The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Computer hacking

Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions

Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions
August 25, 2021Ravie Lakshmanan
A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed " Sardonic " by Romanian cybersecurity technology company Bitdefender, which it encountered during a  forensic investigation  in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News. Since emerging on the scene in January 2016, FIN8 has

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers
May 06, 2021Ravie Lakshmanan
When Spectre, a class of critical vulnerabilities impacting modern processors, was  publicly revealed  in January 2018, the researchers behind the discovery  said , "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration behind naming the speculative execution attacks. Indeed, it's been more than three years, and there is no end to Spectre in sight. A team of academics from the University of Virginia and University of California, San Diego, have discovered a  new line of attack  that bypasses all current Spectre protections built into the chips, potentially putting almost every system — desktops, laptops, cloud servers, and smartphones — once again at risk just as they were three years ago. The disclosure of  Spectre and Meltdown  opened a  floodgates  of sorts, what with  endless   variants  of the  attacks  coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorpo

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers
June 21, 2019Swati Khandelwal
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security researchers at SafeBreach Labs , the vulnerability, identified as CVE-2019-12280, is a privilege-escalation issue and affects Dell's SupportAssist application for business PCs (version 2.0) and home PCs (version 3.2.1 and all prior versions). Dell SupportAssist, formerly known as Dell System Detect, checks the health of your system's hardware and software, alerting customers to take appropriate action to resolve them. To do so, it runs on your computer with SYSTEM-level permissions. With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device d

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking
May 02, 2019Mohit Kumar
If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers . Dell SupportAssist , formerly known as Dell System Detect , checks the health of your computer system's hardware and software. The utility has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product, scan the existing device drivers and install missing or available driver updates, as well as perform hardware diagnostic tests. If you are wondering how it works, Dell SupportAssist in the background runs a web server locally on the user system, either on port 8884, 8883, 8886, or port 8885, and accepts various commands as URL parameters to perform some-predefined tasks on the computer, like collecting

Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild

Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild
September 27, 2018Swati Khandelwal
Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax , the UEFI rootkit is part of a malware campaign conducted by the infamous Sednit group, also known as APT28, Fancy Bear , Strontium , and Sofacy , to target several government organizations in the Balkans as well as in Central and Eastern Europe. Operating since at least 2007, Sednit group is a state-sponsored hacking group believed to be a unit of GRU (General Staff Main Intelligence Directorate), a Russian secret military intelligence agency. The hacking group has been associated with a number of high profile attacks, including the DNC hack just before the U.S. 2016 presidential election . UEFI, or Unified Extensible Firmware Interface, a replacement for the traditional BIOS, is a core and critical firmware component of a

Kaspersky: NSA Worker's Computer Was Already Infected With Malware

Kaspersky: NSA Worker's Computer Was Already Infected With Malware
November 17, 2017Swati Khandelwal
Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee's laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware. Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware. According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer's home computer contained large amounts of malware files which acted as a backdoor to the PC. The report also provided more details about the malicious backdoor that infected the NSA worker's computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader. Backdoor On NSA Worker's PC May Have Helped Other Hackers Steal Classi

CCleaner Malware Infects Big Tech Companies With Second Backdoor

CCleaner Malware Infects Big Tech Companies With Second Backdoor
September 21, 2017Unknown
The group of unknown hackers who hijacked CCleaner's download server to distribute a malicious version of the popular system optimization software targeted at least 20 major international technology companies with a second-stage payload. Earlier this week, when the CCleaner hack was reported , researchers assured users that there's no second stage malware used in the massive attack and affected users can simply update their version in order to get rid of the malicious software. However, during the analysis of the hackers' command-and-control (C2) server to which the malicious CCleaner versions connected, security researchers from Cisco's Talos Group found evidence of a second payload (GeeSetup_x86.dll, a lightweight backdoor module) that was delivered to a specific list of computers based on local domain names. Affected Technology Firms  According to a predefined list mentioned in the configuration of the C2 server, the attack was designed to find computer

WannaCry Inspires Banking Trojan to Add Self-Spreading Ability

WannaCry Inspires Banking Trojan to Add Self-Spreading Ability
August 02, 2017Swati Khandelwal
Although the wave of WannaCry and Petya ransomware has now been slowed down, money-motivated hackers and cyber criminals have taken lessons from the global outbreaks to make their malware more powerful. Security researchers have now discovered at least one group of cyber criminals that are attempting to give its banking Trojan the self-spreading worm-like capabilities that made recent ransomware attacks go worldwide. The new version of credential stealing TrickBot banking Trojan, known as " 1000029 " ( v24 ), has been found using the Windows Server Message Block (SMB)—that allowed WannaCry and Petya to spread across the world quickly. TrickBot is a banking Trojan malware that has been targeting financial institutions across the world since last year. The Trojan generally spreads via email attachments impersonating invoices from a large unnamed "international financial institution," but actually leads victims to a fake login page used to steal credenti

New "Fileless Malware" Targets Banks and Organizations Spotted in the Wild

New “Fileless Malware” Targets Banks and Organizations Spotted in the Wild
February 08, 2017Swati Khandelwal
More than a hundred banks and financial institutions across the world have been infected with a dangerous sophisticated, memory-based malware that's almost undetectable, researchers warned. Newly published report by the Russian security firm Kaspersky Lab indicates that hackers are targeting banks, telecommunication companies, and government organizations in 40 countries, including the US, South America, Europe and Africa, with Fileless malware that resides solely in the memory of the compromised computers. Fileless malware was first discovered by the same security firm in 2014, has never been mainstream until now. Fileless malware is a piece of nasty software that does not copy any files or folder to the hard drive in order to get executed. Instead, payloads are directly injected into the memory of running processes, and the malware executes in the system's RAM. Since the malware runs in the memory, the memory acquisition becomes useless once the system gets reboot

This Malware Can Transfer Data via USB Emissions from Air-Gapped Computers

This Malware Can Transfer Data via USB Emissions from Air-Gapped Computers
September 04, 2016Swati Khandelwal
Air-gapped computers that are isolated from the Internet or other networks and believed to be the most secure computers on the planet have become a regular target in recent years. A team of researchers from Ben-Gurion University in Israel has discovered a way to extract sensitive information from air-gapped computers – this time using radio frequency transmissions from USB connectors without any need of specialized hardware mounted on the USB. Dubbed USBee , the attack is a significant improvement over the NSA-made USB exfiltrator called CottonMouth that was mentioned in a document leaked by former NSA employee Edward Snowden. Unlike CottonMouth , USBee doesn't require an attacker to smuggle a modified USB device into the facility housing the air-gapped computer being targeted; rather the technique turns USB devices already inside the facility into an RF transmitter with no hardware modification required. Must Read: BadUSB Code Released – Turn USB Drives Into Undete

STOP Rule 41 — FBI should not get Legal Power to Hack Computers Worldwide

STOP Rule 41 — FBI should not get Legal Power to Hack Computers Worldwide
June 23, 2016Mohit Kumar
We have been hearing a lot about Rule 41 after the US Department of Justice has pushed an update to the rule. The change to the Rule 41 of the Federal Rules of Criminal Procedure grants the FBI much greater powers to hack legally into any computer across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any US judge. However, both civil liberties groups and tech companies have blasted the proposed change, saying it is an affront to the Fourth Amendment and would allow the cops and Feds in America to hack remotely into people's computers and phones around the world. Google, Electronic Frontier Foundation (EFF), Demand Progress, FightForTheFuture, TOR (The Onion Router), Private Internet Access and other VPN providers have joined their hands to block changes to Rule 41. " The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack," the

Photo reveals even Zuckerberg tapes his Webcam and Microphone for Privacy

Photo reveals even Zuckerberg tapes his Webcam and Microphone for Privacy
June 22, 2016Swati Khandelwal
What do you do to protect your 'Privacy' and keep yourself safe from potential hackers? Well, Facebook CEO Mark Zuckerberg just need a bit of tape to cover his laptop webcam and mic jack in order to protect his privacy. Yes, Zuck also does the same as the FBI Director James Comey . Zuckerberg posted a photo on Tuesday to celebrate Instagram's 500 Million monthly user milestone, but the picture end up revealing about another security measure he takes to ensure that nobody is spying on him – and it's surprisingly simple. Some eagle-eyed observers quickly noticed that the MacBook Pro on Zuckerberg's desk in the background of the image has the tape covering not only the webcam, but also the laptop's dual microphones. While some tried to argue that it was not Zuckerberg's desk, Gizmodo pointed out that Zuckerberg has posted videos, live streams and images from there before, so it seems like a safe assumption. So, Zuckerberg joins FBI director Jam

1 Million Computers Hacked for making big Money from Adsense

1 Million Computers Hacked for making big Money from Adsense
May 17, 2016Swati Khandelwal
A group of cyber criminals has infected as much as 1 Million computers around the world over the past two years with a piece of malware that hijacks search results pages using a local proxy. Security researchers from Romania-based security firm Bitdefender revealed the presence of this massive click-fraud botnet, which the researchers named Million-Machine Campaign. For those unaware, Botnets are networks of computers infected with malware designed to take control of the infected system without the owner's knowledge, potentially being used for launching distributed denial-of-service (DDoS) attacks against websites. The malware in question is known as Redirector.Paco that alone has infected over 900,000 machines around the world since its release in 2014. The Redirector.Paco Trojan infects users when they download and install tainted versions of popular software programs, such as WinRAR, YouTube Downloader, KMSPico, Connectify, or Stardock Start8. Once infected, Paco m

Ukrainian Hacker Admits Stealing Corporate Press Releases for $30 Million Profit

Ukrainian Hacker Admits Stealing Corporate Press Releases for $30 Million Profit
May 17, 2016Wang Wei
A 28-year-old Ukrainian hacker has pleaded guilty in the United States to stealing unpublished news releases and using that non-public information in illegal trading to generate more than $30 Million (£20.8 Million) in illicit profits. Vadym Iermolovych, 28, admitted Monday that he worked with two other Ukrainian hackers to hack into computer networks at PR Newswire, Marketwired and Business Wire, and steal 150,000 press releases to gain the advantage in the stock market. The defendants then used nearly 800 of those stolen news releases to make trades before the publication of the information, exploiting a time gap ranging from hours to 3 days. The trades would occur in "extremely short windows of time between when the hackers illegally accessed and shared the [news] releases and when the press releases were disseminated to the public by the Newswires, usually shortly after the close of the markets," said the Department of Justice in a press release . Thirty-two pe

