Malware Detection | Breaking Cybersecurity News | The Hacker News

A new cyber attack campaign has been observed using spurious  MSIX  Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed  GHOSTPULSE . "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic Security Labs researcher Joe Desimone  said  in a technical report published last week. "However, MSIX requires access to purchased or stolen code signing certificates making them viable to groups of above-average resources." Based on the installers used as lures, it's suspected that potential targets are  enticed  into downloading the MSIX packages through known techniques such as compromised websites, search engine optimization (SEO) poisoning, or malvertising. Launching the MSIX file opens a Windows prompting the users to click the Install button, doing so which res

One new security technology we keep hearing about is Extended Detection and Response (XDR). This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don't need to purchase, integrate, and manage various control and integration technologies. Think of XDR as prepackaged EDR, NTA, UEBA (and perhaps other prevention and detection) technologies all tightly integrated on a SOAR-like platform. Of course, you don't need SOAR technology with XDR as the entire platform is integrated and orchestrated out of the box. In Gartner's recently published Top 9 Security and Risk Trends for 2020 , XDR was listed first. Cybersecurity company Cynet just released an interesting XDR eBook [ Download it here ] that provides an excellent primer on this promising new technology. According to Cynet, the expense and issues involved with combining multiple siloed control technologies usually make an effort n

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like  DataSpii  and the  Nigelthorn  malware attack have exposed the extent of damage that malicious extensions can inflict. In both cases, users innocently installed extensions that compromised their privacy and security. The underlying issue lies in the permissions granted to extensions. These permissions, often excessive and lacking granularity, allow attackers to exploit them. What can organizations do to protect themselves from the risks of browser extensions without barring them from use altogether (an act that would be nearly impossible to enforce)?  A new report by LayerX, "Unveiling the

Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly roaming the web in search of their next big score. Every manner of sensitive information, such as confidential employee records, customers' financial data, protected medical documents, and government files, are all subject to their relentless threats to cybersecurity . Solutions span a broad spectrum, from training email users to ensuring a VPN kill switch is in place, to adding extensive advanced layers of network protection. To successfully guard against severe threats from hackers, worm viruses to malware, such as botnet attacks, network managers need to use all tools and methods that fit well into a comprehensive cyber defense strategy. Of all the menaces mentioned above to a website owner's peace of mind, botnets arguably present the most unsettling form of security risk. They're not the mere achievements of malicious amateur cybercriminals. They're state

Cybersecurity isn't easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy. However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to detect and block those threats. Rinse and repeat. Cybersecurity isn't easy, and there is no magic solution, but there are a handful of things you can do that will greatly reduce your exposure to risk and significantly improve your security posture. The right platform, intelligence, and expertise can help you avoid the vast majority of threats, and help you detect and respond more quickly to the attacks that get through. Challenges of Cybersecurity Effective cybersecurity is challenging for a variety of reasons, but the changing perimeter and the confusing variety of solution

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging , the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal Liberman and Eugene Kogan, who discovered the Process Doppelgänging attack, presented their findings today at Black Hat 2017 Security conference held in London. Process Doppelgänging Works on All Windows Versions Apparently, Process Doppelgänging attack works on all modern versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10. Tal Liberman, the head of the research team at enSilo, told The Hacker New that this malware evasion technique is similar to Process Hollowing—a method first introduced years ago by attackers to defeat the m

Iran claims to have repelled a fresh cyber attack on its industrial units in a southern province. In the last few years, various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be designed and staged by the US and Israel . A power plant and other industries in southern Iran have been targeted by the Stuxnet computer worm , an Iranian civil defense official says. Iran's news agency reported that the worm attacked the Culture Ministry's Headquarters for Supporting and Protecting Works of Art and Culture and was reportedly sent from Dallas via switches in Malaysia and Vietnam. This recent Stuxnet attack was successfully defeated, according to local Iranian civil defense chief Ali Akbar Akhavan. " We were able to prevent its expansion owing to our timely measures and the cooperation of skilled hackers ," Akhavan said. The sophisticated worm spreads via USB drives and through four previously

A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached. Today's successful targeted attacks use a combination of social engineering, malware, and backdoor activities. Nart Villeneuve and James Bennett (Senior Threat Researcher) from Trend Mirco provide an  ultimate guide for Detecting (APT) Advanced Persistent Threat activities with Network Traffic Analysis , that can be used to identify malware command-and control (C&C) communications related to these attacks, illustrating how even the most high-profile and successful attacks of the past few years could have been discovered. Paper cover Detecting Remote Access Trojans like The GhostNet, Nitro attack, RSA Breach, Taidoor campaign, Sy

The number one concern of Internet users is that a web site will keep personal information safe and secure. If you are a site owner, giving importance to security is not only for your own protection but for your users' as well. Despite you have the right to set contents to your contracts and terms of service, you still have a portion of liabilities in case your user encountered information and financial thefts as he perform activities within your website. E-commerce usually involves the processing of credit cards and sensitive customer information so security is very important. Online communities and ecommerce websites are mostly the target places of hackers. Toward this end, many users look for a website to display a third party seal as evidence of security. Using a web site seal is a good idea. But providing true web site security requires more than just a seal it also requires using several kinds of security controls managed by a security program to back the seal's p