#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Malware attack | Breaking Cybersecurity News | The Hacker News

Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks

Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks
Sep 08, 2020
Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. "The emails contain malicious attachments or links that the receiver is encouraged to download," New Zealand's Computer Emergency Response Team (CERT) said. "These links and attachments may look like genuine invoices, financial documents, shipping information, resumes, scanned documents, or information on COVID-19, but they are fake." Echoing similar concerns, Japan's CERT (JPCERT/CC) cautioned it found a rapid increase in the number of domestic domain (.jp) email addresses that have been infected with the malware and can be misused to send spam emails in an attempt to spread the infection further. First identified in 2014 and distributed by a threat group tracked as TA542 (or Mummy Spider), Emotet has since evolved from its original roots as a s

Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware

Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware
Aug 26, 2020
Hackers always find a way in, even if there's no software vulnerability to exploit. The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's computer network manually. Egor Igorevich Kriuchkov , 27-year-old, entered the United States as a tourist and was arrested in Los Angeles after meeting with the unnamed employee of an undisclosed Nevada-based company numerous times, between August 1 to August 21, to discuss the conspiracy. "On or about July 16, EGOR IGOREVICH KRIUCHKOV used his WhatsApp account to contact the employee of victim company and arranged to visit in person in the District of Nevada," the court documents say. "On or about July 28, EGOR IGOREVICH KRIUCHKOV entered the United States using his Russian Passport and a B1/B2 tourist visa." Kriuchkov also asked the employee to participate in

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage
Aug 26, 2020
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab discovered yet another instance of an espionage attack targeting an unnamed international architectural and video production company that had all the hallmarks of a carefully orchestrated campaign. "The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," Bitdefender researchers said in a report released today. "The investigation also found that the Command and Control infrastructure used by the cybercriminal group to test their malicious payload against the organization's security solution, is located in South Korea." Although there have been previous instances of APT mercenary gr

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Hackers Target Defense Contractors' Employees By Posing as Recruiters

Hackers Target Defense Contractors' Employees By Posing as Recruiters
Aug 20, 2020
The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed ' BLINDINGCAN ,' the advanced remote access trojan acts as a backdoor when installed on compromised computers. According to the FBI and CISA, North Korean state-sponsored hackers Lazarus Group , also known as Hidden Cobra , are spreading BLINDINGCAN to "gather intelligence surrounding key military and energy technologies." To achieve this, attackers first identify high-value targets, perform extensive research on their social and professional networks, and then pose as recruiters to send malicious documents loaded with the malware, masquerading as job advertisements and offerings. However, such employment scams and social engineering strategies are not new and were recently spotted being used in

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Aug 19, 2020
Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020. Called " FritzFrog ," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today. "With its decentralized infrastructure, it distributes control among all its nodes," Guardicore 's Ophir Harpaz said. "In this network with no single point-of-failure, peers constantly communicate with each other to keep the network alive, resilient and up-to-date." In addition to implementing a proprietary P2P protocol that's been written from scratch, the communications are done over an encrypted channel, with the malware capable of creating a backdoor on victim systems that grants continued access fo

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware
Aug 17, 2020
Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits that you read about are good news for attackers and bad news for the rest of us," Binary Defense's James Quinn said. "However, it's important to keep in mind that malware is software that can also have flaws. Just as attackers can exploit flaws in legitimate software to cause harm, defenders can also reverse-engineer malware to discover its vulnerabilities and then exploit those to defeat the malware." The kill-switch was alive between February 6, 2020, to August 6, 2020, for 182 days, before the malware authors patched their malware and closed the vulnerability. Since its first identification in 2014, Emotet has evolved from its initial roots as a banking

US Government Warns of a New Strain of Chinese 'Taidoor' Virus

US Government Warns of a New Strain of Chinese 'Taidoor' Virus
Aug 04, 2020
Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named " Taidoor, " the malware has done an 'excellent' job of compromising systems as early as 2008 , with the actors deploying it on victim networks for stealthy remote access. "[The] FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation," the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) said in a joint advisory . The US Cyber Command has also uploaded four samples of the Taidoor RAT on the public malware repository VirusTotal to let 50+ Antivirus companies check the virus's involvement in other unattributed cam

