Cyber Attack | Breaking Cybersecurity News | The Hacker News

Just a year after Mirai —biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks—completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet. Dubbed ' IoT_reaper ,' first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits vulnerabilities in various IoT devices and enslaves them into a botnet network. IoT_reaper malware currently includes exploits for nine previously disclosed vulnerabilities in IoT devices from following manufactures: Dlink (routers) Netgear (routers) Linksys (routers) Goahead (cameras) JAWS (cameras) AVTECH (cameras) Vacron (NVR) Researchers believe IoT_reaper malware has already infected nearly two million devices and growing continuously at an extraordinary rate of 10,000 new devices per day. This is extremely worrying because it took only 100,000 infected devices

It was not just Yahoo among "Fortune 500" companies who tried to keep a major data breach incident secret. Reportedly, Microsoft had also suffered a data breach four and a half years ago (in 2013), when a " highly sophisticated hacking group " breached its bug-reporting and patch-tracking database, but the hack was never made public until today. According to five former employees of the company, interviewed separately by Reuters , revealed that the breached database had been " poorly protected with access possible via little more than a password. " This incident is believed to be the second known breach of such a corporate database after a critical zero-day vulnerability was discovered in Mozilla's Bugzilla bug-tracking software in 2014. As its name suggests, the bug-reporting and patch-tracking database for Windows contained information on critical and unpatched vulnerabilities in some of the most widely used software in the world, includ

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

FinSpy —the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis . The critical type confusion vulnerability, tracked as CVE-2017-11292 , could lead to code execution and affects Flash Player 21.0.0.226 for major operating systems including Windows, Macintosh, Linux and Chrome OS. Researchers say BlackOasis is the same group of attackers which were also responsible for exploiting another zero-day vulnerability ( CVE-2017-8759 ) discovered by FireEye researchers in September 2017. Also, the final FinSpy payload in the current attacks exploiting Flash zero-day (CVE-2017-11292) shares the same command and control (C&C) server as the

Remember NotPetya ? The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year. Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack. According to a press release published Thursday by the Secret Service of Ukraine (SBU), the next major cyber attack could take place between October 13 and 17 when Ukraine celebrates Defender of Ukraine Day (in Ukrainian: День захисника України, Den' zakhysnyka Ukrayiny). Authorities warn the cyber attack can once again be conducted through a malicious software update against state government institutions and private companies. The attackers of the NotPetya ransomware also used the same tactic—compromising the update mechanism for Ukrainian financial software provider called MeDoc and swapping in a dodgy update including the NotPetya computer v

If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, since they've added you as one of their ' Trusted Contacts '—just don't blindly believe it. Researchers have detected a new Facebook phishing scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook account. This latest social media scam is abusing "Trusted Contact"—a Facebook account recovery feature that sends secret access codes to a few of your close friends in order to help you regain access to your Facebook account in case you forget your password or lost access to your account. According to a public security alert published by AccessNow, the attack initiates by an already compromised account of one of your friends, asking for urgent help to get back into his/her Facebook account. The attacker explains that you are listed as one of his/her Trusted Conta

Researchers from cybersecurity firm Proofpoint have recently discovered a large-scale malvertising campaign that exposed millions of Internet users in the United States, Canada, the UK, and Australia to malware infections. Active for more than a year and still ongoing, the malware campaign is being conducted by a hacking group called KovCoreG , which is well known for distributing Kovter ad fraud malware that was used in 2015 malicious ad campaign s, and most recently earlier in 2017 . The KovCoreG hacking group initially took advantage of P0rnHub—one of the world's most visited adult websites—to distribute fake browser updates that worked on all three major Windows web browsers, including Chrome, Firefox, and Microsoft Edge/Internet Explorer. According to the Proofpoint researchers, the infections in this campaign first appeared on P0rnHub web pages via a legitimate advertising network called Traffic Junky, which tricked users into installing the Kovtar malware onto the

