#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Threat Intelligence | Breaking Cybersecurity News | The Hacker News

Category — Threat Intelligence
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

Jan 10, 2025 Artificial Intelligence / Cybercrime
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. "Notably, FunkSec demanded unusually low ransoms, sometimes as little as $10,000, and sold stolen data to third parties at reduced prices." FunkSec launched its data leak site (DLS) in December 2024 to "centralize" their ransomware operations, highlighting breach announcements, a custom tool to conduct distributed denial-of-service (DDoS) attacks, and a bespoke ransomware as part of a ransomware-as-a-service (RaaS) model. A majority of the victims are located in the U.S., India, Italy, Brazil, Israel, Spain, and Mongolia. Check Point's analysis of the group...
 MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

Jan 09, 2025 Cybersecurity / Malware
Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan's national security and advanced technology, the agencies said . MirrorFace, also tracked as Earth Kasha, is assessed to be a sub-group within APT10. It has a track record of systematically striking Japanese entities, often leveraging tools like ANEL, LODEINFO, and NOOPDOOR (aka HiddenFace). Last month, Trend Micro revealed details of a spear-phishing campaign that targeted individuals and organizations in Japan with an aim to deliver ANEL and NOOPDOOR. Other campaigns observed in recent years have also been directed against Taiwan and India. According to NPA and NCSC, attacks mounted by MirrorF...
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Jan 07, 2025Cybersecurity / Endpoint Security
It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to celebrities lost in the past year, this article will look back at a few of cybersecurity's brightest stars that went dark in the past year.  1. Legacy Multi-Factor Authentication (MFA) Cause of Death: Compromised by sophisticated phishing, man-in-the-middle (MitM), SIM-swapping, and MFA prompt bombing attacks. The superstar of access security for more than twenty years, legacy MFA solutions enjoyed broad adoption followed by almost-universal responsibility for cybersecurity failures leading to successful ransomware attacks. These outdated solutions relied heavily on SMS or email-based codes o...
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Jan 09, 2025 Data Protection / Encryption
Ransomware isn't slowing down—it's getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection. The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join Emily Laufer , Director of Product Marketing at Zscaler, for an eye-opening session, " Preparing for Ransomware and Encrypted Attacks in 2025 " filled with practical insights and cutting-edge strategies to outsmart these evolving threats. What You'll Learn: ThreatLabz Insights: Get the latest findings from Zscaler's experts on ransomware and encrypted attacks, including the trends making the biggest impact. 2025 Predictions: Find out how ransomware groups are refining their tactics to stay one step ahead—and what you can do to stop them. Encrypted DNS Attacks: Learn how cyb...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Jan 09, 2025 Vulnerability / Threat Intelligence
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875 , refers to a carriage return line feed ( CRLF ) injection attack, paving the way for HTTP response splitting , which could then lead to a cross-site scripting (XSS) flaw. Successful exploitation of the 1-click RCE flaw permits an attacker to inject malicious inputs into HTTP response headers by introducing carriage return (\r) and line feed (\n) characters.  The flaw impacts KerioControl versions 9.2.5 through 9.4.5, according to security researcher Egidio Romano, who discovered and reported the flaw in early November 2024. The HTTP response splitting flaws have been uncovered in the following URI paths - /nonauth/addCertException.cs /nonauth/guestConfirm.cs /nonauth/expiration.cs "User input passed ...
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Jan 08, 2025 Email Security / Cybercrime
Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Sender Policy Framework (SPF) that can be used to prevent spammers from spoofing well-known domains, such measures have increasingly led them to leverage old, neglected domains in their operations. In doing so, the email messages are likely to bypass security checks that rely on the domain age as a means to identify spam. DNS threat intelligence firm Infoblox, in a new analysis shared with The Hacker News, discovered that threat actors, including Muddling Meerkat and others, have abused some of it...
Top 5 Malware Threats to Prepare Against in 2025

Top 5 Malware Threats to Prepare Against in 2025

Jan 08, 2025 Malware Analysis / Threat Intelligence
2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter right now. Lumma Lumma is a widely available malware designed to steal sensitive information. It has been openly sold on the Dark Web since 2022. This malware can effectively collect and exfiltrate data from targeted applications, including login credentials, financial information, and personal details. Lumma is regularly updated to enhance its capabilities. It can log detailed information from compromised systems, such as browsing history and cryptocurrency wallet data. It can be used to install other malicious software on infected devices. In 2024, Lumma was distributed through various methods...
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

Jan 02, 2025 Cloud Security / Threat Intelligence
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS CHOLLIMA exemplify the use of cross-domain tactics, leveraging advanced techniques to exploit security gaps across interconnected environments.  The foundation of these attacks is built around the exploitation of legitimate identities. Today's adversaries no longer "break in"; they "log in" – leveraging compromised credentials to gain access and blend seamlessly into their targets. Once inside, they exploit legitimate tools and processes, making them difficult to detect as they pivot across domains and escalate privileges. The Current State of Identity Security The rise in cross-domain...
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

Dec 28, 2024 Vulnerability / Threat Intelligence
A high-severity flaw impacting select Four-Faith industrial routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it only works if the remote attacker is able to successfully authenticate themselves. However, if the default credentials associated with the routers have not been changed, it could result in unauthenticated OS command execution. In the attack detailed by VulnCheck, the unknown threat actors have been found to leverage the router's default credentials to trigger exploitation of CVE-2024-12856 and launch a reverse shell for persistent remote access. The exploitation attempt originated from the IP address 178.215.238[.]91 , which has been previously used in connection with attacks seeking to...
Top 10 Cybersecurity Trends to Expect in 2025

Top 10 Cybersecurity Trends to Expect in 2025

Dec 23, 2024 Cybersecurity / Threat Intelligence
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here's a closer look at ten emerging challenges and threats set to shape the coming year. 1. AI as a weapon for attackers The dual-use nature of AI has created a great deal of risk to organizations as cybercriminals increasingly harness the power of AI to perpetrate highly sophisticated attacks. AI-powered malware can change its behavior in real-time. This means it can evade traditional methods of detection and find and exploit vulnerabilities with uncanny precision. Automated reconnaissance tools let attackers compile granular intelligence about systems, employees, and defenses of a target at unprecedented scale and speed. AI use also reduces the planning time for a...
5 Practical Techniques for Effective Cyber Threat Hunting

5 Practical Techniques for Effective Cyber Threat Hunting

Dec 17, 2024 Threat Hunting / Sandbox Analysis
Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are certain to improve your company's threat awareness and overall security. Finding threats targeting orgs in your region The most basic, yet high-impact way to learn about the current threat landscape for your company is to go and see what type of attacks other organizations in your region are experiencing.  In most cases, threat actors attempt to target dozens of businesses at the same time as part of a single campaign. This makes it possible to catch the threat early and make correct adjustments in your organization. How it contributes to your security: More targeted and effective de...
Expert Insights / Articles Videos
Cybersecurity Resources