#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Android Banking | Breaking Cybersecurity News | The Hacker News

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

Sep 26, 2023 Mobile Security / Malware
An updated version of an  Android banking trojan  called  Xenomorph  has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors. Some of the other targeted prominent countries targeted comprise Spain, Canada, Italy, and Belgium. "This new list adds dozens of new overlays for institutions from the United States, Portugal, and multiple crypto wallets, following a trend that has been consistent amongst all banking malware families in the last year," the company  said  in an analysis published Monday. Xenomorph is a variant of another banker malware called Alien which  first emerged  in 2022. Later that year, the financial malware was propagated via a new dropper dubbed  BugDrop , which bypassed security features in Android 13. A subsequent iter
Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

Jul 17, 2023 Malware / Cyber Threat
Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called  LokiBot  on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin  said . "It primarily targets Windows systems and aims to gather sensitive information from infected machines." The cybersecurity company, which spotted the campaign in May 2023, said the attacks take advantage of  CVE-2021-40444  and  CVE-2022-30190  (aka Follina) to achieve code execution. The Word file that weaponizes CVE-2021-40444 contains an external GoFile link embedded within an XML file that leads to the download of an HTML file, which exploits Follina to download a next-stage payload, an injector module written in Visual Basic that decrypts and launches LokiBot. The injector also features evasion techniques to check for the presence of debuggers a
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Cybersecurity Resources