Do you know—United States Government has banned federal agencies from using Kaspersky antivirus software over spying fear? Though there's no solid evidence yet available, an article published by WSJ claims  that the Russian state-sponsored hackers stole highly classified NSA documents from a contractor in 2015 with the help of a security program made by Russia-based security firm Kaspersky Lab. Currently, there is no way to independently confirm if the claims on the popular security vendor published by the Wall Street Journal is accurate—and the story does not even prove the involvement of Kaspersky. "As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight," Kaspersky said in a statement. The NSA contractor working with the American intelligence agency, whose identity has not yet been disclosed, reportedly do

It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily. Security researchers from multiple security firms, including Arbor Networks and FireEye , independently discovered a series of malware campaigns primarily targeting aerospace, defence contractors and manufacturing sectors in various countries, including the United States, Thailand, South Korea and India. What's common? All these attack campaigns, conducted by various hacking groups, eventually install same information and password stealer malware—dubbed FormBook —on the targeted systems. FormBook is nothing but a " malware-as-as-service ," which is an affordable piece of data-stealing and form-grabbing malware that has been

This month has been full of breaches. Now, the Securities and Exchange Commission (SEC), the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information. On Wednesday, the SEC announced that its officials learnt last month that a previously detected 2016 cyber attack, which exploited a "software vulnerability" in the online EDGAR public-company filing system, may have "provided the basis for illicit gain through trading." EDGAR , short for Electronic Data Gathering, Analysis, and Retrieval, is an online filing system where companies submit their financial filings, which processes around 1.7 million electronic filings a year. The database lists millions of filings on corporate disclosures—ranging from quarterly earnings to sensitive and confidential information on mergers and acquisitions, which could be used for insider-trading or manipulating

The group of unknown hackers who hijacked CCleaner's download server to distribute a malicious version of the popular system optimization software targeted at least 20 major international technology companies with a second-stage payload. Earlier this week, when the CCleaner hack was reported , researchers assured users that there's no second stage malware used in the massive attack and affected users can simply update their version in order to get rid of the malicious software. However, during the analysis of the hackers' command-and-control (C2) server to which the malicious CCleaner versions connected, security researchers from Cisco's Talos Group found evidence of a second payload (GeeSetup_x86.dll, a lightweight backdoor module) that was delivered to a specific list of computers based on local domain names. Affected Technology Firms  According to a predefined list mentioned in the configuration of the C2 server, the attack was designed to find computer

Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea. According to the latest research published Wednesday by US security firm FireEye, an Iranian hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and military sectors since at least 2013 as part of a massive cyber-espionage operation to gather intelligence and steal trade secrets. The security firm also says it has evidence that APT33 works on behalf of Iran's government. FireEye researchers have spotted cyber attacks aimed by APT33 since at least May 2016 and found that the group has successfully targeted aviation sector—both military and commercial—as well as organisations in the energy sector with a link to petrochemical. The APT33 victims include a U.S. firm in the aerospace sector, a Saudi Arabian business conglomerate with avi

Remember " Crackas With Attitude "? The hacking group behind a series of embarrassing hacks that targeted personal email accounts of senior officials at the FBI, the CIA, and the White House, among other United States federal agencies in 2015. A member of Crackas With Attitude , who was arrested last year in September, has now been sentenced to five years in federal prison. Justin Liverman, a 25-year-old man from Morehead City, who was known under the online alias "D3F4ULT," was arrested last year along with another member of the group—Andrew Otto Boggs, 23, of North Wilkesboro, who allegedly used the handle "INCURSIO." The duo hacked into multiple government organizations between October 2015 and February 2016. Boggs was sentenced to two years in prison on June 30, 2017, for his role. Liverman pleaded guilty on January 6 this year to conspiracy to hack U.S. government computers and accounts and was sentenced to 5 years in prison on Friday.

