#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

data breach | Breaking Cybersecurity News | The Hacker News

Category — data breach
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024 Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

Oct 02, 2024 Cyber Espionage / Cloud Security
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The group constantly updates its backdoor to evade detection and diversifies its methods to aid massive data exfiltration," security researcher Romain Dumont said in an analysis published today. "CeranaKeeper abuses popular, legitimate cloud and file-sharing services such as Dropbox and OneDrive to implement custom backdoors and extraction tools." Some of the other countries targeted by the adversary include Myanmar, the Philippines, Japan, and Taiwan, all of which have been targeted by Chinese state-sponsored threat actors in recent years. ESET described CeranaKeeper a
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Oct 01, 2024Generative AI / Data Protection
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security concerns, many have been forced to choose between unrestricted GenAI usage to banning it altogether. A new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to help organizations navigate the challenges of GenAI usage in the workplace. The guide offers practical steps for security managers to protect sensitive corporate data while still reaping the productivity benefits of GenAI tools like ChatGPT. This approach is intended to allow companies to strike the right balance between innovation and security. Why Worry About ChatGPT? The e
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Oct 02, 2024 Vulnerability / Data Breach
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming, credited to a researcher named " spacewasp ," was patched by Adobe in June 2024. Dutch security firm Sansec, which has described CosmicSting as the "worst bug to hit Magento and Adobe Commerce stores in two years," said the e-commerce sites are being compromised at the rate of three to five per hour. The flaw has since come under widespread exploitation , prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog in mid-July 2024. Some of these attacks involve weaponizing the flaw to ste
cyber security

2024 State of SaaS Security Report eBook

websiteWing SecuritySaaS Security / Insider Threat
A research report featuring astonishing statistics on the security risks of third-party SaaS applications.
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

Oct 02, 2024 Supply Chain Attack / Cryptocurrency
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem," Checkmarx researcher Yehuda Gelb said in a Tuesday analysis. "Presenting themselves as utilities for extracting mnemonic phrases and decrypting wallet data, these packages appeared to offer valuable functionality for cryptocurrency users engaged in wallet recovery or management." However, they harbor functionality to steal private keys, mnemonic phrases, and other sensitive wallet data, such as transaction histories or wallet balances. Each of the packages attracted hundreds of downloads prior to them being taken down - atomicdecoderss (366 downloads) trondecoderss
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

Oct 01, 2024 Cryptocurrency / Threat Intelligence
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in cryptocurrencies," Recorded Future's Insikt Group said in an analysis of version 0.7.0 of the malware. "The malware can recognize seed phrase images on the client side and send them back to the command-and-control (C2) server for further exploitation." First discovered in the wild in September 2022, Rhadamanthys has emerged as one of the most potent information stealers that are advertised under the malware-as-a-service (MaaS) model, alongside Lumma and others. The malware continues to have an active presence despite suffering bans from underground forum
U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

Oct 01, 2024 Corporate Security / Financial Fraud
The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court documents, Westbrook is believed to have executed a fraudulent scheme between January 2019 and May 2020 that allowed him to generate millions in profits by gaining unauthorized access to Microsoft 365 accounts belonging to corporate executives. "On at least five occasions, Westbrook gained unauthorized access to Office 365 email accounts belonging to corporate executives employed by certain U.S.-based companies to obtain non-public information, including information about impending earnings announcements," the DoJ said . The accused then used that information to purchase securities and ma
Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

Sep 26, 2024 Cyber Espionage / Mobile Security
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022. The strategic web compromises are designed to deliver four different variants of an information-stealing framework, it added. "These ranged from the simplest, which merely stole the user's location, to more complex ones that recorded images from the selfie camera and led selected users to install a malicious APK, i.e an application used on Android," security researchers Felix Aimé and Maxime A said in a Wednesday report. Targeted websites include Kurdish press and media, Rojava administration and its armed forces, those related to revolutionary far-left political parties, and organizatio
Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

