The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis

Hackers Using Bumblebee Loader to Compromise Active Directory Services

Hackers Using Bumblebee Loader to Compromise Active Directory Services

August 18, 2022Ravie Lakshmanan
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and Alon Laufer  said  in a technical write-up. Bumblebee  first came to light in March 2022 when Google's Threat Analysis Group (TAG) unmasked the activities of an initial access broker dubbed  Exotic Lily  with ties to the  TrickBot  and the larger  Conti  collectives. Typically delivered via initial access acquired through spear-phishing campaigns, the modus operandi has since been tweaked by eschewing macro-laced documents in favor of ISO and LNK files, primarily in response to Microsoft's decision to  block macros by default . "Distribution of the malware is done
Penetration Testing or Vulnerability Scanning? What's the Difference?

Penetration Testing or Vulnerability Scanning? What's the Difference?

August 18, 2022The Hacker News
Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an actual hacker would. However, there is a very important distinction between the two - and when each is the better option. Manual or automated? Penetration testing is a  manual  security assessment where cyber security professional attempts to find a way to break into your systems. It's a hands-on, in-depth test to evaluate security controls across a variety of systems, including web application, network and cloud environments. This kind of testing could take several weeks to complete, and due to its complexity and cost, is commonly carried out once a year. Vulnerability scanning,
Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

August 17, 2022Ravie Lakshmanan
Apple on Wednesday released security updates for  iOS, iPadOS , and  macOS  platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893  - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894  - An out-of-bounds issue in the operating system's Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges Apple said it addressed both the issues with improved bounds checking, adding it's aware the vulnerabilities "may have been actively exploited." The company did not disclose any additional information regarding these attacks or the identities of the threat actors perpetrating them, although it's likely that they were abused as part of highly-targeted intrusions. The latest update brings the total number of zero-days
Cybercriminals Developing BugDrop Malware to Bypass Android Security Features

Cybercriminals Developing BugDrop Malware to Bypass Android Security Features

August 17, 2022Ravie Lakshmanan
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous  Xenomorph  banking trojan, allowing criminals to perform On-Device Fraud on victim's devices," ThreatFabric's Han Sahin said in a statement shared with The Hacker News. Dubbed  BugDrop  by the Dutch security firm, the  dropper app  is explicitly designed to defeat new features introduced in the upcoming version of Android that aim to make it difficult for malware to request Accessibility Services privileges from victims. ThreatFabric attributed the dropper to a cybercriminal group known as "Hadoken Security," which is also behind the creation and distribution of the  Xenomorph and Gymdrop  Android malwa
New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

August 17, 2022Ravie Lakshmanan
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as  CVE-2022-2856 , the issue has been described as a case of insufficient validation of untrusted input in  Intents . Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022. As is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. "Google is aware that an exploit for CVE-2022-2856 exists in the wild," it  acknowledged  in a terse statement. The latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads. The development marks the fifth zero-day vulnerab
Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers

Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers

August 17, 2022Ravie Lakshmanan
A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future  disclosed  in a new report.  A lesser-known threat actor, RedAlpha was first  documented  by Citizen Lab in January 2018 and has a history of conducting cyber espionage and surveillance operations directed against the Tibetan community, some in India, to facilitate intelligence collection through the deployment of the NjRAT backdoor . "The campaigns [...] combine light reconnaissance, selective targeting, and diverse malicious tooling," Recorded Future  noted  at the time. Since then, malicious activities undertaken by the group have involved weaponizing as many as 350 domains that spoof leg
Lean Security 101: 3 Tips for Building Your Framework

Lean Security 101: 3 Tips for Building Your Framework

August 17, 2022The Hacker News
Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it's hard to keep track. Until…they infiltrate  your  system. But you know what's even more overwhelming than rampant cybercrime? Building your organization's security framework.  CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and control to a tee, you still couldn't keep your company from getting caught up in the next SolarWinds. Because textbook security and check-the-box compliance won't cut it. You've got to be strategic ( especially when manpower is limited! ). And lean. Learn the ropes now.  3 Pro Tips for Building Your Lean Security Framework Without a framework in place, you're either navigating the cyber-risk universe with blinders on — or buried so deep in false positives you couldn't spot a complex attack until it's already laterally advancing. But why build your secu
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.