#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

DocuSign | Breaking Cybersecurity News | The Hacker News

Category — DocuSign
Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

Nov 11, 2024 Vulnerability / Network Security
Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT . Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have abused Remcos to collect sensitive information from victims and remotely control their computers to perform further malicious acts." The starting point of the attack is a phishing email that uses purchase order-themed lures to convince recipients to open a Microsoft Excel attachment. The malicious Excel document is designed to exploit a known remote code execution flaw in Office ( CVE-2017-0199 , CVSS score: 7.8) to download an HTML Application (HTA) file ("cookienetbookinetcahce.hta") from a remote server ("192.3.220[.]22") and launch it using mshta.e...
New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

Mar 11, 2024 Phishing Attack / Mobile Security
Users in Brazil are the target of a new banking trojan known as  CHAVECLOAK  that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin  said . The attack chain involves the use of contract-themed DocuSign lures to trick users into opening PDF files containing a button to read and sign the documents. In reality, clicking the button leads to the retrieval of an installer file from a remote link that's shortened using the Goo.su URL shortening service. Present within the installer is an executable named "Lightshot.exe" that leverages DLL side-loading to load "Lightshot.dll," which is the CHAVECLOAK malware that facilitates the theft of sensitive information. This includes gathering system metadata and running checks to determine whether the compromis...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Jan 09, 2025AI Security / SaaS Security
As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.  Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a customer support person using Agentic AI to automate tasks – without going through the proper channels. When these tools are used without IT or the Security team's knowledge, they often lack sufficient security controls, putting company data at risk. Shadow AI Detection Challenges Because shadow AI tools often embed themselves in approved business applications via AI assistants, copilots, and agents they are even more tricky to discover than traditional shadow IT. While traditional shadow apps can be identified through network monitoring methodologies that scan for unauthorized connections based on...
DocuSign Data Breach Led to Targeted Email Malware Campaign

DocuSign Data Breach Led to Targeted Email Malware Campaign

May 17, 2017
While we all were busy in the WannaCry ransomware menace, two separate data breaches have been reported, one in DocuSign, a major provider of electronic signature technology, and another in BELL , Canada's largest telecommunications company. In a notice on its website on Tuesday, DocuSign confirmed a breach at one of its email systems when investigating the cause of an increase in DocuSign-impersonating phishing emails. "A malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email," DocuSign said in the announcement. What Happened? An unknown hacker or group of hackers managed to breach one of the electronic signature technology provider's email systems and steal a database containing the email addresses of DocuSign customers. The attackers then used the stolen data to conduct an extensive phishing campaign to target the DocuSign's users over the past w...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
Expert Insights / Articles Videos
Cybersecurity Resources