#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Fingerprinting | Breaking Cybersecurity News | The Hacker News

Category — Fingerprinting
New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

Dec 19, 2023 Malvertising / Browser Security
The malware loader known as PikaBot is being distributed as part of a  malvertising   campaign  targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' JΓ©rΓ΄me Segura  said . The malware family, which  first   appeared  in early 2023, consists of a loader and a core module that allows it to operate as a backdoor as well as a distributor for other payloads. This  enables  the threat actors to gain unauthorized remote access to compromised systems and transmit commands from a command-and-control (C2) server, ranging from arbitrary shellcode, DLLs, or executable files, to other malicious tools such as Cobalt Strike. One of the threat actors leveraging PikaBot in its attacks is  TA577 , a prolific cybercrime threat actor that has, in the past, delivered ...
Tell Me Your Secrets Without Telling Me Your Secrets

Tell Me Your Secrets Without Telling Me Your Secrets

Nov 24, 2023 Developer Tools / API Security
The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new  HasMySecretLeaked service . They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic certificates, etc.) had found their way into public GitHub repositories. How could they comb a vast library of secrets found in publicly available GitHub repositories and their histories and compare them to your secrets without you having to expose sensitive information? This article will tell you how. First, if we were to set a bit's mass as equal to that of one electron, a ton of data would be around 121.9 quadrillion petabytes of data at standard Earth gravity or $39.2 billion billion billion US dollars in MacBook Pro storage upgrades (more than all the money in the world). So when this article claims GitGuardian scanned a "ton" of GitHub public commit data, t...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Jul 29, 2023 Data Security / Privacy
Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these APIs for their intended purpose," the company  said  in a statement. "As part of this process, you'll need to select one or more approved reasons that accurately reflect how your app uses the API, and your app can only use the API for the reasons you've selected." The APIs that  require  reasons for use relate to the following - File timestamp APIs System boot time APIs Disk space APIs Active keyboard APIs, and User defaults APIs The iPhone maker said it's making the move to ensure that such APIs are not abused by app developers to collect device signals to carry out  fingerprinting , which could be employed to  uniquely identify users  across different...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
New Attack Lets Hackers Collect and Spoof Browser's Digital Fingerprints

New Attack Lets Hackers Collect and Spoof Browser's Digital Fingerprints

Oct 25, 2021
A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system " Gummy Browsers ," likening it to a nearly 20-year-old " Gummy Fingers " technique that can impersonate a user's fingerprint biometrics.  "The idea is that the attacker 𝐴 first makes the user π‘ˆ connect to his website (or to a well-known site the attacker controls) and transparently collects the information from π‘ˆ that is used for fingerprinting purposes (just like any fingerprinting website π‘Š collects this information)," the researchers outlined. "Then, 𝐴 orchestrates a browser on his own machine to replicate and transmit the same fingerprinting information when connecting to π‘Š, fooling π‘Š to think that π‘ˆ is the one re...
Expert Insights / Articles Videos
Cybersecurity Resources