Sep 26, 2024 Cyber Espionage / Hacking
Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. "Investigators are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet," the publication was quoted as saying, citing people familiar with the matter. The end goal of the attacks is to gain a persistent foothold within target networks, allowing the threat actors to harvest sensitive data or launch a damaging cyber attack. GhostEmperor first came to light in October 2021, when Russian cybersecurity company Kasperksy detailed a long-standing evasive operation targeting Southeast Asian targets in
Why 'Never Expire' Passwords Can Be a Risky Decision

Why 'Never Expire' Passwords Can Be a Risky Decision

Sep 23, 2024 Password Management / Data Breach
Password resets can be frustrating for end users. Nobody likes being interrupted by the 'time to change your password' notification – and they like it even less when the new passwords they create are rejected by their organization's password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden. Despite this, it's commonly accepted that all passwords should expire after a set period of time.  Why is this the case? Do you need password expiries at all? Explore the reason expiries exist and why setting passwords to 'never expire' might save some headaches, but not be the best idea for cybersecurity.  Why do we have password expiries? The traditional 90-day password reset policy stems from the need to protect against brute-force attacks . Organizations typically store passwords as hashes, which are scrambled versions of the actual passwords created using cryptographic hash functions (CHFs). When a user enters thei
Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene

Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene

Sep 19, 2024 Cyber Hygiene / Network Security
Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital's systems are held hostage by ransomware, it's not just data at risk — it's the care of patients who depend on life-saving treatments. Imagine an attack that forces emergency care to halt, surgeries to be postponed, or a cancer patient's private health information used for extortion. This is the reality healthcare faces as cybercriminals exploit people who need care. Healthcare accounted for 17.8% of all breach events and 18.2% of destructive ransomware events since 2012 1 , surpassing other sectors like finance, government, and education. This alarming rise in attacks makes one thing clear: poor cybersecurity hygiene is the root cause, and the consequences for failing to address these vulnerabilities are devastating. Organizations that neglect basic cybersecurity practices, like sof
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

Sep 13, 2024 Cyber Attack / Crime
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said . The teenager, who's from Walsall, is said to have been arrested on September 5, 2024, following an investigation that was launched in the incident's aftermath. The law enforcement agency said the unnamed individual was questioned and subsequently let go on bail. "Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems," Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit, said. "The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co
Top 3 Threat Report Insights for Q2 2024

Top 3 Threat Report Insights for Q2 2024

Sep 12, 2024 Threat Intelligence / Cybercrime
Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report . The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato's global customers, between April and June 2024. Key Insights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights that are based on thorough data analysis of network flows. The top three insights for enterprises are as follows. 1) IntelBroker: A Persistent Threat Actor in the Cyber Underground During an in-depth investigation into hacking communities and the dark web, Cato CTRL identified a notorious threat actor known as IntelBroker. IntelBroker is a prominent figure and moderator within the BreachForums hacking community and has been actively involved in the sale of data and source code from major organizations. These include AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile and the US Army Aviation and Mi
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

Sep 11, 2024 Network Security / Hacking
The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French cybersecurity company Sekoia. "The Quad7 botnet operators appear to be evolving their toolset, introducing a new backdoor and exploring new protocols, with the aim of enhancing stealth and evading the tracking capabilities of their operational relay boxes (ORBs)," researchers Felix Aimé, Pierre-Antoine D., and Charles M. said .  Quad7, also called 7777, was first publicly documented by independent researcher Gi7w0rm in October 2023, highlighting the activity cluster's pattern of ensnaring TP-Link routers and Dahua digital video recorders (DVRs) into a botnet. The botnet, which gets its name from the fact it opens TCP port 7777 on compromised devices,
DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

Sep 11, 2024 Network Security / Cyber Espionage
A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. "DragonRank exploits targets' web application services to deploy a web shell and utilizes it to collect system information and launch malware such as PlugX and BadIIS, running various credential-harvesting utilities," security researcher Joey Chen said . The attacks have led to compromises of 35 Internet Information Services ( IIS ) servers with the end goal of deploying the BadIIS malware, which was first documented by ESET in August 2021. It's specifically designed to facilitate proxy ware and SEO fraud by turning the compromised IIS server into a relay point for mal
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources