#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Phishing | Breaking Cybersecurity News | The Hacker News

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

May 11, 2024 Malvertising / Malware
The financially motivated threat actor known as  FIN7  has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of  NetSupport RAT . "The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet," cybersecurity firm eSentire  said  in a report published earlier this week. FIN7 (aka Carbon Spider and Sangria Tempest) is a  persistent e-crime group  that's been active since 2013, initially dabbling in attacks targeting point-of-sale (PoS) devices to steal payment data, before pivoting to breaching large firms via ransomware campaigns. Over the years, the threat actor has refined its tactics and cyber weapon arsenal, adopting  various   custom malware  families such as BIRDWATCH, Carbanak, DICELOADER (aka Lizar and Tirion), POWERPLANT, POWERTRASH, and TERMITE, amo
The Definitive Enterprise Browser Buyer's Guide

The Definitive Enterprise Browser Buyer's Guide

Jan 02, 2024 Browser Security / Threat Protection
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore, more and more security teams are now turning to the emerging category of purpose-built enterprise browsers as the answer to the browser's security challenges. However, as this security solution category is still relatively new, there is not yet an established set of browser security best practices, nor common evaluation criteria.  LayerX, the User-First Enterprise Browser Extension, is addressing security teams' need with the downable  Enterprise Browser Buyer's Guide , which guides its readers through the essentials of choosing the best solution and provides them with an actionable
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

Dec 27, 2023 Privacy / App Security
A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed  Xamalicious  by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives. It's also capable of gathering metadata about the compromised device and contacting a command-and-control (C2) server to fetch a second-stage payload, but only after determining if it fits the bill. The second stage is "dynamically injected as an assembly DLL at runtime level to take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing apps, among other actions financially motivated without user consent," security researcher Fernando Ruiz  said . The cybersecurity firm said it identified 25 apps that come with this active thr
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
New Guide: How to Scale Your vCISO Services Profitably

New Guide: How to Scale Your vCISO Services Profitably

May 09, 2024vCISO / Regulatory Compliance
Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A  v CISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business and bottom line. MSPs and MSSPs that expand their offerings and provide vCISO services will cater to SME requirements and concerns. By answering this market gap, they can grow their customer base as well as upsell to existing clients. This will lead to recurring revenue and increased profitability. Developing and scaling vCISO services requires a well-thought-out plan. This will help guide you through the required processes, anticipate and overcome challenges and optimize resource use. To aid you, we introduce a comprehensive and actionable  guide: "How to Scale Your vCISO Services Profitably" . The guide was developed based on the experience of industry leader  Cynom i, who has helped hun
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

Dec 22, 2023 Malware / Cyber Attack
The threat actor known as  UAC-0099  has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine," cybersecurity firm Deep Instinct  said  in a Thursday analysis. UAC-0099 was  first documented  by the Computer Emergency Response Team of Ukraine (CERT-UA) in June 2023, detailing its attacks against state organizations and media entities for espionage motives. The attack chains leveraged phishing messages containing HTA, RAR, and LNK file attachments that led to the deployment of  LONEPAGE , a Visual Basic Script (VBS) malware that's capable of contacting a command-and-control (C2) server to retrieve additional payloads such as keyloggers, stealers, and screenshot malware. "During 2022-2023, the mentioned group received unauthorized remote access to several dozen computer
3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

Dec 20, 2023 Financial Crime / Cyber Threat
A six-month-long international police operation codenamed  HAECHI-IV  has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as voice phishing, romance scams, online sextortion, investment fraud, money laundering associated with illegal online gambling, business email compromise fraud, and e-commerce fraud. In addition, authorities froze associated bank and virtual asset service provider (VASP) accounts in an effort to shut off access to criminal proceeds. In total, authorities blocked 82,112 suspicious bank accounts, confiscating $199 million in hard currency and $101 million in virtual assets. "Cooperation between Filipino and Korean authorities led to the arrest in Manila of a high-profile online gambling criminal after a two-year manhunt by Korea's National Police Agency," Interpol, an internation
Are We Ready to Give Up on Security Awareness Training?

Are We Ready to Give Up on Security Awareness Training?

Dec 19, 2023 Cybersecurity Training / IT Security
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace. Besides, social engineering remains one of the most prevalent attacks, followed by a successful data breach.  Microsoft found  that a popular form of video-based training reduces phish-clicking behavior by about 3%, at best. This number has been stable over the years, says Microsoft, while phishing attacks are increasing yearly.  Regardless, organizations have faith in training and tend to increase their security investments in employee training after attacks. It comes second in the priority list for 51% of organizations, right after incident response planning and testing, according to the IBM Security  "Cost of the Data Breach Report 2023" .  So, wh
Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network

Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network

Dec 14, 2023 Cybercrime / Threat intelligence
Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting the operators millions of dollars in illicit revenue. "Fraudulent online accounts act as the gateway to a host of cybercrime, including mass phishing, identity theft and fraud, and distributed denial-of-service (DDoS) attacks," Amy Hogan-Burney, the company's associate general counsel for cybersecurity policy and protection,  said . These cybercrime-as-a-service (CaaS) offerings, per Redmond, are designed to get around identity verification software across various technology platforms and help minimize the efforts needed to conduct malicious activities online, including phishing, spamming, ransomware, and fraud, effectively lowering the barriers to entry for attackers. Multiple threat actors,
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

