cyber security | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices. Slovakian company ESET attributed the campaign to a China-linked actor called  GREF . "Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites representing the malicious apps Signal Plus Messenger and FlyGram," security researcher Lukáš Štefanko  said  in a new report shared with The Hacker News. Victims have been primarily detected in Germany, Poland, and the U.S., followed by Ukraine, Australia, Brazil, Denmark, Congo-Kinshasa, Hong Kong, Hungary, Lithuania, the Netherlands, Portugal, Singapore, Spain, and Yemen. BadBazaar was  first documented  by Lookout in November 2022 as targeting the  U

The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers (VPSs), Lumen Black Lotus Labs  said  in a report published last week. The cybersecurity firm described the activity cluster as "brazen" and "one of the most audacious," indicating no signs of slowing down. The identity and the origin of the threat actors are presently unknown. Targets included commercial firms, such as semiconductor and chemical manufacturers, and at least one municipal government organization in Taiwan as well as a U.S. Department of Defense (DoD) server associated with submitting and retrieving proposals for defense contracts. HiatusRAT was  first disclosed  by the cybersecurity company in March

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) Tuesday. The exact identity or origin of the threat actor remains unclear. "The APT actors have exploited CVE-2023-35078 since at least April 2023," the authorities  said . "The actors leveraged compromised small office/home office (SOHO) routers, including ASUS routers, to proxy to target infrastructure.' CVE-2023-35078 refers to a  severe flaw  that allows threat actors to access personally identifiable information (PII) and gain the ability to make configuration changes on compromised systems. It can be chained with a second vulne

China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks. The development comes nearly two months after the country's cybersecurity authority  initiated a probe  in late March 2023 to assess potential network security risks. "The purpose of this network security review of Micron's products is to prevent product network security problems from endangering the security of national critical information infrastructure, which is a necessary measure to maintain national security," the Cyberspace Administration of China (CAC)  said . The CAC further said the investigation found "serious cybersecurity problems" in Micron's products, endangering the country's critical information infrastructure supply chain. As a result, operators involved in such critical information infrastructure projects should stop purchasing products from Micron, it added. The autho

Are you concerned about ransomware attacks? You're not alone. In recent years, these attacks have become increasingly common and can cause significant damage to organizations of all sizes. But there's good news - with the right security measures in place, such as real-time MFA and service account protection, you can effectively protect yourself against these types of attacks. That's why we're excited to invite you to our upcoming webinar with Yiftach Keshet, cybersecurity expert and Chief Marketing Officer at Silverfort. During this webinar, Yiftach will share his insights on how real-time MFA and service account protection can defeat ransomware attacks, and why identity-focused protection is the only way to stop lateral movement and ransomware spread. Some of the key topics that will be covered in this webinar include: The increasing risk of lateral movement and how it's become one of the most critical risks facing organizations today. The blind spots in MFA

A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as  S1deload Stealer  and  SYS01stealer . Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious software and other security threats. The idea is to reach a broader audience by paying for ads to "amplify" their posts. According to  Guardio Labs , such attacks commence with the adversary creating new business profiles and hijacking already popular accounts to serve ads that claim to offer free adult-rated photo album downloads. Within these ZIP archive files are purported images that are actually executable files, which, when clicked, activate the infection chain and ultimately deploy the stealer malware to siphon session cookies, account data, and other information.

The Chinese nation-state group dubbed  Alloy Taurus  is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That's according to findings from Palo Alto Networks Unit 42, which  discovered  recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a threat actor that's known for its attacks targeting telecom companies since at least 2012. It's also tracked by Microsoft as Granite Typhoon (previously Gallium). Last month, the adversary was attributed to a campaign called  Tainted Love  targeting telecommunication providers in the Middle East as part of a broader operation referred to as Soft Cell. Recent cyber espionage attacks mounted by Alloy Taurus have also broadened their victimology footprint to include financial institutions and government entities. PingPull,  first documented  by Unit 42 in June 2022, is a remote

The prolific Iranian nation-state group known as  Charming Kitten  is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed  BellaCiao , adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that's capable of delivering other malware payloads onto a victim machine based on commands received from an actor-controlled server. "Each sample collected was tied up to a specific victim and included hard-coded information such as company name, specially crafted subdomains, or associated public IP address," the Romanian cybersecurity firm  said  in a report shared with The Hacker News. Charming Kitten, also known as APT35, Cobalt Illusion, Educated Manticore, ITG18, Mint Sandstorm (née Phosphorus), TA453, and Yellow Garuda, is an Iranian state-sponsored APT group associated with the Islamic Revolutionary Guard Corps ( IRGC ). Over the years, the

Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response,  Uptycs , the first unified CNAPP and XDR platform, released a whitepaper, " 14 Kubernetes and Cloud Security Predictions for 2023 and How Uptycs Meets Them Head-On " addressing the most pressing challenges and trends in Kubernetes and cloud security for 2023. Uptycs explains how their unified CNAPP and XDR solution is designed to tackle these emerging challenges head-on.  Read on for key takeaways from the whitepaper and learn how Uptycs helps modern organizations successfully navigate the evolving landscape of Kubernetes and cloud security.  14 Kubernetes and Cloud Security Predictions for 2023 C

Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes? A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement are unlike other types of information manipulation, which use less extreme manipulation techniques, like misrepresentation of information, isolating parts of the information or editing it in a deceptive manner. Etay Maor, Senior Director of Security Strategy at Cato Networks adds "To add complications, the recent advancements and accessibility to AI generated text, such as GPT3, have already been used in combination with deepfakes (as a proof of concept) to create interactive, human looking conversation bots" What Do Deep Fakes Look Like? Deep fakes come in all shapes and siz

Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing  nonstop  at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing. Most employees don't even realize that this SaaS-to-SaaS connectivity, which requires scopes like the ability to read, update, create, and delete content, increases their organization's attack surface in a significant way. Third-party app connections typically take place outside the view of the security team, are not vetted to understand the level of risk they pose. Adaptive Shield's latest report,  Uncovering the Risks & Realities of Third-Party Connected Apps , dives into the data on this topic. It reviews the average number of SaaS-to-SaaS apps organizations have, and the level of risk they present. Here are the top

The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023. It's estimated that the hackers stole personal data belonging to tens of millions of individuals. This comprised names, addresses, telephone numbers, dates of birth, bank account numbers, credit cards, passwords, license plates, social security numbers, and passport details. The Politie said its cybercrime team started the investigation nearly two years ago, in March 2021, after a large Dutch company suffered a security breach. The name of the company was not disclosed but some of the firms that were hit by a cyber attack around that time included  RDC ,  Shell , and  Ticketcounter , the last of which was also a victim of an extortion att

The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. "The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists, and activists," the NCSC  said . The agency attributed the intrusions to  SEABORGIUM  (aka Callisto, COLDRIVER, and TA446) and  APT42  (aka ITG18, TA453, and Yellow Garuda). The similarities in the modus operandi aside, there is no evidence the two groups are collaborating with each other. The activity is typical of spear-phishing campaigns, where the threat actors send messages tailored to the targets, while also taking enough time to research their interests and identify their social and professional circles. The initial contact is designed to appear innocuous in an attempt to gain their trust and

Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the specific tools and techniques used by different groups of cybercriminals, as well as potential links between seemingly unrelated attacks. "With the increasing usage of LNK files in attack chains, it's logical that threat actors have started developing and using tools to create such files," Cisco Talos researcher Guilherme Venere said in a report shared with The Hacker News. This comprises tools like  NativeOne 's  mLNK Builder  and  Quantum Builder , which allow subscribers to generate rogue shortcut files and evade security solutions. Some of the major malware families that have used LNK file

When the headlines focus on breaches of large enterprises like the Optus breach, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort?  Unfortunately, when it comes to cyber security, size doesn't matter.  Assuming you're not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple security steps in place. Few small businesses prioritise cybersecurity, and hackers know it. According to Verizon, the number of smaller businesses being hit has climbed steadily in the last few years – 46% of cyber breaches in 2021 impacted businesses with fewer than 1,000 employees.  Cyber security doesn't need to be difficult Securing any business doesn't need to be complex or come with a hefty price tag. Here are seven simple tips to help the smaller business secure their systems, people and data. 1 — Install anti-virus software everywhere Every organisation has anti-virus on the