#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

computer security | Breaking Cybersecurity News | The Hacker News

Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet

Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet

Apr 24, 2020
Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. The botnet, named "VictoryGate," has been active since May 2019, with infections mainly reported in Latin America, particularly Peru accounting for 90% of the compromised devices. "The main activity of the botnet is mining Monero cryptocurrency," ESET said . "The victims include organizations in both public and private sectors, including financial institutions." ESET said it worked with dynamic DNS provider No-IP to take down the malicious command-and-control (C2) servers and that it set up fake domains (aka sinkholes) to monitor the botnet's activity. The sinkhole data shows that between 2,000 and 3,500 infected computers connected to the C2 servers on a daily basis during February and March this year. According to ESET res
Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

Apr 21, 2020
A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and Virtex-6 Field Programmable Gate Arrays ( FPGAs ) have been covered in a paper titled " The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs " by a group of academics from the Horst Goertz Institute for IT Security and Max Planck Institute for Cyber Security and Privacy. "We exploit a design flaw which piecewise leaks the decrypted bitstream," the researchers said. "In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely." The findings wil
Why SaaS opens the door to so many cyber threats (and how to make it safer)

Why SaaS opens the door to so many cyber threats (and how to make it safer)

Apr 17, 2020
Cloud services have become increasingly important to many companies' daily operations, and the rapid adoption of web apps has allowed businesses to continue operating with limited productivity hiccups, even as global coronavirus restrictions have forced much of the world to work from home. But at the same time, even major corporations have fallen prey to hackers. How can you maintain the integrity of your IT resources and data while still taking advantage of the benefits of software as a service (SaaS)? While cybersecurity is a broad and complicated topic, let's consider a hypothetical SaaS scenario and examine some of the risks. Imagine that one of your employees is writing a sensitive report. It could have financial or medical data in it. It could have information on a revolutionary new design. Whatever it is, the report needs to be kept confidential. What would happen if your employee writes the report in Google Docs? Let's assume that this decision wasn&
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

May 13, 2024Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo
Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know

Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know

Apr 06, 2020
Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal. The app has skyrocketed to 200 million daily users from an average of 10 million in December — along with a 535 percent increase in daily traffic to its download page in the last month — but it's also seen a massive uptick in Zoom's problems, all of which stem from sloppy design practices and security implementations. Zoom may never have designed its product beyond enterprise chat initially, but with the app now being used in a myriad number of ways and by regular consumers, the company's full scope of gaffes have come into sharp focus — something it was able to avoid all this time. But if this public scrutiny can make it a more secure product, it can only be a good thing in the long run. A Laundry
Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

Mar 11, 2020
Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II (the virus), which causes COVID-19 (the disease), is becoming an opportunity for them to likewise spread malware or launch cyber attacks. Reason Labs recently released a threat analysis report detailing a new attack that takes advantage of internet users' increased craving for information about the novel coronavirus that is wreaking havoc worldwide. The malware attack specifically aims to target those who are looking for cartographic presentations of the spread of COVID-19 on the Internet, and trickes them to download and run a malicious application that, on its front-end, shows a map loaded from a legit online source but in the background compromises the computer. New Threat With An Old Malware Component The latest threat, designed to steal information from unwitting victims, was first spotted by MalwareHunterTeam last week and has now be
Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020?

Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020?

Jan 07, 2020
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day. Cynet 360 autonomous breach protection is a good example of a multilayered advanced protection solution that can enable organizations who run Windows 7 to remain secure despite the end of support ( to learn more click here ). Let's dig a bit deeper to understand the risk. The reality is that all software contains bugs. Ideally, these bugs are discovered during the development process. In practice, many of them surface only following the product release in the course of their interactions with real users. Bugs that can be exploited for malicious purposes are called vulnerabilities. Microsoft conducts rigorous and ongoing research
Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild

Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild

Sep 27, 2018
Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax , the UEFI rootkit is part of a malware campaign conducted by the infamous Sednit group, also known as APT28, Fancy Bear , Strontium , and Sofacy , to target several government organizations in the Balkans as well as in Central and Eastern Europe. Operating since at least 2007, Sednit group is a state-sponsored hacking group believed to be a unit of GRU (General Staff Main Intelligence Directorate), a Russian secret military intelligence agency. The hacking group has been associated with a number of high profile attacks, including the DNC hack just before the U.S. 2016 presidential election . UEFI, or Unified Extensible Firmware Interface, a replacement for the traditional BIOS, is a core and critical firmware component of a
VPNFilter Router Malware Adds 7 New Network Exploitation Modules

VPNFilter Router Malware Adds 7 New Network Exploitation Modules

Sep 27, 2018
Security researchers have discovered even more dangerous capabilities in VPNFilter —the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier. Attributed to Russia's APT 28, also known as 'Fancy Bear,' VPNFilter is a malware platform designed to infect routers and network-attached storage devices from 75 brands including Linksys, MikroTik, Netgear, TP-Link, QNAP, ASUS, D-Link, Huawei, ZTE, Ubiquiti, and UPVEL. In May, when VPNFilter infected half a million routers and NAS devices in 54 countries, the FBI seized a key command-and-control domain used by the malware and asked people to reboot their routers. Initially, it was found that VPNFilter had been built with multiple attack modules that could be deployed to the infected routers to steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infr
MBRFilter — Open Source Tool to Protect Against 'Master Boot Record' Malware