Dec 12, 2023 Cyber Espionage / Malware
The Russian nation-state threat actor known as  APT28  has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and TA422. "The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers," security researchers Golo Mühr, Claire Zaboeva, and Joe Fasulo  said . "ITG05's infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign." Targets of the campaign include Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia, and Romania
New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam

New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam

Dec 12, 2023 Cryptocurrency / Cyber Attack
A phishing campaign has been observed delivering an information stealer malware called  MrAnon Stealer  to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin  said . "MrAnon Stealer steals its victims' credentials, system information, browser sessions, and cryptocurrency extensions." There is evidence to suggest that Germany is the primary target of the attack as of November 2023, owing to the number of times the downloader URL hosting the payload has been queried. Masquerading as a company looking to book hotel rooms, the phishing email bears a PDF file that, upon opening, activates the infection by prompting the recipient to download an updated version of Adobe Flash. Doing so results in the execution of .NET executables and PowerShell scripts to ultimately run a pernicious Python script, which i
Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

Dec 09, 2023 Malware / Cyberattack
Threat hunters have unmasked the latest tricks adopted by a malware strain called  GuLoader  in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs researcher Daniel Stepanic  said  in a report published this week. First spotted in late 2019, GuLoader (aka CloudEyE) is an advanced shellcode-based malware downloader that's used to distribute a wide range of payloads, such as information stealers, while incorporating a bevy of sophisticated anti-analysis techniques to dodge traditional security solutions. A  steady stream  of  open-source reporting  into the malware in recent months has revealed the threat actors behind it have continued to improve its ability to bypass existing or new security features alongside other implemented fe
Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'

Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'

Dec 07, 2023 Social Engineering / Cyber Threat
Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human qualities, sharpening their skills to manipulate biases and emotional triggers with the objective of influencing human behaviour to compromise security whether it be personal and organisational security.  More than just a 'human factor' Understanding what defines our humanity, recognizing how our qualities can be perceived as vulnerabilities, and comprehending how our minds can be targeted provide the foundation for identifying and responding when we inevitably become the target. The human mind is a complex landscape that evolved over years of exposure to the natural environment, interactions with others, and lessons drawn from past experiences. As humans, our minds set us apart, marke
New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace

New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace

Dec 05, 2023 Cyber Espionage / Threat Analysis
A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as  AeroBlade . Its origin is currently unknown and it's not clear if the attack was successful. "The actor used spear-phishing as a delivery mechanism: A weaponized document, sent as an email attachment, contains an embedded remote template injection technique and a malicious VBA macro code, to deliver the next stage to the final payload execution," the company  said  in an analysis published last week. The network infrastructure used for the attack is said to have gone live around September 2022, with the offensive phase of the intrusion occurring nearly a year later in July 2023, but not before the adversary took steps to improvise its toolset to make it more stealthy in the intervening time perio
New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

Dec 01, 2023 Mobile Security / Banking Security
Cybersecurity researchers have disclosed a new sophisticated Android malware called  FjordPhantom  that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app security firm Promon  said  in an analysis published Thursday. Propagated mainly via email, SMS, and messaging apps, attack chains trick recipients into downloading a purported banking app that comes fitted with legitimate features but also incorporates rogue components. Victims are then subjected to a social engineering technique akin to telephone-oriented attack delivery ( TOAD ), which involves calling a bogus call center to receive step-by-step instructions for running the app. A key characteristic of the malware that sets it apart from other banking trojans of its kind is the use of
Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Nov 30, 2023 Machine Learning / Email Security
Google has revealed a new multilingual text vectorizer called  RETVec  (short for Resilient and Efficient Text Vectorizer) to  help detect  potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more," according to the  project's description  on GitHub. "The RETVec model is trained on top of a novel character encoder which can encode all UTF-8 characters and words efficiently." While huge platforms like Gmail and YouTube rely on text classification models to spot phishing attacks, inappropriate comments, and scams, threat actors are known to devise counter-strategies to bypass these defense measures. They have been observed resorting to adversarial text manipulations, which range from the use of homoglyphs to keyword stuffing to invisible characters. RETVec , which works on over 100 languages o
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Nov 30, 2023 Cryptocurrency / Cyberattacks
Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a  major revenue generation mechanism  since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime's ruling elite and its highly trained cadre of computer science professionals have privileged access to new technologies and information," cybersecurity firm Recorded Future  said  in a report shared with The Hacker News. "The privileged access to resources, technologies, information, and sometimes international travel for a small set of selected individuals with promise in mathematics and computer science equips them with the necessary skills for conducting cyber attacks against the cryptocurrency industry." The disclosure comes as the U.S. Treasury Department  imp
Cybersecurity
Expert Insights
Cybersecurity Resources