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs
Jul 28, 2020
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. Docker is a popular platform-as-a-service (PaaS) solution for Linux and Windows designed to make it easier for developers to create, test, and run their applications in a loosely isolated environment called a container. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware. While the Ngrok mining botnet is active for the past two years, the new campaign is primarily focused on taking control over misconfigured Docker servers and exploiting them to set up malicious containers with cryptominers running on the victims' infrastructu

Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack

Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack
Jul 24, 2020
Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The Hacker News on condition of anonymity. The company's website and the Twitter account say, "We are currently experiencing an outage that affects Garmin.com and Garmin Connect." "This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience." As a result, the company yesterday was forced to temporarily shut down some of its connected services, including Garmin Express, Garmin Connect mobile, and the website—restricting millions of its users from accessing the cloud services or even syncing their watches locally to the app. Though not much information is available on tech

North Korean Hackers Spotted Using New Multi-Platform Malware Framework

North Korean Hackers Spotted Using New Multi-Platform Malware Framework
Jul 23, 2020
Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors' reference to the infrastructure as "MataNet" — comes with a wide range of features designed to carry out a variety of malicious activities on infected machines. The MATA campaign is said to have begun as early as April of 2018, with the victimology traced to unnamed companies in software development, e-commerce and internet service provider sectors situated in Poland, Germany, Turkey, Korea, Japan, and India, cybersecurity firm Kaspersky said in its Wednesday analysis. The report offers a comprehensive look at the MATA framework, while also building on previous evidence gathered by researche

4 Dangerous Brazilian Banking Trojans Now Trying to Rob Users Worldwide

4 Dangerous Brazilian Banking Trojans Now Trying to Rob Users Worldwide
Jul 15, 2020
Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe. Collectively called the "Tetrade" by Kaspersky researchers, the malware families — comprising Guildma, Javali, Melcoz, and Grandoreiro — have evolved their capabilities to function as a backdoor and adopt a variety of obfuscation techniques to hide its malicious activities from security software. "Guildma, Javali, Melcoz and Grandoreiro are examples of yet another Brazilian banking group/operation that has decided to expand its attacks abroad, targeting banks in other countries," Kaspersky said in an analysis . "They benefit from the fact that many banks operating in Brazil also have operations elsewhere in Latin America and Europe, making it easy to extend their attacks against customers of these financial institutions." A Multi-Stage Malware Deployment Process

New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers

New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers
Jun 04, 2020
A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics, and procedures in attacks against government agencies in Vietnam, Thailand, and Laos. "One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data," Kaspersky said. "This may suggest Cycldek is trying to reach air-gapped networks in victim environments or relies on physical presence for the same purpose." First observed by CrowdStrike in 2013, Cycldek has a long history of singling out defense, energy, and government sectors in Southeast Asia, particularly Vietnam, using decoy documents th

Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies

Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies
Apr 30, 2020
In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed ' PerSwaysion ,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted phishing attacks. According to a report Group-IB Threat Intelligence team published today and shared with The Hacker News, PerSwaysion operations attacked executives of more than 150 companies around the world, primarily with businesses in finance, law, and real estate sectors. "Among these high-ranking officer victims, more than 20 Office365 accounts of executives, presidents, and managing directors appeared." So far successful and still ongoing, most PerSwaysion operations were orchestrated by scammers from Nigeria and South Africa who used a Vue.js JavaScript framewor

New Android Malware Steals Banking Passwords, Private Data and Keystrokes

New Android Malware Steals Banking Passwords, Private Data and Keystrokes
Apr 30, 2020
A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase. "EventBot is particularly interesting because it is in such early stages," the researchers said. "This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications." The campaign, first identified in March 2020, masks its malicious intent by posing as legitimate applications (e.g., Adobe Fl

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository
Apr 16, 2020
As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to compromise their computers or backdoor software projects they work on. In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over 700 malicious gems — packages written in Ruby programming language — that supply chain attackers were caught recently distributing through the RubyGems repository. The malicious campaign leveraged the typosquatting technique where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead. ReversingLabs said the typosquatted packages in question were uploaded to RubyGems between February 16 and February 25, and that most of them have been designed to secretly steal funds by r

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
Apr 01, 2020
Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers. Named " Vollgar " after the Vollar cryptocurrency it mines and its offensive "vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet. Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey. Thankfully for those concerned, researchers have also released a script to let sysadmins detect if any of their Windows MS-SQL servers have been
Cybersecurity Resources