#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Information security | Breaking Cybersecurity News | The Hacker News

Category — Information security
Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

Oct 29, 2024 Cybercrime / Malware
The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer . The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and Australia. Eurojust, in a statement published today, said the operation led to the shut down of three servers in the Netherlands and the confiscation of two domains (fivto[.]online and spasshik[.]xyz). In total, over 1,200 servers in dozens of countries are estimated to have been used to run the malware. As part of the efforts, one administrator has been charged by the U.S. authorities and two people have been arrested by the Belgian police, the Politie said , adding one of them has since been released, while the other remains in custody. The U.S. Department of Justice (DoJ) has charge
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

Oct 28, 2024 Cloud Security / Cyber Attack
A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said . "Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda's signature malware framework." The use of the .NET-based malware tool, per the Slovak cybersecurity company, was detected between May 2022 and February 2023. It incorporates 10 different modules, written in C#, out of which three are meant for stealing data from Google Drive, Gmail, and Outlook. The purpose of the remaining modules remains unknown. Evasive Panda, also tracked as Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that has a track record of striking various entitie
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Oct 23, 2024Identity Security / Data Protection
Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point.  Identity security is more than just provisioning access  The conventional view of viewing identity security as primarily concerned with provisioning and de-provisioning access for applications and services, often in a piecemeal manner, is no longer sufficient. This view was reflected as a broad theme in the Permiso Security State of Identity Security Report (2024) , which finds that despite growing levels of confidence in the ability to identify security risk, nearly half of organizations (45%) remain "concerned" or "extremely concerned" about their current tools being able to detect and protect against identity security attacks.  The Permiso commissioned survey conducted o
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Oct 18, 2024 Threat Intelligence / Phishing Attack
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. "This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems," French cybersecurity company Sekoia said in a report shared with The Hacker News. Variations of the ClickFix (aka ClearFake and OneDrive Pastejacking) campaign have been reported widely in recent months , with threat actors employing different lures to redirect users to bogus pages that aim to deploy malware by urging site visitors to run an encoded PowerShell code to address a supposed issue with displaying content in the web browser. These pages are known to masquerade as popular online services, including Facebook, Google Chrome, PDFSimpli, and reCAPTCHA, and now Google Meet as well as potentially Zoom - meet.googl
cyber security

How To Comply With The Cyber Insurance MFA Checklist

websiteSilverfortCyber Insurance / Authentication
Learn how to comply with the checklist of resources requiring MFA coverage in cyber insurance policies.
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Oct 10, 2024 Vulnerability / Enterprise Security
Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441 , carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck . "A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary command," SSD Disclosure said in an advisory for the flaw released late last month, stating the vendor has yet to provide a fix or a workaround. The flaw impacts the following versions of Nortek Linear eMerge E3 Access Control: 0.32-03i, 0.32-04m, 0.32-05p, 0.32-05z, 0.32-07p, 0.32-07e, 0.32-08e, 0.32-08f, 0.32-09c, 1.00.05, and 1.00.07. Proof-of-concept (PoC) exploits for the flaw have been released following public disclosure, raising concerns that it could be exploited by threat actors. It's worth noting
Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday

Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday

Oct 08, 2024 Cyber Warfare / Cyber Espionage
Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters . The incident took place on the night of October 7, VGTRK confirmed , describing it as an "unprecedented hacker attack." However, it said "no significant damage" was caused and that everything was working normally despite attempts to interrupt radio and TV broadcasts. That said, Russian media outlet Gazeta.ru reported that the hackers wiped "everything" from the company's servers, including backups, citing an anonymous source. A source told Reuters that "Ukrainian hackers 'congratulated' Putin on his birthday by carrying out a large-scale attack on the all-Russian state television and radio broadcasting company." The attack is believed to be the work of a pro-Ukrainian hacker group called Sudo rm-RF . The Russian government has since said an investi
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

Oct 01, 2024 Cryptocurrency / Threat Intelligence
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in cryptocurrencies," Recorded Future's Insikt Group said in an analysis of version 0.7.0 of the malware. "The malware can recognize seed phrase images on the client side and send them back to the command-and-control (C2) server for further exploitation." First discovered in the wild in September 2022, Rhadamanthys has emerged as one of the most potent information stealers that are advertised under the malware-as-a-service (MaaS) model, alongside Lumma and others. The malware continues to have an active presence despite suffering bans from underground forum
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Oct 01, 2024 Generative AI / Data Protection
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security concerns, many have been forced to choose between unrestricted GenAI usage to banning it altogether. A new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to help organizations navigate the challenges of GenAI usage in the workplace. The guide offers practical steps for security managers to protect sensitive corporate data while still reaping the productivity benefits of GenAI tools like ChatGPT. This approach is intended to allow companies to strike the right balance between innovation and security. Why Worry About ChatGPT? The e
Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar

Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar

Sep 26, 2024 Threat Detection / IT Security
Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats. It's time for a change. It's time to reclaim control. Join Zuri Cortez and Seth Geftic for an insightful webinar as they navigate the complexities of " Solving the SIEM Problem: A Hard Reset on Legacy Solutions ."  They'll share insider knowledge, battle-tested strategies, and a clear path to taming the SIEM beast in this informative session. Here's what we'll cover: SIEM 101: A quick refresher on what SIEM is, why it's important, and the challenges it faces today The Problem with Legacy SIEM: We'll pull back the curtain and reveal why traditional solutions are struggl
Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

Sep 26, 2024 Cyber Espionage / Mobile Security
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022. The strategic web compromises are designed to deliver four different variants of an information-stealing framework, it added. "These ranged from the simplest, which merely stole the user's location, to more complex ones that recorded images from the selfie camera and led selected users to install a malicious APK, i.e an application used on Android," security researchers Felix Aimé and Maxime A said in a Wednesday report. Targeted websites include Kurdish press and media, Rojava administration and its armed forces, those related to revolutionary far-left political parties, and organizatio
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Sep 25, 2024 Email Security / Threat Intelligence
Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many as 15 breached email accounts have been identified as used as part of the campaign. It's currently not clear how these accounts are infiltrated in the first place or who is behind the attacks. "Activity which occurred from May to July 2024 predominately delivered Lumma Stealer, StealC, or NetSupport," the enterprise security firm said in an analysis published Tuesday. "In August 2024, the threat actor changed tactics by employing new infrastructure and a new delivery technique, as well as adding payloads to deliver DanaBot and Arechclient2." The attack chains invol
DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

Sep 11, 2024 Network Security / Cyber Espionage
A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. "DragonRank exploits targets' web application services to deploy a web shell and utilizes it to collect system information and launch malware such as PlugX and BadIIS, running various credential-harvesting utilities," security researcher Joey Chen said . The attacks have led to compromises of 35 Internet Information Services ( IIS ) servers with the end goal of deploying the BadIIS malware, which was first documented by ESET in August 2021. It's specifically designed to facilitate proxy ware and SEO fraud by turning the compromised IIS server into a relay point for mal
New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers

New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers

Sep 10, 2024 Data Security / Malware
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and exfiltrating sensitive information by taking advantage of the noise generated by pixels on an LCD screen. "Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz," Dr. Mordechai Guri , the head of the Offensive Cyber Research Lab in the Department of Software and Information Systems Engineering at the Ben Gurion University of the Negev in Israel, said in a newly published paper. "The malicious code exploits the sound generated by coils and capacitors to control the frequencies emanating from the screen. Acoustic signals can encode and transmit sensitive information." The attack is notable in that it doesn't require any specialized audio hardware, loudspeaker, or internal speaker on the compromised computer, instead relying on the LCD screen to gene
One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

Sep 09, 2024 Data Protection / Threat Detection
The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response , and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous third-party risk to the mix. The world of cybersecurity is in a constant state of flux, with cybercriminals becoming increasingly sophisticated in their tactics. In response, organizations are investing heavily in cybersecurity tools, hoping to build an impenetrable fortress around their digital assets. However, the belief that adding "just one more cybersecurity tool" will magically fix your attack surface and enhance your protection is a dangerous misconception. The limitations of cybersecurity tools Cybersecurity tools, while essential, have inherent limitations. They are designe
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

Sep 03, 2024 Ransomware / Malware
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which allows the attacker to execute arbitrary code on the system via a specially prepared archive. This approach allows the group to deliver and disguise the malicious payload more effectively." Head Mare, active since 2023, is one of the hacktivist groups attacking Russian organizations in the context of the Russo-Ukrainian conflict that began a year before. It also maintains a presence on X , where it has leaked sensitive information and internal documentation from victims. Targets of the group's attacks include governments, transportation, energy, manufacturing,
New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

Aug 30, 2024 Cyber Espionage / Threat Intelligence
Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report. The covert campaign, codenamed SLOW#TEMPEST and not attributed to any known threat actor, commences with malicious ZIP files that, when unpacked, activates the infection chain, leading to the deployment of the post-exploitation toolkit on compromised systems. Present with the ZIP archive is a Windows shortcut (LNK) file that disguises itself as a Microsoft Word file, "违规远程控制软件人员名单.docx.lnk," which roughly translates to "List of people who violated the remote control software regulations." "Given the language used in the lure files, it's likely th
Expert Insights / Articles Videos
Cybersecurity Resources