage payloads such as adware while also bypassing macOS  Gatekeeper  protections. The newly discovered Swift-based dropper masquerades as Mach-O binaries named " PDFCreator " and " ActiveDirectory " that, upon execution, establish a connection to a remote server and retrieve a bash script to be executed. "The primary difference [between the two executables] is that it reaches out to a different URL from wh

Traditional businesses migrating to the cloud need robust information security mechanisms.  Gartner predicts  that more than 95% of new digital workloads will continue to be deployed on cloud-native platforms by 2025. Robust  cloud data security  is imperative for businesses adopting rapid digital transformation to the cloud. While a traditional hosting model could be considered more secure, not all organizations are receptive to relinquishing control over their infrastructure or applications by relying on a cloud provider at an increased risk of data theft from a cyberattack done by an outsider. Having said so, let's try to understand the vital part. What is Cloud Data Security?  Cloud data security entails securing data, whether at rest or in motion, on cloud-based infrastructure, applications, etc., against cyber threats like data breaches, unauthorized access, DDoS attacks, etc. This includes the technologies, policies, controls, and services to protect cloud-based system

The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind  Thanos ransomware , charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is alleged to have both developed and marketed the ransomware to other cybercriminals to facilitate the intrusions and get a share of the bitcoin payment. If convicted, Zagala faces up to five years' imprisonment for attempted computer intrusion, and five years' imprisonment for conspiracy to commit computer intrusions.  "The multi-tasking doctor treated patients, created and  named his cyber tool after death , profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious

Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K , is said to weaponize an  array of exploits  to gain control of web servers. The cryptojacking botnet first emerged in December 2020. "Sysrv-K scans the internet to find web servers with various vulnerabilities to install itself," the company  said  in a series of tweets. "The vulnerabilities range from path traversal and remote file disclosure to arbitrary file download and remote code execution vulnerabilities." This also includes  CVE-2022-22947  (CVSS score: 10.0), a code injection vulnerability in Spring Cloud Gateway that could be exploited to allow arbitrary remote execution on a remote host via a maliciously crafted request. It's worth noting that the abuse of CVE-2022-22947 has prompted the U.S. Cyb

More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information.  "Similar to  Joker , another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Trend Micro analysts Cifer Fang, Ford Quin, and Zhengyu Dong  said  in a new report. "Since its discovery, the spyware has continuously beleaguered Google Play." Facestealer, first  documented  by Doctor Web in July 2021, refers to a group of fraudulent apps that invade the official app marketplace for Android with the goal of plundering sensitive data such as Facebook login credentials. Of the 200 apps, 42 are VPN services, followed by a camera (20) and photo editing applications (13). In addition to harvesting credentials, the apps are also designed to collect Facebook cookies and personally identifiable information associated with a vic

Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday  added  two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. Tracked as  CVE-2022-30525 , the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system. Impacted devices include - USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800, and VPN series The issue, for which patches were released by the Taiwanese firm in late April (ZLD V5.30), became public knowledge on May 12 following a coordinated disclosure process with Rapid7. Source: Shadowserver Merely a day later, the Shadowserver Foundation  said  it began detecting exploitation attempts,

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication ( NFC ), and ultra-wideband ( UWB ) continue to operate while iOS is shut down when entering a "power reserve" Low Power Mode (LPM). While this is done so as to enable features like  Find My  and facilitate  Express Card transactions , all the three wireless chips have direct access to the secure element, academics from the Secure Mobile Networking Lab ( SEEMOO ) at the Technical University of Darmstadt  said  in a paper entitled "Evil Never Sleeps." "The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM," the researchers sa