#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

The Hacker News | #1 Trusted Cybersecurity News Site

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud
May 27, 2024 Cybercrime / Malware
Microsoft is calling attention to a Morocco-based cybercrime group dubbed  Storm-0539  that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company  said  in its latest Cyber Signals report. "We've seen some examples where the threat actor has stolen up to $100,000 a day at certain companies." Storm-0539 was  first spotlighted  by Microsoft in mid-December 2023, linking it to social engineering campaigns ahead of the year-end holiday season to steal victims' credentials and session tokens via adversary-in-the-middle ( AitM ) phishing pages. The gang, also called Atlas Lion and active since at least late 2021, is known to then abuse the initial access to register their own devices to bypass authentication and obtain persistent access, gain elevated privileges, and compromise gift card-related ser

Report: The Dark Side of Phishing Protection

Report: The Dark Side of Phishing Protection
May 27, 2024 Email Security / Browser Security
The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of phishing attacks today and analyzes the protections organizations have in place to protect against them. This report, "The Dark Side of Phishing Protection: Are You as Protected as You Should Be?" ( Download here ), can be leveraged by security and IT professionals across organizations in their security efforts. They can use it to pinpoint any internal security blind spots they have and identify controls and practices that can help them gain visibility into those blind spots. Understanding the Threat: Phishing Stats Phishing is on the rise. Based on a number of sources, the report describes the magnitude of the

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
May 27, 2024 Phishing Attack / Artificial Intelligence
Cybersecurity researchers are alerting of phishing campaigns that abuse  Cloudflare Workers  to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle ( AitM ) phishing, "uses Cloudflare Workers to act as a reverse proxy server for a legitimate login page, intercepting traffic between the victim and the login page to capture credentials, cookies, and tokens," Netskope researcher Jan Michael Alcantara  said  in a report. A majority of phishing campaigns hosted on Cloudflare Workers over the past 30 days have targeted victims in Asia, North America, and Southern Europe, spanning technology, financial services, and banking sectors. The cybersecurity firm said that an increase in traffic to Cloudflare Workers-hosted phishing pages was first registered in Q2 2023, noting it observed a spike in the total number of distinct domains

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

cyber security
websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets
May 27, 2024 Malware / Threat Intelligence
The Pakistan-nexus  Transparent Tribe  actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist," the BlackBerry Research and Intelligence Team  said  in a technical report published earlier this week. The spear-phishing campaign is also notable for its abuse of popular online services such as Discord, Google Drive, Slack, and Telegram, once again underscoring how threat actors are  adopting legitimate programs  into their attack flows. According to BlackBerry, the targets of the email-based attacks included three companies that are crucial stakeholders and clients of the Department of Defense Production ( DDP ). All the three companies targeted are headquartered in the Indian city of Bengaluru. While the names of the firms were not disclosed, indications are that th

Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data

Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data
May 25, 2024 Machine Learning / Data Breach
Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider  Replicate  that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate's platform customers," cloud security firm Wiz  said  in a report published this week. The issue stems from the fact that AI models are typically packaged in formats that allow arbitrary code execution, which an attacker could weaponize to perform cross-tenant attacks by means of a malicious model. Replicate makes use of an open-source tool called  Cog  to containerize and package machine learning models that could then be deployed either in a self-hosted environment or to Replicate. Wiz said that it created a rogue Cog container and uploaded it to Replicate, ultimately employing it to achieve remote code exec

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
May 24, 2024 Endpoint Security / Threat Intelligence
The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the threat actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access," MITRE researchers Lex Crumpton and Charles Clancy  said . "They wrote and deployed a JSP web shell (BEEFLUSH) under the vCenter Server's Tomcat server to execute a Python-based tunneling tool, facilitating SSH connections between adversary-created VMs and the ESXi hypervisor infrastructure." The motive behind such a move is to sidestep detection by obscuring their malicious activities from centralized management interfaces like vCenter and maintain persistent access while reducing the risk of being discovered. Details of the attack  emerged  last month when MITRE rev

Beware: These Fake Antivirus Sites Spreading Android and Windows Malware

Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
May 24, 2024 Malvertising / Endpoint Security
Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber attacks," Trellix security researcher Gurumoorthi Ramanathan  said . The list of websites is below - avast-securedownload[.]com, which is used to deliver the  SpyNote trojan  in the form of an Android package file ("Avast.apk") that, once installed, requests for intrusive permissions to read SMS messages and call logs, install and delete apps, take screenshot, track location, and even mine cryptocurrency bitdefender-app[.]com, which is used to deliver a ZIP archive file ("setup-win-x86-x64.exe.zip") that deploys the  Lumma  information stealer malw

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure
May 15, 2024Enterprise Security / Cloud Computing
While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure – with relative ease. Transitioning from VMware vSphere to Microsoft Azure requires careful planning and execution to ensure a smooth migration process. In this guide, we'll walk through the steps involved in moving your virtualized infrastructure to the cloud giant, Microsoft Azure. Whether you're migrating your entire data center or specific workloads, these steps will help you navigate the transition effectively. 1. Assess Your Environment: Before diving into the migration process, assess your current VMware vSphere environment thoroughly. Identify all virtual machines (VMs), dependencies, and resource

How Do Hackers Blend In So Well? Learn Their Tricks in This Expert Webinar

How Do Hackers Blend In So Well? Learn Their Tricks in This Expert Webinar
May 24, 2024 Cybersecurity Webinar
Don't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day. Join our FREE webinar " Navigating the SMB Threat Landscape: Key Insights from Huntress' Threat Report ," in which Jamie Levy — Director of Adversary Tactics at Huntress, a renowned cybersecurity expert with extensive experience in combating cyber threats — breaks down the latest cyber threats to SMBs like yours and explains what you can do about them. Here's a sneak peek of what you'll learn: Attackers are Blending In: Cyber attackers are getting smarter. They are increasingly using legitimate tools to disguise their activities, making it harder for traditional security measures to detect them. Learn how these techniques work and what you can do to detect these hidden threats. Ransomware on the Rise:  Following the takedown of Qakbot, there

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?
May 24, 2024 DevSecOps / Vulnerability Management
Introduction The infamous  Colonial   pipeline ransomware attack (2021) and  SolarWinds  supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers ( CISOs ): holding their ground while maintaining control over cloud security in the accelerating world of DevOps. The problem was emphasized by the  Capital One   data breach (2019),  Epsilon   data breach (2019),  Magecart   compromises (ongoing), and  MongoDB  breaches (2023-), where hackers exploited a misconfigured AWS S3 bucket. Strong collaboration between CISOs and DevOps teams on proper cloud security configurations could have prevented the breaches. More than the fight against hackers and the consequences of their attacks, several important problems stand out —the evolution of CISO's role and responsibilities and the challenge of improving cloud security, and how security operations teams collaborate with bus
Expert Insights
Cybersecurity Resources