U.S. Supreme Court allows the FBI to Hack any Computer in the World

U.S. Supreme Court allows the FBI to Hack any Computer in the World
April 29, 2016Swati Khandelwal
In Brief The US Supreme Court has approved amendments to Rule 41, which now gives judges the authority to issue search warrants, not only for computers located in their jurisdiction but also outside their jurisdiction. Under the original Rule 41, let's say, a New York judge can only authorize the FBI to hack into a suspect's computer in New York. But the amended rule would now make it easier for the FBI to hack into any computer or network, literally anywhere in the world. The Federal Bureau of Investigation (FBI) can now Hack your computers anywhere, anytime. The FBI appeared to have been granted powers to hack any computer legally across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any United States judge. The U.S. Supreme Court approved yesterday a change in Rule 41 of the Federal Rules of Criminal Procedure that would let U.S. judges issue warrants for remote access to electronic devices outside their jurisdict

So, FBI Director also Puts Tape Over His Webcam

So, FBI Director also Puts Tape Over His Webcam
April 13, 2016Mohit Kumar
What do you do to protect your ' Privacy ' while using your computer? FBI Director James Comey uses tape to cover up his laptop webcam to ensure Privacy. Yes, you heard it right. During the Q&A session at Kenyon College last week, Comey said that he uses tape to cover his laptop webcam in order to mitigate the danger of secret surveillance. While giving a speech about encryption and privacy, Comey repeated his argument that " absolute privacy " hampers the law enforcement and has never existed in America – until now, when by default encryption offered by big tech giants created boundaries where law enforcement can't enter, even with a court order. This isn't the first time Comey made this kind of statement. Comey has always suggested tech companies to adopt encryption techniques that help federal agencies intercept end-to-end encrypted communications when necessary. But after his speech, Comey said something that generated hilarity

Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records

Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records
February 18, 2016Unknown
Ransomware has seriously turned on to a noxious game of Hackers to get paid effortlessly. Once again the heat was felt by the Los Angeles-based Presbyterian Medical Center when a group of hackers had sealed all its sensitive files and demanded $17,000 USD to regain the access to those compromised data. The devastation of the compromised files can be pitched as: Compromised emails Lockout Electronic Medical Record System [EMR] Encrypted patient data Unable to carry CT Scans of the admitted patients Ferried risky patients to nearby hospitals ...and much more unexplained outcomes. The hospital had confirmed that the Ransomware malware had hit its core heart a week before, potentially affecting the situation to grow much worse. Hospital End up Paying $17,000 As the situation was grown out of wild, the hospital paid 40 Bitcoins (Roughly US $17,000) to the Ransomware Criminals to resume their medical operations after gaining the decryption keys. "T

British Intelligence is Legally Allowed to Hack Anyone, Court Says

British Intelligence is Legally Allowed to Hack Anyone, Court Says
February 12, 2016Swati Khandelwal
Hacking of computers, smartphones and networks in the United Kingdom or abroad by the Government Communications Headquarters (GCHQ) is LEGAL , the UK's Investigatory Powers Tribunal ( IPT ) ruled. So, the UK is giving clean chit to its intelligence agency to spy on its people as well as people living abroad. Now, How is that okay? The British spying nerve center GCHQ has won a major court case in defense of the agency's persistent hacking programs.  After revelations by NSA whistleblower Edward Snowden about the extent of spying by the US and the UK, Privacy International and seven Internet Service Providers (ISPs) launched a legal challenge against the GCHQ's hacking operations. The case alleged that the British spying agency was breaking European law and violating fundamental warrant protections by its too intrusive and persistent surveillance actions. GCHQ Admitted its Hacking Practices Though GCHQ "neither confirm nor deny" the e

Duuzer Trojan: A New Backdoor Targeting South Korean Organizations

Duuzer Trojan: A New Backdoor Targeting South Korean Organizations
October 27, 2015Khyati Jain
Security researchers at Symantec have uncovered a new Backdoor Trojan that grants hackers remote access and some control over infected machines. " Duuzer ," as dubbed by the researchers, has been targeting organizations in South Korea and elsewhere in an attempt to steal valuable information. The Trojan is designed to infect both 32-bit and 64-bit computers running Windows 7, Windows Vista, and Windows XP. Duuzer gives attackers remote access to the compromised computer, allowing them to: Collect system and drive information Create, enumerate, and end processes Access, modify and delete files Upload and Download additional files Change the time attributes of files Execute malicious commands Steal data from infected system Know about victim's Operating System Duuzer Infects via Spear Phishing or Watering Hole Attacks It is currently unclear how the malware is being distributed, but according to Symantec Researchers, the most obvious routes ar
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.