#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Trojan Horse | Breaking Cybersecurity News | The Hacker News

Category — Trojan Horse
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks

DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks

Nov 20, 2023 Threat Analysis / Malware
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. "These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery," Cofense  said  in a report shared with The Hacker News. "The malware families used also follow suit to what we would expect QakBot affiliates to use." QakBot, also called QBot and Pinkslipbot, was  shut down  as part of a coordinated law enforcement effort codenamed Operation Duck Hunt earlier this August. The use of DarkGate and PikaBot in these campaigns is not surprising as they can both act as conduits to deliver additional payloads to compromised hosts, making them both an attractive option for cybercriminals. PikaBot's parallels to QakBot were  previously highlighted  by Zscaler in its analysis of the malw
New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code

New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code

Nov 01, 2021
A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed " Trojan Source attacks ," the technique "exploits subtleties in text-encoding standards such as  Unicode  to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers," Cambridge University researchers Nicholas Boucher and Ross Anderson said in a newly published paper. The  vulnerabilities  — tracked as CVE-2021-42574 and CVE-2021-42694 — affect compilers of all popular programming languages such as C, C++, C#, JavaScript, Java, Rust, Go, and Python. Compilers are programs that translate high-level human-readable source code into their lower-l
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Sep 13, 2024Device Security / Identity Management
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials ( Verizon DBIR, 2024 ). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.  However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to deliver probabilistic defenses. Learn more about the characteristics of Beyond Identity that allow us to deliver deterministic defenses.  The Challenge: Phishing and Credential Theft Phishing attacks trick users into revealing their credentials via deceptive sites or messages sent via SMS, email, and/or voice calls. Traditional defenses, such as end-user training or basic multi-factor authentication (MFA), lower the risk at best but cannot eliminate it. Users may still fall prey to scams, and stolen credentials can be exploited. Legacy MFA is a particularly urgent problem, given that attackers
Beware of Christmas E-Cards: Tips to Avoid Holiday Scams

Beware of Christmas E-Cards: Tips to Avoid Holiday Scams

Dec 23, 2010
Your mailbox may be filling up with Christmas cards from friends and family, and so might your email inbox. But, as the song says, 'you better watch out,' because some of those merry emails could be from an internet Grinch looking to steal your peace of mind. Christmas cards are a great way to send holiday wishes to those you love. However, many of us are opting to send our cards electronically using e-cards. "One of the big problems around Christmastime is everyone sends out Christmas cards. That's great, and it's great to see one in your email inbox. The problem is, about half of them that you're going to get are actually links to viruses and Trojan horses that will infect your computer," explained News 4 WOAI Web Expert Bob Gambert. Some of these malicious emails will attack your email address book and flood your friends' inboxes with spam. So, how do you know which e-card is safe to open? Our computer expert says don't open any of them. Inst
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
Expert Insights / Articles Videos
Cybersecurity Resources