MBRFilter — Open Source Tool to Protect Against 'Master Boot Record' Malware

Oct 20, 2016
Ransomware threat has risen exponentially so much that ransomware authors have started abusing the MBR in their attacks to lock down your entire computer instead of just encrypting your important files on hard drive. Talos team at Cisco Systems has released a free, open-source tool that protects the master boot record (MBR) sector of computers from modification by bootkits, ransomware, and other malicious attacks. Master Boot Record (MBR) is the first sector (512 bytes) on your Hard drive that stores the bootloader, a piece of code that is responsible for booting the current Operating System. Technically, Bootloader is first code that gets executed after system BIOS that tells your computer what to do when it start. An advanced malware program, such as rootkit and bootkit, leverages this process to infect computers by modifying the MBR. A boot malware or bootkits has the ability to install ransomware or other malicious software into your Windows kernel, which is almost i
VeraCrypt Audit Reveals Critical Security Flaws — Update Now

VeraCrypt Audit Reveals Critical Security Flaws — Update Now

Oct 18, 2016
After TrueCrypt mysteriously discontinued its service, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, as well as privacy conscious people. First of all, there is no such thing as a perfect, bug-free software. Even the most rigorously tested software, like the ones that operate SCADA Systems, medical devices, and aviation software, have flaws. Vulnerabilities are an unfortunate reality for every software product, but there is always space for improvements. Due to the enormous popularity of VeraCrypt, security researchers from the OSTIF (The Open Source Technology Improvement Fund) agreed to audit VeraCrypt independently and hired researchers from QuarksLab in August to lead the audit. And it seems like VeraCrypt is not exactly flawless either. Now after one month of the audit, researchers have discovered a number of security issues, including 8 critical, 3 medium, and 15 low-severity vulnerabilities in the popular
Antivirus firm Avast to Buy its rival AVG for $1.3 Billion

Antivirus firm Avast to Buy its rival AVG for $1.3 Billion

Jul 07, 2016
Breaking News for Today: Antivirus company Avast Software is planning to acquire Dutch rival AVG Technologies for $1.3 Billion in cash. Avast announced today that it would buy Amsterdam-based AVG Technologies for $25 per share in an all-cash transaction valued at $1.3 Billion in an aim to expand its presence in the emerging markets. With more than 230 Million users worldwide, Avast provides free and paid security software packages for both PCs as well as mobile devices to businesses and individuals. The deal between the two popular security software companies will provide Avast with 400 Million endpoints -- devices that have some form of Avast or AVG application installed. Around 160 Million of those are mobile. However, AVG technologies was in controversies for updating its policy that clearly said that the company will be allowed to collect and sell users' "non-personal data" to online advertisers in order to "make money" from their "free of
Researcher releases Free Ransomware Detection Tool for Mac OS X Users

Researcher releases Free Ransomware Detection Tool for Mac OS X Users

Apr 20, 2016
In Brief: Introducing  RansomWhere , a free generic ransomware detection tool for Mac OS X users that can identify ransomware-like behavior by continually monitoring the file-system for the creation of encrypted files by suspicious processes. This ransomware detection tool helps to block the suspicious processes and waits for the user to decide whether to allow or stop the process. Ransomware has risen dramatically since last few years... so rapidly that it might have already hit someone you know. With hundred of thousands of ransomware samples emerging every day, it is quite difficult for traditional signature-based antivirus products to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection , then what else can we do? Some Antivirus companies have already upgraded their security solutions that detect suspicious behaviors like the sequential accessing of a large number of files, using encryption algori
MIT builds Artificial Intelligence system that can detect 85% of Cyber Attacks

MIT builds Artificial Intelligence system that can detect 85% of Cyber Attacks

Apr 19, 2016
In Brief What if we could Predict when a cyber attack is going to occur before it actually happens and prevent it? Isn't it revolutionary idea for Internet Security? Security researchers at MIT have developed a new Artificial Intelligence-based cyber security platform, called ' AI2 ,' which has the ability to predict, detect, and stop 85% of Cyber Attacks with high accuracy. Cyber security is a major challenge in today's world, as government agencies, corporations and individuals have increasingly become victims of cyber attacks that are so rapidly finding new ways to threaten the Internet that it's hard for good guys to keep up with them. A group of researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) are working with machine-learning startup PatternEx to develop a line of defense against such cyber threats. The team has already  developed an Artificial Intelligence system that can detect 85 percent of attacks by
Password Security — Who's to Blame for Weak Passwords? Users, Really?

Password Security — Who's to Blame for Weak Passwords? Users, Really?

Jan 26, 2016
The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that proved most of us are still using bad passwords, like ' 123456 ' or ' password ,' to secure our online accounts that when breached could result in critical information loss. If the end-user is to blame for weak password security, then the solution is to educate each and every Internet user to follow the best password security practice. But is that really possible? Practically, No. Even after being aware of best password security measures, do we really set strong passwords for every website? I mean EVERY. Ask yourself. Who's Responsible for allowing Users to Set a Weak Password? It's the websites and their developers, who didn't enforce a
Cybersecurity
Expert Insights
Cybersecurity Resources