#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

cybersecurity | Breaking Cybersecurity News | The Hacker News

Category — cybersecurity
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon

Jan 18, 2025 Cyber Espionage / Telecom Security
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent targeting of Treasury's information technology (IT) systems, as well as sensitive U.S. critical infrastructure," the Treasury said in a press release. The sanctions target Yin Kecheng, who is assessed to have been a cyber actor for over a decade and affiliated with China's Ministry of State Security (MSS). Kecheng, per the Treasury, was associated with the breach of its own network that came to light earlier this month. The incident involved a hack of BeyondTrust's systems that allowed the threat actors to infiltrate some of the company's Remote Support SaaS inst...
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Jan 17, 2025 Firmware Security / Vulnerability
Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker who is able to remotely control one of these devices can use them to further exploit devices in an internal network and do lateral movement." The operational technology security firm, which carried out an extensive analysis of the firmware used in these switches using the QEMU framework, said the vulnerabilities are rooted in the dispatcher.cgi interface used to provide a web service. The list of flaws is below - CVE-2024-52558 (CVSS score: 5.3) - An integer underflow flaw that can allow an unauthenticated attacker to send a malformed HTTP request, resulting in...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Future-Ready Trust: Learn How to Manage Certificates Like Never Before

WebinarTrust Management / SSL Certificate
Managing digital trust shouldn't feel impossible. Join us to discover how DigiCert ONE transforms certificate management—streamlining trust operations, ensuring compliance, and future-proofing your digital strategy.
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation

Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation

Jan 17, 2025 Web Security / Botnet
Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis. "These attacks appear tied to the proliferation of gambling-related sites, potentially as a response to the heightened government scrutiny ." The Thales-owned company said it has detected millions of requests originating from a Python client that includes a command to install GSocket (aka Global Socket), an open-source tool that can be used to establish a communication channel between two machines regardless of the network perimeter. It's worth noting that GSocket has been put to use in many a cryptojacking operation in recent months, not to mention even exploiting the access provi...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Jan 17, 2025 Cybersecurity / Threat Intelligence
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting Sneaky 2FA phishing pages have been identified as of this month, suggesting moderate adoption by threat actors. "This kit is being sold as phishing-as-a-service (PhaaS) by the cybercrime service 'Sneaky Log,' which operates through a fully-featured bot on Telegram," the company said in an analysis. "Customers reportedly receive access to a licensed obfuscated version of the source code and deploy it independently." Phishing campaigns have been observed sending payment receipt-related emails to entice recipients into opening bogus PDF documents containing QR co...
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

Jan 17, 2025 Insider Threat / Cryptocurrency
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions. "These IT workers obfuscate their identities and locations to fraudulently obtain freelance employment contracts from clients around the world for IT projects, such as software and mobile application development," the Treasury Department said . "The DPRK government withholds up to 90% of the wages earned by these overseas workers, thereby generating annual revenues of hundreds of millions of dollars for the Kim regime's weapons programs to include weapons of mass destruction (WMD) and ballistic missile programs." The action represents the latest salvo in the U.S. g...
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Jan 17, 2025 Privacy / Data Protection
Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield user data from being potentially accessed by the Chinese government. The complaints have been filed in Austria, Belgium, Greece, Italy, and the Netherlands. "Given that China is an authoritarian surveillance state, it is crystal clear that China doesn't offer the same level of data protection as the E.U.," Kleanthi Sardeli, data protection lawyer at noyb, said . "Transferring Europeans' personal data is clearly unlawful – and must be terminated immediately." Noyb noted that the companies have no choice but to comply with Chinese authorities' requests for access to d...
Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign

Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign

Jan 16, 2025 Spear Phishing / Threat Intelligence
The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard's targets are most commonly related to government or diplomacy (both incumbent and former position holders), defense policy or international relations researchers whose work touches on Russia, and sources of assistance to Ukraine related to the war with Russia," the Microsoft Threat Intelligence team said in a report  shared with The Hacker News. Star Blizzard (formerly SEABORGIUM) is a Russia-linked threat activity cluster known for its credential harvesting campaigns. Active since at least 2012, it's also tracked under the monikers Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), COLDRIVER, Dancing Salome, Gossamer Bear, Iron Frontier, TA446, and UNC4057. Previously observed attack ...
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