The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector. Yes, I am talking about the ' Dragonfly ,' a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different countries in past years. In 2014, we reported about the Dragonfly groups ability to mount sabotage operations against their targets—mainly petroleum pipeline operators, electricity generation firms and other Industrial Control Systems (ICS) equipment providers for the energy sector. Researchers from cyber security firm Symantec who discovered the previous campaign is now warning of a new campaign, which they dubbed Dragonfly 2.0 , saying "the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so" and has

Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for developing web applications in the Java programming language, which supports REST, AJAX, and JSON. The vulnerability (CVE-2017-9805) is a programming blunder that resides in the way Struts processes data from an untrusted source. Specifically, Struts REST plugin fails to handle XML payloads while deserializing them properly. All versions of Apache Struts since 2008 (Struts 2.1.2 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12) are affected, leaving all web applications using the framework's REST plugin vulnerable to remote attackers. According to one of the security researchers at LGTM, who discovered this flaw, the Struts framework is being used by "an incredibly large number and va

Exclusive — If you have an account on Taringa , also known as "The Latin American Reddit," your account details may have compromised in a massive data breach that leaked login details of almost all of its over 28 million users. Taringa is a popluar social network geared toward Latin American users, who create and share thousands of posts every day on general interest topics like life hacks, tutorials, recipes, reviews, and art. The Hacker News has been informed by LeakBase , a breach notification service, who has obtained a copy of the hacked database containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users. The hashed passwords use an ageing algorithm called MD5 – which has been considered outdated even before 2012 – that can easily be cracked, making Taringa users open to hackers. Wanna know how weak is MD5?, LeakBase team has already cracked 93.79 percent (nearly 27 Million) of hashed passwords s

Security researchers at ESET have discovered a new malware campaign targeting consulates, ministries and embassies worldwide to spy on governments and diplomats. Active since 2016, the malware campaign is leveraging a new backdoor, dubbed Gazer , and is believed to be carried out by Turla advanced persistent threat (APT) hacking group that's been previously linked to Russian intelligence. Gazer, written in C++, the backdoor delivers via spear phishing emails and hijacks targeted computers in two steps—first, the malware drops Skipper backdoor, which has previously been linked to Turla and then installs Gazer components. In previous cyber espionage campaigns, the Turla hacking group used Carbon and Kazuar backdoors as its second-stage malware, which also has many similarities with Gazer, according to research [ PDF ] published by ESET. Gazer receives encrypted commands from a remote command-and-control server and evades detection by using compromised, legitimate website

If you came across any Facebook message with a video link sent by anyone, even your friend — just don't click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software. Although it is still unclear how the malware spreads, researchers believe spammers are using compromised accounts, hijacked browsers, or clickjacking techniques to spread the malicious link. The attackers make use of social engineering to trick users into clicking the video link, which purports to be from one of their Facebook friends, with the message that reads "< your friend name > Video" followed by a bit.ly link, as shown. Here's How this Cross-Platform Malware Works: The URL redirects victims to a Google doc that displays a dynamically generated video thumbnail, like a playable movie, based on the sender'

Google's Chrome web browser Extensions are under attack with a series of developers being hacked within last one month. Almost two weeks ago, we reported how unknown attackers managed to compromise the Chrome Web Store account of a developer team and hijacked Copyfish extension , and then modified it to distribute spam correspondence to users. Just two days after that incident, some unknown attackers then hijacked another popular extension ' Web Developer ' and then updated it to directly inject advertisements into the web browser of over its 1 million users. After Chris Pederick, the creator of 'Web Developer' Chrome extension that offers various web development tools to its users, reported to Proofpoint that his extension had been compromised, the security vendor analysed the issue and found further add-ons in the Chrome Store that had also been altered. According to the latest report published by the researchers at Proofpoint on Monday, the expanded

Ransomware has been around for a few years but has become an albatross around everyone's neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars. In just past few months, we saw a scary strain of ransomware attacks including WannaCry , Petya and LeakerLocker , which made chaos worldwide by shutting down hospitals, vehicle manufacturing, telecommunications, banks and many businesses. Before WannaCry and Petya , the infamous Mamba full-disk-encrypting ransomware and the Locky ransomware had made chaos across the world last year, and the bad news is—they are back with their new and more damaging variants than ever before. Diablo6: New Variant of Locky Ransomware First surfaced in early 2016, Locky has been one of the largest distributed ransomware infections, infecting organisations across the globe. By tricking victims into clicking on a malicious attachment, Locky ransomware encrypt