#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Exploit Chain | Breaking Cybersecurity News | The Hacker News

Category — Exploit Chain
Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

Dec 21, 2023 Zero-Day / Mobile Security
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor Ventura  said  in a report shared with The Hacker News. "However, by April 2022, that capability was being offered to their customers." Predator is the product of a consortium called the Intellexa Alliance, which includes Cytrox (subsequently acquired by WiSpear), Nexa Technologies, and Senpai Technologies. Both Cytrox and Intellexa were  added  to the Entity List by the U.S. in July 2023 for "trafficking in cyber exploits used to gain access to information systems." The latest findings come more than six months after the cybersecurity vendor detai
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

Dec 19, 2023 Cryptojacking / Cyber Threat
The threat actors associated with the  8220 Gang  have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is  CVE-2020-14883  (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated attackers to execute code using a gadget chain and is commonly chained with  CVE-2020-14882  (an authentication bypass vulnerability also affecting Oracle Weblogic Server) or the use of leaked, stolen, or weak credentials," Imperva  said  in a report published last week. The 8220 Gang has a history of  leveraging known security flaws  to distribute cryptojacking malware. Earlier this May, the group was spotted utilizing another shortcoming in Oracle WebLogic servers (CVE-2017-3506, CVSS score: 7.4) to rope the devices into a crypto mining botnet. Recent attack chains documented by Imperva entail t
9 Steps to Get CTEM on Your 2025 Budgetary Radar

9 Steps to Get CTEM on Your 2025 Budgetary Radar

Nov 06, 2024Threat Management / Business Continuity
Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission critical. But as cybersecurity professionals, we understand that the rollout of a viable CTEM ( Continuous Threat Exposure Management ) program actually is . In any year, cybersecurity investments are tough budgetary sells – they're hard to quantify and don't always clearly drive revenues or cut costs. In today's belt-tightening climate, all the more so. Even though cybersecurity budgets will likely grow this year according to Forrester, it's still important to make sure today that CTEM doesn't slip down the budget priority list.  In this article, we'll discuss how to keep CTEM on the budgetary radar. But First – Here are Some Reasons Why CTEM is Objectiv
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources