The Hacker News - Cybersecurity News and Analysis: cybersecurity

The following article is based on a  webinar series on enterprise API security by Imvision , featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. Centralizing security is challenging in today's open ecosystem When approaching API visibility, the first thing we have to recognize is that today's enterprises actively avoid managing all their APIs through one system. According to IBM's Tony Curcio, Director of Integration Engineering, many of his enterprise customers already work with hybrid architectures that leverage classic on-premise infrastructure while adopting SaaS and IaaS across various cloud vendors.  These architectures aim to increase resilience and flexibility, but are well aware that it complicates centralization efforts' to: 'These architectures aim to increase resilie

Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called  RTF  (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to retrieve malicious content from a remote URL using an RTF file," Proofpoint researchers said in a new report shared with The Hacker News. At the heart of the attack is an RTF file containing decoy content that can be  manipulated  to enable the retrieval of content, including malicious payloads, hosted at an external URL upon opening an RTF file. Specifically, it leverages the RTF  template functionality  to alter a document's formatting properties using a  hex editor  by specifying a URL resource instead of an accessible file resource destination from which a remote payload

One of the harsh realities of cybersecurity today is that malicious actors and attackers don't distinguish between organizations that have seemingly endless resources and those operating with lean IT security teams. For these lean teams, meeting the challenges in the current security landscape requires constant attention, and sometimes a little support. XDR provider Cynet has built a new minisite ( find it here ) with the goal of giving these lean IT Security teams a space to find answers, share their wins and strategies, gain new insights, and have some fun in the process. The company refers to these lean teams and the people that make them up as Lean IT Security Heroes. These groups often work with fewer resources, but are always able to defend against massive threats through creativity, ingenuity, and hard work. This new Lean IT Security Heroes minisite offers a variety of activities and tools that are ideal for lean teams looking to enhance their defenses. Additionally, the sit

Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the intrusions involved "MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant," which is a Visual Basic Script (VBS) with functionality to amass system information and execute arbitrary code sent by the attackers on the infected machine. An analysis of the campaign as well as the toolset and methods employed by the adversary has also led the researchers to conclude with low confidence that the  WIRTE group  has connections to another politically motivated collective called the  Gaza Cybergang . The affected entities are spread across Armenia, Cyp

We use Internet-enabled devices in every aspect of our lives today—to find information, shop, bank, do homework, play games, and keep in touch with friends and family. As a result, our devices contain much personal information about us. Also, any great device will get a little clunky and slow over time and the Mac is no exception, and the whole "Macs don't get viruses" claim is a myth. Malware for Macs has increased over the years, and today's Macs are being plagued by adware, scareware, and other potentially unwanted programs as well. If you are worried about your Macbook's performance and security, including unwanted software, ransomware,  CleanMyMac X software has you covered. CleanMyMac is all-in-all software to optimize your Mac's performance and security. It clears out clutter and removes megatons of junk so your computer can run faster, just like it did on day one. The tool is designed to replace several optimization apps for Mac and can be anythi

A joint four-month operation coordinated by Interpol, the international criminal police organization, has culminated in the arrests of more than 1,000 cybercriminals and the recovery of $27 million in illicit proceeds. Codenamed " HAECHI-II ," the crackdown enabled law enforcement units from across 20 countries, as well as Hong Kong and Macao, close 1,660 cases alongside blocking 2,350 bank accounts linked to the fraudulent illicit funds amassed from a range of online financial crimes, such as romance scams, investment fraud, and money laundering associated with illegal online gambling. "The results of Operation HAECHI-II show that the surge in online financial crime generated by the COVID-19 pandemic shows no signs of waning,"  said  Interpol Secretary General Jürgen Stock in a press statement issued on November 26. The coordinated law enforcement probe took place over a period of four months, starting from June 2021 until September 2021, with ten new criminal

Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.  Need help picking out antivirus software? Well, we've got you covered. Below you can find our picks for the best antivirus products of 2021. But before we get to that, let's set a few things straight so we're all on the same page.  When we talk about antivirus products, we're really talking about anti- malware  products. Malware is a catchall term that refers to any malicious program created to damage, disrupt, or take charge of a computer. Types of malware include not only viruses but spyware, trojan horses, ransomware, adware, and scareware. Any good antivirus product in 2021 must be ab

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos  disclosed  that it "detected malware samples in the wild that are attempting to take advantage of this vulnerability." Tracked as  CVE-2021-41379  and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft's  Patch Tuesday updates  for November 2021. However, in what's a case of an insufficient patch, Naceri found that it was not only possible to bypass the fix implemented by Microsoft but also  achieve  local privilege escalation via a newly discovered zero-day bug. The proof-of-concept (PoC) exploit, dubbed " InstallerFileTakeOver ," w

Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps. It's important to understand that each company is unique, and an EDR that a large company uses might not necessarily be the technology that works best when you are leading a small security team, even if you're within the same industry vertical. Understanding your threat detection technology requirements based on your unique company characteristics will help you choose the right one.  The eBook and webinar "The Dark Side of EDR. Are You Prepared?" helps you in that requirement definition process. It points out the dark side(s) of EDR and provides guidance as to how to overcome them according to your company'

Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals. If we choose to go with this fun analogy, is there anything useful we can learn from those movies? World-ending baddies always come with an army When we watch the different Avenger movies, the first thing we realize is that big baddies never fight alone. Think Ultron and his bot army, Thanos or Loki with the Chitauri. They all come with large, generic clone proxy armies that heroes must fight before getting to the final boss. In the same way, serious cyberattacks are planned and delivered by organized and structured groups of cybercriminals such as APT groups with sometimes hundreds of members. In real-life scenarios, attacks are coming from IPs (one or many) that have been stolen, hacked, or bought by the crimin

In the business world, mergers and acquisitions are commonplace as businesses combine, acquire, and enter various partnerships. Mergers and Acquisitions (M&A) are filled with often very complicated and complex processes to merge business processes, management, and a whole slew of other aspects of combining two businesses into a single logical entity. In the modern business world before and after the acquisition, a new concern with M&A activities is cybersecurity. What role does cybersecurity play in today's mergers and acquisitions of businesses? Why is it becoming a tremendous concern? Cybersecurity threats are growing in leaps and bounds There is no question that cybersecurity risks and threats are growing exponentially. A  report from Cybersecurity Ventures  estimated a ransomware attack on businesses would happen every 11 seconds in 2021. Global ransomware costs in 2021 would exceed $20 billion. It seems there are constantly new reports of major ransomware attacks, cos

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an investigation into a number of intrusions in the Middle East that culminated in the distribution of a never-before-seen loader dubbed SQUIRRELWAFFLE. First publicly  documented  by Cisco Talos, the attacks are believed to have commenced in mid-September 2021 via laced Microsoft Office documents. "It is known for sending its malicious emails as replies to pre-existing email chains, a tactic that lowers a victim's guard against malicious activities," researchers Mohamed Fahmy, Sherif Magdy, Abdelrhman Sharshar  said  in a report published last week. "To be able to pull this off, we believe it involved the use of a chain of both ProxyLogon and ProxyShell exploits." ProxyLo

A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass traditional antivirus detection using their own custom malware," Group-IB's Ivan Pisarev  said . Active since at least November 2018, the Russian-speaking  RedCurl hacking group  has been linked to 30 attacks to date with the goal of corporate cyber espionage and document theft aimed at 14 organizations spanning construction, finance, consulting, retail, insurance, and legal sectors and located in the U.K., Germany, Canada, Norway, Russia, and Ukraine. The threat actor uses an array of established hacking tools to infiltrate its targets and steal internal corporate documentat

Today's businesses run on data. They collect it from customers at every interaction, and they use it to improve efficiency, increase their agility, and provide higher levels of service. But it's becoming painfully obvious that all of that data businesses collect has also made them an enticing target for cybercriminals. With each passing day, the evidence of that grows. In the last few months, we've witnessed massive data breaches that targeted  Neiman Marcus ,  Facebook , and the  Robinhood  stock trading app. And they're hardly alone. In recent years, the number of data breaches worldwide has averaged  close to three per day . That statistic suggests that the average business has a target on its back and is running out of time to mount a defense of its data. And doing so doesn't have to be difficult. To help, here's a simple 5-step framework businesses of all sizes can use to protect their customer data. Step One: Review and Adapt Data Collection Standards