#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Incident response | Breaking Cybersecurity News | The Hacker News

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

Mar 14, 2024 Ransomware / Cyber Crime
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev , an Ontario resident, was  originally arrested  in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with doing so." News of Vasiliev's jail term was  first reported  by CTV News.  The defendant, who had his home searched by Canadian law enforcement authorities in August and October 2022, is said to have kept a list of "prospective or historical" victims and screenshots of communications exchanged with "LockBitSupp" on the Tox messaging platform. The raid also uncovered a text file with instructions to deploy LockBit ransomware, the ransomware source code, and a control panel used by the e-crime group to deliver the file-locking malware.
4 Instructive Postmortems on Data Downtime and Loss

4 Instructive Postmortems on Data Downtime and Loss

Mar 01, 2024 Data Security / Disaster Recovery
More than a decade ago, the concept of the  'blameless'  postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: "One option is to assume the single cause is incompetence and scream at engineers to make them 'pay attention!' or 'be more careful!' Another option is to take a hard look at how the accident actually happened, treat the engineers involved with respect, and learn from the event." What can we, in turn, learn from some of the most honest and blameless—and public—postmortems of the last few years? GitLab: 300GB of user data gone in seconds What happened : Back in 2017, GitLab experienced a painful 18-hour outage. That story, and GitLab's subsequent honesty and transparency, has significantly impacted how organizations handle data security today. The incident began when GitLab's secondary datab
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

Feb 29, 2024 Attack Surface / Incident Response
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of your cybersecurity investments? Let's take a closer look at the trends that are impacting organizations today, including the growing reach of data breaches and the increase in cybersecurity spending, and explore how you can get the most out of your cybersecurity resources, effectively securing your digital assets and maintaining your organization's integrity in the face of ever-evolving cyber threats. Successful data breaches In 2022, the number of people affected by data breaches increased significantly. According to the  Identity Theft Resource Center's 2022 Data Breach Report , more than 1,80
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
How to Use Tines's SOC Automation Capability Matrix

How to Use Tines's SOC Automation Capability Matrix

Feb 23, 2024 SOC Automation / Security Operation
Created by John Tuckner and the team at workflow and automation platform  Tines , the  SOC Automation Capability Matrix (SOC ACM)  is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.  A customizable, vendor-agnostic tool featuring lists of automation opportunities, it's been shared and recommended by members of the security community since its launch in January 2023, notably by Airbnb engineer Allyn Stott in his BSides and Black Hat talk,  How I Learned to Stop Worrying and Build a Modern Detection & Response Program .   The SOC ACM has been compared to the MITRE ATT&CK and RE&CT frameworks, with one user saying, "it could be a standard for classification of SOAR automations, a bit like the RE&CT framework, but with more automation focus." It's been used by organizations in Fintech, Cloud Security, and beyond, as a basis for assessing and optimizing their securi
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

Feb 20, 2024 Malware / Supply Chain Security
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called  DLL side-loading  to circumvent detection by security software and run malicious code. The packages, named  NP6HelperHttptest  and  NP6HelperHttper , were each downloaded  537  and  166 times , respectively, before they were taken down. "The latest discovery is an example of DLL sideloading executed by an open-source package that suggests the scope of software supply chain threats is expanding," ReversingLabs researcher Petar Kirhmajer  said  in a report shared with The Hacker News. The name NP6 is notable as it refers to a legitimate marketing automation solution made by ChapsVision. In particular, the fake packages are typosquats of NP6HelperHttp and NP6HelperConfig, which are helper tools published by one of ChapsVision's employees to PyPI. In other words, the goal is to trick developers searching for NP6Hel
Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

Feb 20, 2024 Webinar / Incident Response
In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory.  When organizations have no response plan in place for such an attack, it can become overwhelming attempting to prioritize the next steps that will have a compounding impact on the threat actor's ability to retain access to and control over a compromised network. Silverfort's threat research team interacted closely with the identity threats used by Scattered Spider. and in fact, built a response playbook in real time to respond to an active Scattered Spider attack. This webinar will dissect the real-life scenario in which they were called upon to build and execute a response plan while attackers were moving inside an organization's hybrid environme
Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures

Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures

Feb 13, 2024 Vulnerability / Cyber Threat
Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed  DSLog  on susceptible devices. That's according to  findings  from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code. CVE-2024-21893, which was  disclosed  by Ivanti late last month alongside CVE-2024-21888, refers to a server-side request forgery (SSRF) vulnerability in the SAML module that, if successfully exploited, could permit access to otherwise restricted resources sans any authentication. The Utah-based company has since acknowledged that the flaw has limited targeted attacks, although the exact scale of the compromises is unclear. Then, last week, the Shadowserver Foundation  revealed  a surge in exploitation attempts targeting the vulnerability originating from over 170 unique IP addresses, shortly after both
Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

Feb 12, 2024 Threat Intelligence / Cyber Resilience
Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you're still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely the pinpointing of compromised user accounts that were used to spread in your network - unfortunately remains unattended. This task proves to be the most time-consuming for IR teams and has become a challenging uphill battle that enables attackers to earn precious time in which they can still inflict damage.  In this article, we analyze the root cause of the identity of IR blind spots and provide sample IR scenarios in which it acts as an inhibitor to a rapid and efficient process. We then introduce Silverfort's Unified Identity Protection Platform and show how its real-time MFA and ident
New Webinar: 5 Steps to vCISO Success for MSPs and MSSPs

New Webinar: 5 Steps to vCISO Success for MSPs and MSSPs

Feb 07, 2024 Risk Management / Cybersecurity
2024 will be the year of the vCISO. An incredible 45% of MSPs and MSSPs are  planning to start offering  vCISO services in 2024. As an MSP/MSSP providing vCISO services, you own the organization's cybersecurity infrastructure and strategy. But you also need to position yourself as a reliable decision-maker, navigating professional responsibilities, business needs and leadership requirements. A  new webinar by Cynomi , vCISO platform leader, hosting CISO and vCISO veteran Jesse Miller from PowerPSA Consulting, provides MSPs and MSSPs with an effective 100-day plan to build themselves up for success. The webinar provides a tangible five-step 100-day action plan that any MSP/MSSP can follow when they engage with a new vCISO client. It also provides guidance on vCISO goals and pitfalls to avoid. By watching the webinar, you can position yourself as a strategic and long-term partner for your clients. They will see you as capable of driving security transformation and managing security con
Combined Security Practices Changing the Game for Risk Management

Combined Security Practices Changing the Game for Risk Management

Feb 05, 2024 Data Protection / Threat Intelligence
A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority will shout alerts at the customer as and when they become apparent and cause great stress in the process. The issue being that by using a reactive, rather than proactive approach, many risks just sit there, dormant, until an emergency happens.  'Dealing with SOC Operations for more than a decade, I have seen nearly 60 percent of SOC Incidents are repeat findings that keep re-surfacing due to underlying unmitigated Risks. Here the actors may be different, however the risk is mostly the same. This is causing significant alert fatigue.' – Deodatta Wandhekar, Head of Global SOC, SecurityHQ. Combining Frameworks and Best Practices These risks can be prevented. A platform that combines the best practices of multiple frameworks is the solution to tackle this issue.  What is NIST?
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

Jan 30, 2024 Vulnerability / Network Security
Juniper Networks has released out-of-band updates to  address high-severity flaws  in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as  CVE-2024-21619 and CVE-2024-21620 , are rooted in the J-Web component and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and CVE-2023-36851, were  previously disclosed  by the company in August 2023. CVE-2024-21619  (CVSS score: 5.3) - A missing authentication vulnerability that could lead to exposure of sensitive configuration information CVE-2024-21620  (CVSS score: 8.8) - A cross-site scripting (XSS) vulnerability that could lead to the execution of arbitrary commands with the target's permissions by means of a specially crafted request Cybersecurity firm watchTowr Labs has been  credited  with discovering and reporting the issues. The two vulnerabilities have been addressed in the following versions - CVE-2024-21619  - 20.
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

Jan 25, 2024 Threat Intelligence / Malware Research
A new Go-based malware loader called  CherryLoader  has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims into installing it. "CherryLoader was used to drop one of two privilege escalation tools,  PrintSpoofer  or  JuicyPotatoNG , which would then run a batch file to establish persistence on the victim device," researchers Hady Azzam, Christopher Prest, and Steven Campbell  said . In another novel twist, CherryLoader also packs modularized features that allow the threat actor to swap exploits without recompiling code. It's currently not known how the loader is distributed, but the attack chains examined by the cybersecurity firm show that CherryLoader ("cherrytree.exe") and i
Cybersecurity Resources