#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Credential Theft | Breaking Cybersecurity News | The Hacker News

Hackers Targeting Human Rights Activists in Morocco and Western Sahara

Hackers Targeting Human Rights Activists in Morocco and Western Sahara
Apr 09, 2024 Cyber Espionage / Malware
Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is  tracking  the activity cluster under the name  Starry Addax , describing it as primarily singling out activists associated with the Sahrawi Arab Democratic Republic (SADR). Starry Addax's infrastructure – ondroid[.]site and ondroid[.]store – is designed to target both Android and Windows users, with the latter involving fake websites masquerading as login pages for popular social media websites. In light of active investigation into the campaign, Talos said it cannot publicly disclose which websites are being targeted with credential harvesting attacks. "However, the threat actors are establishing their own infrastructure and hosting credential harvesting pages such as fake login pages for media and email services po

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics
Dec 07, 2023 Threat Intelligence / Cyber Espionage
The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as  Star Blizzard  (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), Gossamer Bear, and TA446. The adversary "continues to prolifically target individuals and organizations involved in international affairs, defense, and logistics support to Ukraine, as well as academia, information security companies, and other entities aligning with Russian state interests," Redmond  said . Star Blizzard , linked to Russia's Federal Security Service (FSB), has a  track record  of setting up lookalike domains that impersonate the login pages of targeted companies. It's known to be active since at least 2017. In August 2023,

Hands-on Review: Cynomi AI-powered vCISO Platform

Hands-on Review: Cynomi AI-powered vCISO Platform
Apr 10, 2024vCISO / Risk Assessment
The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks

Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks
Dec 06, 2023 Cyber Threat / Vulnerability
A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like  TinyXML  and  OpenNDS . Collectively tracked as  Sierra:21 , the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according to Forescout Vedere Labs. A majority of these devices are located in the U.S., Canada, Australia, France, and Thailand. "These vulnerabilities may allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks," the industrial cybersecurity company  said  in a new analysis. Of the 21 vulnerabilities, one is rated critical, nine are rated high, and 11 are rated medium in severity. This includes remote code execution (RCE), cross-site scripting (XSS), denial-of-service (DoS), unauthori

WATCH: The SaaS Security Challenge in 90 Seconds

cyber security
websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.

N. Korean Lazarus Group Targets Software Vendor Using Known Flaws

N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
Oct 27, 2023 Cyber Attack / Malware
The North Korea-aligned  Lazarus Group  has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and  LPEClient , a known hacking tool used by the threat actor for victim profiling and payload delivery. "The adversary demonstrated a high level of sophistication, employing advanced evasion techniques and introducing SIGNBT malware for victim control," security researcher Seongsu Park  said . "The SIGNBT malware used in this attack employed a diverse infection chain and sophisticated techniques." The Russian cybersecurity vendor said the company that developed the exploited software had been a victim of a Lazarus attack several times, indicating an attempt to steal source code or poison the software supply chain, as in the case of the 

Catching the Catphish: Join the Expert Webinar on Combating Credential Phishing

Catching the Catphish: Join the Expert Webinar on Combating Credential Phishing
Aug 15, 2023 Enterprise Security / Cybersecurity
Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. The result? Cybercriminals gaining immediate and unhindered access to sensitive data, email accounts, and other applications. But what if you could outsmart these criminals and protect your organization? Join  Graham Cluley , renowned cybersecurity expert and host of the Smashing Security podcast, and  Mike Britton , CISO at Abnormal Security, for an illuminating webinar that delves into the world of credential phishing and offers actionable insights. What Will You Learn? Understanding the Lure:  How attackers manipulate victims into submitting credentials, employing tactics such as generative AI. Why Victims Fall for the Trap:  A detailed look at why security awareness training may not always succeed in preventing employees from taking the bait. Effective Strategies to Combat Threats:  Compre

Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities
Sep 23, 2022
A hack-for-hire group that was  first exposed in 2019  has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur , the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles in cyber espionage and data theft, selling the stolen information to anyone willing to pay," Trend Micro  noted  at the time. Attacks conducted by the group are typically both generic and opportunistic and are aimed at gaining unauthorized access to widely-used email services, social media, messaging, and corporate accounts. Earlier this June, Google's Threat Analysis Group (TAG) took the wraps off a set of  credential theft attacks  targeting journalists, European politicians, and non-profit's mounted by the threat actor. "Void Balaur also goes after targets va

Credential Theft Is (Still) A Top Attack Method

Credential Theft Is (Still) A Top Attack Method
Aug 15, 2022
Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication,  password  stealing remains a top attack method used by cyber criminals. The latest  report  from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations aren't revoking credentials that are no longer needed, meaning passwords can go unattended and dormant like a sitting duck (similar to what happened with Colonial Pipeline). And  Verizon's Data Breach Investigations Report  cites that nearly 50% of all data breaches were caused by stolen credentials. The stats don't lie. Cybercriminals are advancing, there's no doubt, but if there's an option to take the path of least resistance, they'll take it. Too often, that means compromising passwords and exploiting vulnerable access points.  Credential Theft and Critical Access
Cybersecurity Resources