Cyber Attack | Breaking Cybersecurity News | The Hacker News

Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly roaming the web in search of their next big score. Every manner of sensitive information, such as confidential employee records, customers' financial data, protected medical documents, and government files, are all subject to their relentless threats to cybersecurity . Solutions span a broad spectrum, from training email users to ensuring a VPN kill switch is in place, to adding extensive advanced layers of network protection. To successfully guard against severe threats from hackers, worm viruses to malware, such as botnet attacks, network managers need to use all tools and methods that fit well into a comprehensive cyber defense strategy. Of all the menaces mentioned above to a website owner's peace of mind, botnets arguably present the most unsettling form of security risk. They're not the mere achievements of malicious amateur cybercriminals. They're state

2010-2019 decade will be remembered as the time in which cybersecurity became acknowledged as a critical concern for all organizations. With rapidly growing security needs and respective budgets, it is now more essential than ever for security decision-makers to zoom out of the 'products' mindset and assess their security stack in light of the overall breach protection value that their investments return. The 2020 State of Breach Protection Survey ( click here to participate ) attempts to map out for the first time how breach protection is practiced and maintained globally – what are the common products, services, concerns, and challenges that are most common amongst organizations. Any security professional filling the anonymous salary survey questionnaire , organised by The Hacker News in partnership with Cynet, will get a free copy of the survey report once it is released in January 2020. You can complete the questionnaire here . Why is that important? Because unli

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

A new variant of Vega ransomware family, dubbed Zeppelin , has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan, breathe a sigh of relief, as the ransomware terminates its operations if found itself on machines located in these regions. It's notable and interesting because all previous variants of the Vega family, also known as VegaLocker, were primarily targeting Russian speaking users, which indicates Zeppelin is not the work of the same hacking group behind the previous attacks. Since Vega ransomware and its previous variants were offered as a service on underground forums, researchers at BlackBerry Cylance believes either Zeppelin "ended up in the hands of different threat actors" or "redeveloped from bought/stolen/leaked sources." According to a report BlackBerry Cyl

Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services without loading most of the third-party startup programs, including antivirus software. Snatch has been active since at least the summer of 2018, but SophosLabs researchers spotted the Safe Mode enhancement to this ransomware strain only in recent cyber attacks against various entities they investigated. "SophosLabs researchers have been investigating an ongoing series of ransomware attacks in which the ransomware executable forces the Windows machine to reboot into Safe Mode before beginning the encryption process," the researchers say . "The ransomware, which calls it

A Russian hacker who created and used Neverquest banking malware to steal money from victims' bank accounts has finally been sentenced to 4 years in prison by the United States District Court for the Southern District of New York. Stanislav Vitaliyevich Lisov , 34, was arrested by Spanish authorities at Barcelona–El Prat Airport in January 2017 on the request of the FBI and extradited to the United States in 2018. Earlier this year, Lisov pleaded guilty to one count of conspiracy to commit computer hacking, involving attempts to steal at least $4.4 million from hundreds of victims using the NeverQuest banking trojan. Just like any other sophisticated banking Trojan, NeverQuest , aka Vawtrak or Snifula, has also been designed to let attackers remotely control infected computers and steal a wide range of sensitive information. Besides stealing login information for banking or other financial accounts using a keylogger or web form injection techniques, the malware was also c

Targeted ransomware attacks on banking and finance, government , healthcare , and critical infrastructure are on the rise, with the latest victim being the state government of Louisiana. The state government of Louisiana was hit by a large-scale coordinated ransomware attack yesterday, which forced the state to take several state agency servers offline, including government websites, email systems, and other internal applications, to mitigate the risk of the malware's infection from spreading. The Monday's ransomware attack resulted in the subsequent shutdown of a majority of large state agencies, including the Office of the Governor, the Office of Motor Vehicles, the Department of Health, the Department of Children and Family Services, and the Department of Transportation and Development, among others. Louisiana Gov. John Bel Edwards revealed the incident in a series of tweets, saying that he had activated the state's cybersecurity team in response to the cyber

Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new malware campaigns are not customized for each organization, the threat actors appear to be more interested in businesses, IT services, manufacturing, and healthcare industries who possess critical data and can likely afford high ransom payouts. According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations. "Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in

Everis , one of the largest IT consulting companies in Spain, suffered a targeted ransomware attack on Monday, forcing the company to shut down all its computer systems until the issue gets resolved completely. Ransomware is a computer virus that encrypts files on an infected system until a ransom is paid. According to several local media, Everis informed its employees about the devastating widespread ransomware attack, saying: "We are suffering a massive virus attack on the Everis network. Please keep the PCs off. The network has been disconnected with clients and between offices. We will keep you updated." "Please, urgently transfer the message directly to your teams and colleagues due to standard communication problems." According to cybersecurity consultant  Arnau Estebanell Castellví , the malware encrypted files on Everis's computers with an extension name resembling the company's name, i.e., " .3v3r1s ," which suggests the at

Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. In May this year, Microsoft released a patch for a highly-critical remote code execution flaw, dubbed  BlueKeep , in its Windows Remote Desktop Services that could be exploited remotely to take full control over vulnerable systems just by sending specially crafted requests over RDP. BlueKeep, tracked as CVE-2019-0708 , is a wormable vulnerability because it can be weaponized by potential malware to propagate itself from one vulnerable computer to another automatically without requiring victims' interaction. BlueKeep has been considered to be such a serious threat that since its discovery, Microsoft and even government agencies [ NSA and GCHQ ] had continuously been encouraging Windows users and admins to apply security patches bef

Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted WhatsApp messaging service. Earlier this year, it was discovered that WhatsApp had a critical vulnerability that attackers were found exploiting in the wild to remotely install Pegasus spyware on targeted Android and iOS devices. The flaw (CVE-2019-3568) successfully allowed attackers to silently install the spyware app on targeted phones by merely placing a WhatsApp video call with specially crafted requests, even when the call was not answered. Developed by NSO Group, Pegasus allows access to an incredible amount of data from victims' smartphones remotely, including their text messages, emails, WhatsApp chats,

As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over a dozen anti-doping authorities and sporting organizations around the world. The attacks are originating from the 'Strontium' Russian hacking group, widely known as Fancy Bear or APT28, and are believed to be linked to the upcoming 2020 Summer Olympics in Tokyo. The Fancy Bear hacking group, also known as APT28, Sofacy, X-agent , Sednit , Sandworm , and Pawn Storm, is believed to be linked to Russian military intelligence agency GRU and has been in operation since at least 2007. Over these past three decades, the group has been credited to many high profile hacking incidents, like hacking the US presidential elections

A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Extortion by email is growing significantly, with a large number of users recently complaining about receiving sextortion emails that attempt to extort money from individuals by blackmailing them into exposing their sexual content. Though until now, it wasn't clear how scammers were sending such massive amounts of emails without getting blacklisted by the email providers, security researchers from CheckPoint finally found the missing block in this puzzle. In its latest report shared with The Hacker News prior to the release, Tel Aviv-based security firm CheckPoint reveals that a botnet, called Phorpiex , has recently been updated to include a spam bot designed to use compromised computers as proxies to send out over 3

Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android. What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to gain control of their targets' Android devices. Discovered by Project Zero researcher Maddie Stone, the details and a proof-of-concept exploit for the high-severity security vulnerability, tracked as CVE-2019-2215, has been made public today—just seven days after reporting it to the Android security team. The zero-day is a use-after-free vulnerability in the Android kernel's binder driver that can allow a local privileged attacker or an app to escalate their privileges to gain root access to a vulnerable device and potentially take full remote control of the device. Vulnerable Android D

Phishing is still one of the widely used strategies by cybercriminals and espionage groups to gain an initial foothold on the targeted systems. Though hacking someone with phishing attacks was easy a decade ago, the evolution of threat detection technologies and cyber awareness among people has slowed down the success of phishing and social engineering attacks over the years. Since phishing is more sort of a one-time opportunity for hackers before their victims suspect it and likely won't fall for the same trick again, sophisticated hacking groups have started putting a lot of effort, time and research to design well-crafted phishing campaigns. In one such latest campaign discovered by cybersecurity researchers at Check Point, a Chinese hacking group, known as Rancor , has been found conducting very targeted and extensive attacks against Southeast Asian government entities from December 2018 to June 2019. What's interesting about this ongoing 7-month long campaign is

Former Amazon employee Paige Thompson , who was arrested last month in relation to the Capital One data breach , has been accused of hacking not only the U.S. credit card issuer, but also more than 30 other companies. An indictment unsealed on Wednesday revealed that Thompson not just stole data from misconfigured servers hosted with a cloud-computing company, but also used the computing power of hacked servers to mine for cryptocurrency, a practice commonly known as " Cryptojacking ." Thompson, known online as "erratic," was arrested by the FBI on July 29 concerning a massive breach in Capital One Financial Corp that exposed the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The stolen data included approximately 140,000 Social Security numbers and 80,000 bank account numbers linked to United States customers, and 1 million Social Insurance numbers belonged to Canadian citizens, along wit

The French law enforcement agency, National Gendarmerie, today announced the successful takedown of one of the largest wide-spread RETADUP botnet malware and how it remotely disinfected more than 850,000 computers worldwide with the help of researchers. Earlier this year, security researchers at Avast antivirus firm, who were actively monitoring the activities of RETADUP botnet, discovered a design flaw in the malware's C&C protocol that could have been exploited to remove the malware from victims' computer without executing any extra code. However, to do that, the plan required researchers to have control over the malware's C&C server, which was hosted with a hosting provider located in the Ile-de-France region in north-central France. Therefore, the researchers contacted the Cybercrime Fighting Center (C3N) of the French National Gendarmerie at the end of March this year, shared their findings, and proposed a secret plan to put an end to the RETADUP vir