Jan 16, 2025 Certificate Management / Compliance
The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It's simply not built for today's fast-paced, hybrid environments. You need a solution that can handle the chaos, not add to it. Introducing DigiCert ONE : a revolutionary platform designed to simplify and automate your entire trust ecosystem. But seeing is believing, right? That's why we're hosting a free webinar to show you DigiCert ONE in action. In this can't-miss event, you'll discover how to: Centralized Control, Simplified Operations: Tired of juggling certificate chaos? Discover how DigiCert ONE makes it easy to manage certificates for devices, users, and workloads—all in one place. Automate and Secure Your Hybrid Environment: Complexity ...
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

Jan 16, 2025 Identity Protection / SaaS Security
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks . (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as little as $10 (Source: Verizon). Something doesn't add up. So, what's going on? In this article, we'll cover: What's contributing to the huge rise in account compromises linked to stolen creds and why existing approaches aren't working.  The world of murky intelligence on stolen credentials, and how to cut through the noise to find the true positives. Recommendations for security teams to stop attackers from using stolen creds to achieve account takeover. Stolen credential-based attacks are on the rise There's clear evidence that identity attacks are now the #1 cyber threat f...
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Jan 16, 2025 Vulnerability / Cybersecurity
Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new report from ESET shared with The Hacker News. Successful exploitation of the flaw can lead to the execution of untrusted code during system boot, thereby enabling attackers to deploy malicious UEFI bootkits on machines that have Secure Boot on, irrespective of the operating system installed. Secure Boot is a firmware security standard that prevents malware from loading when a computer starts up by ensuring that the device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). The feature leverages digital signatures to validate the authenticity,...
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

Jan 16, 2025 Active Directory / Vulnerability
Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a report shared with The Hacker News. NTLM is a still widely used mechanism particularly in Windows environments to authenticate users across a network. The legacy protocol, while not removed due to backward compatibility requirements, has been deprecated as of mid 2024. Late last year, Microsoft officially removed NTLMv1 starting in Windows 11, version 24H2, and Windows Server 2025. While NTLMv2 introduces new mitigations to make it harder to perform relay attacks, the technology has been besieged by several security weaknesses that have been actively exploited by threat acto...
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Jan 16, 2025 Malware / Ransomware
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf Security said in its Threat Insights Report for Q3 2024 shared with The Hacker News. The starting point is a phishing email that masquerades as invoices and purchase orders to trick recipients into opening malicious attachments, such as Microsoft Excel documents, that, when opened, exploits a known security flaw in Equation Editor ( CVE-2017-11882 ) to download a VBScript file. The script, for its part, is designed to decode and run a PowerShell script that retrieves an image hosted on archive[.]org and extracts a Base64-encoded code, which is subsequently decoded into a .NET executable and executed. The .NET executable ser...
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Jan 16, 2025 Endpoint Security / Ransomware
Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security , initial access is said to have been facilitated by means of a JavaScript malware downloaded named SocGholish (aka FakeUpdates), which is known to be distributed via drive-by campaigns that trick unsuspecting users into downloading bogus web browser updates. Such attacks commonly involve the use of legitimate-but-infected websites that victims are redirected to from search engine results using black hat Search Engine Optimization (SEO) techniques. Upon execution, SocGholish establishes contact with an attacker-controlled server to retrieve secondary payloads. As recently as last year, SocGholish campaigns have targeted WordPress sites relying on outdated versions of popular SEO plug...
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

Jan 16, 2025 Vulnerability / Endpoint Security
Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern instances of absolute path traversal that allow a remote unauthenticated attacker to leak sensitive information. The flaws are listed below - CVE-2024-10811 CVE-2024-13161  CVE-2024-13160, and CVE-2024-13159 The shortcomings affect EPM versions 2024 November security update and prior, and 2022 SU6 November security update and prior. They have been addressed in EPM 2024 January-2025 Security Update and EPM 2022 SU6 January-2025 Security Update. Horizon3.ai security researcher Zach Hanley has been credited with discovering and reporting all four vulnerabilities in question. Also patched by Ivanti are multiple high-severity bugs in Avalanche vers...
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Jan 15, 2025 Malvertising / Malware
Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages," Jérôme Segura, senior director of threat intelligence at Malwarebytes, said in a report shared with The Hacker News. It's suspected the end goal of the campaign is to reuse the stolen credentials to further perpetuate the campaigns, while also selling them to other criminal actors on underground forums. Based on posts shared on Reddit , Bluesky , and Google's own support forums , the threat has been active since at least mid-November 2024. The activity cluster is a lot similar to campaigns that leverage stealer malware to steal data related to Facebook advertising and business accounts in order to ...
Expert Insights / Articles Videos
Cybersecurity Resources