#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

cybersecurity | Breaking Cybersecurity News | The Hacker News

Category — cybersecurity
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

Oct 04, 2024 Phishing Attack / Cybercrime
Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials," said Deputy Attorney General Lisa Monaco. The activity has been attributed to a threat actor called COLDRIVER , which is also known by the names Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), Dancing Salome, Gossamer Bear, Iron Frontier, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057. Active since at least 2012, the group is assessed to be an operational unit within Center 18 of the Russian Federal Security Service (FSB). In December 2023, the U.K. and U.S. governments sanctioned two members of the group – Aleksandrovich Peretyat
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024 Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Oct 01, 2024Generative AI / Data Protection
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security concerns, many have been forced to choose between unrestricted GenAI usage to banning it altogether. A new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to help organizations navigate the challenges of GenAI usage in the workplace. The guide offers practical steps for security managers to protect sensitive corporate data while still reaping the productivity benefits of GenAI tools like ChatGPT. This approach is intended to allow companies to strike the right balance between innovation and security. Why Worry About ChatGPT? The e
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Oct 04, 2024 DDoS Attack / Botnet
Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout last month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (Tbps)." The hyper-volumetric L3/4 DDoS attacks have been ongoing since early September 2024, it noted, adding they targeted multiple customers in the financial services, Internet, and telecommunication industries. The activity has not been attributed to any specific threat actor. The previous record for the largest volumetric DDoS attack hit a peak throughput of 3.47 Tbps in November 2021 , targeting an unnamed Microsoft Azure customer in Asia. The attacks leverage the User Datagram Protocol (UDP) protocol on a fixed port, with the flood of packets originating from Vietnam, Russi
cyber security

2024 State of SaaS Security Report eBook

websiteWing SecuritySaaS Security / Insider Threat
A research report featuring astonishing statistics on the security risks of third-party SaaS applications.
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

Oct 04, 2024 Website Security / Vulnerability
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting ( XSS ) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was addressed in version 6.5.1 on September 25, 2024, following responsible disclosure by Patchstack Alliance researcher TaiYou. "It could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request," Patchstack said in a report.  The flaw stems from the manner in which the plugin the "X-LSCACHE-VARY-VALUE" HTTP header value is parsed without adequate sanitization and output escaping, thereby allowing for injection of arbitrary web scripts. That said, it's worth poi
Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Oct 03, 2024 Mobile Security / Technology
Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This function inherently involves processing external inputs, which may originate from untrusted sources," Sherk Chung and Stephan Chen from the Pixel team, and Roger Piqueras Jover and Ivan Lozano from the company's Android team said in a blog post shared with The Hacker News. "For instance, malicious actors can employ false base stations to inject fabricated or manipulated network packets. In certain protocols like IMS (IP Multimedia Subsystem), this can be executed remotely from any global location using an IMS client." What's more, the firmware powering the
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024 Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Oct 03, 2024 Linux / Malware
Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker News. "When a new user logs into the server, it immediately stops all 'noisy' activities, lying dormant until the server is idle again. After execution, it deletes its binary and continues to run quietly in the background as a service." It's worth noting that some aspects of the campaign were disclosed last month by Cado Security, which detailed an activity cluster that targets internet-exposed Selenium Grid instances with both cryptocurrency mining and proxyjacking software. Specifically, the fileless perfctl malware has been found to exploit a security
North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks

North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks

Oct 03, 2024 Cyber Espionage / Threat Intelligence
Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37 , which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima, Ruby Sleet, and ScarCruft. Active since at least 2012, the adversarial collective is assessed to be part of North Korea's Ministry of State Security (MSS). Like with other state-aligned groups, those affiliated with North Korea, including the Lazarus Group and Kimsuky, vary in their modus operandi and likely have ever-evolving objectives based on state interests. A key malware in its toolbox is RokRAT (aka Goldbackdoor), although the group has also developed custom tools to facilitate covert intelligence gathering. It's currently not known how the first stage payload, a ZIP arc
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

Oct 03, 2024 Cybercrime / Financial Fraud
INTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune of more than $1.4 million. The cybercriminals posed as buyers on small advertising websites and used QR codes to direct victims to fraudulent websites that mimicked a legitimate payment platform. This allowed victims to inadvertently enter personal information such as their credentials or card numbers. The perpetrators also impersonated the unnamed platform's customer service agents over the phone to further deceive them. As many as 260 scam reports are said to have been received by Swiss authorities between August 2023 and April 2024, prompting a collaborative investigation that
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Oct 03, 2024 Vulnerability / Endpoint Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824 , carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code," the software service provider said in an advisory released on May 21, 2024. Horizon3.ai, which released a proof-of-concept (PoC) exploit for the flaw in June, said the issue is rooted in a function called RecordGoodApp() within a DLL named PatchBiz.dll. Specifically, it concerns how the function handles an SQL query statement, thereby allowing an attacker to gain remote code execution via xp_cmdshell. Th
Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

Oct 02, 2024 Cybercrime / Financial Security
A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering , in which prospective victims are lured into making investments in cryptocurrency or other financial instruments after gaining their trust under the guise of a romantic relationship or an investment advisor. Such manipulative and social engineering operations often end with the victims losing their funds, and in some cases, the extraction of even more money from them by requesting various fees and other payments. The Singapore-headquartered company said the campaign has a global reach, with victims reported across Asia-Pacific, European, Middle East and Africa. The bogus apps, built using the UniApp Framework, have been classified under the moniker UniShadowTrade . The activity cluster is
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

Oct 02, 2024 Cyber Espionage / Cloud Security
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The group constantly updates its backdoor to evade detection and diversifies its methods to aid massive data exfiltration," security researcher Romain Dumont said in an analysis published today. "CeranaKeeper abuses popular, legitimate cloud and file-sharing services such as Dropbox and OneDrive to implement custom backdoors and extraction tools." Some of the other countries targeted by the adversary include Myanmar, the Philippines, Japan, and Taiwan, all of which have been targeted by Chinese state-sponsored threat actors in recent years. ESET described CeranaKeeper a
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

Oct 02, 2024 Cybercrime / Threat Intelligence
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection," Trend Micro researchers Ryan Soliven, Maria Emreen Viray, and Fe Cureg said in an analysis. More_eggs, sold as a malware-as-a-service (MaaS), is a malicious software that comes with capabilities to siphon credentials, including those related to online bank accounts, email accounts, and IT administrator accounts. It's attributed to a threat actor called the Golden Chickens group (aka Venom Spider), and has been put to use by several other e-crime groups like FIN6 (aka ITG08 ), Cobalt, and Evilnum. Earlier this June, eSentire disclosed details of a similar attack that leverages
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

Oct 02, 2024 Vulnerability / Network Security
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout Vedere Labs said in a technical report shared with The Hacker News. Of the 14 security flaws – collectively called DRAY:BREAK – two are rated critical, nine are rated high, and three are rated medium in severity. The most critical of the shortcomings is a flaw that has been awarded the maximum CVSS score of 10.0. CVE-2024-41592 concerns a buffer overflow bug in the "GetCGI()" function in the Web user interface that could lead to a denial-of-service (DoS) or remote code execution (RCE) when processing the query string parameters. Another critical vulnerability (CVE-2024-41
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources