data breach | Breaking Cybersecurity News | The Hacker News

A new Android trojan called  SoumniBot  has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin  said  in a technical analysis. Every Android app comes with a  manifest XML file  ("AndroidManifest.xml") that's located in the root directory and declares the various components of the app, as well as the permissions and the hardware and software features it requires. Knowing that threat hunters typically commence their analysis by inspecting the app's manifest file to determine its behavior, the threat actors behind the malware have been found to leverage three different techniques to make the process a lot more challenging. The first method involves the use of an invalid Compression method value when unpackin

The U.S. Federal Trade Commission (FTC) has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to third-parties for advertising purposes and failed to honor its easy cancellation policies. "Cerebral and its former CEO, Kyle Robertson, repeatedly broke their privacy promises to consumers and misled them about the company's cancellation policies," the FTC  said  in a press statement. While claiming to offer "safe, secure, and discreet" services in order to get consumers to sign up and provide their data, the company, FTC alleged, did not clearly disclose that the information would be shared with third-parties for advertising. The agency also accused the company of burying its data sharing practices in dense privacy policies, with the company engaging in decept

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The threat actor known as  Muddled Libra  has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. "Organizations often store a variety of data in SaaS applications and use services from CSPs," Palo Alto Networks Unit 42  said  in a report published last week. "The threat actors have begun attempting to leverage some of this data to assist with their attack progression, and to use for extortion when trying to monetize their work." Muddled Libra, also called Scatter Swine, Scattered Spider, Starfraud, and UNC3944, is a notorious cybercriminal group that has leveraged sophisticated social engineering techniques to gain initial access to target networks.  "Scattered Spider threat actors have historically evaded detection on target networks by using living off the land techniques and allowlisted applications to navigate victim networks, as well as frequen

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company. The attack, which  came to light  earlier this year, has been attributed to a Russian nation-state group tracked as Midnight Blizzard (aka APT29 or Cozy Bear). Last month, Microsoft revealed that the adversary managed to access some of its source code repositories but noted that there is no evidence of a breach of customer-facing systems. The emergency directive, which was originally issued privately to federal agencies on April 2, was  first reported  on by CyberScoop two days later. "The threat actor is using information initially exfiltrated from the corporate email systems, including authentication details shared between Microsoft customers and Micros

GitGuardian is famous for its annual  State of Secrets Sprawl  report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million  new  exposed secrets in GitHub, but a number in the popular Python package repository  PyPI . PyPI, short for the Python Package Index, hosts over 20 terabytes of files that are freely available for use in Python projects. If you've ever typed pip install [name of package], it likely pulled that package from PyPI. A lot of people use it too. Whether it's GitHub, PyPI, or others, the report states, "open-source packages make up an estimated 90% of the code run in production today. "  It's easy to see why that is when these packages help developers avoid the reinvention of millions of wheels every day. In the 2024 report, GitGuardian reported finding over 11,000 exposed  unique  secrets, wit

We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers exploit these weaknesses to steal login information, gain sneaky access, and move around your systems unnoticed, whether they're in the cloud or on-site. This upcoming webinar,  " Today's Top 4 Identity Security Threat Exposures: Are You Vulnerable? "  isn't just for tech experts—it's about protecting your business.  We'll use real-world examples and insights from Silverfort's latest report to show you the hidden dangers of ITEs. You'll learn about: The Top 4 Identity Threats You Might Be Overlooking:  We'll name them and explain why they're

Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is  tracking  the activity cluster under the name  Starry Addax , describing it as primarily singling out activists associated with the Sahrawi Arab Democratic Republic (SADR). Starry Addax's infrastructure – ondroid[.]site and ondroid[.]store – is designed to target both Android and Windows users, with the latter involving fake websites masquerading as login pages for popular social media websites. In light of active investigation into the campaign, Talos said it cannot publicly disclose which websites are being targeted with credential harvesting attacks. "However, the threat actors are establishing their own infrastructure and hosting credential harvesting pages such as fake login pages for media and email services po

The  ransomware industry surged in 2023  as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070.  But 2024 is starting off showing a very different picture.  While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure 1: Victims per quarter There could be several reasons for this significant drop.  Reason 1: The Law Enforcement Intervention Firstly, law enforcement has upped the ante in 2024 with actions against both LockBit and ALPHV. The LockBit Arrests In February, an international operation named "Operation Cronos" culminated in the arrest of at least three associates of the infamous LockBit ransomware syndicate in Poland and Ukraine.  Law enforcement from multiple countries collaborated to take down LockBit's infrastructure. This included seizing their dark web domains and gaining access to their backend sys

The U.S. Cyber Safety Review Board ( CSRB ) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland Security (DHS) on Tuesday, found that the intrusion was preventable, and that it became successful due to a "cascade of Microsoft's avoidable errors." "It identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company's centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations," the DHS  said  in a statement. The CSRB also lambasted the tech titan for failing to detect the compromise on its own, instead relying on a customer to reac

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as  CVE-2024-2879 , carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0. The issue has been addressed in version 7.10.1 released on March 27, 2024, following responsible disclosure on March 25. "This update includes important security fixes," the maintainers of LayerSlider  said  in their release notes. LayerSlider is a visual web content editor, a graphic design software, and a digital visual effects that allows users to create animations and rich content for their websites. According to its own site, the plugin is  used  by "millions of users worldwide." The flaw discovered in the tool stems from a case of insufficient escaping of user supplied parameters and the absence of  wpdb::pr

Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What's more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud breach was above the overall average, at $4.75 million. In a time where cloud has become the de facto standard – with 65% of IT decision-makers confirming that cloud-based services are their first choice when upgrading or purchasing new solutions – despite its overwhelming prominence, cloud security still faces multiple challenges.  Security Challenges in the Cloud  One major hurdle is the lack of visibility. Unlike physical servers you can see and touch, cloud resources are often spread across vast networks, making it difficult to monitor for suspicious activity and leaving vulnerabilities undetected. Another challenge is the inconsistency across cloud vendor permission management systems. D

Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain reliable defenses. 2024 promises to be no exception. Threat actors continue to adapt their tactics, techniques, and procedures to exploit vulnerabilities in innovative ways, injecting malicious content into files that bypass traditional antivirus solutions and advanced, AI and ML-powered solutions alike. Therefore, organizations must assess and continually reinforce their security measures. One critical aspect that organizations often grapple with is identifying and addressing security blind spots. These are areas within the infrastructure where vulnerabilities exist but may

Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter from the Indian Air Force," EclecticIQ researcher Arda Büyükkaya  said  in a report published today. "The attacker utilized Slack channels as exfiltration points to upload confidential internal documents, private email messages, and cached web browser data after the malware's execution." The campaign, observed by the Dutch cybersecurity firm beginning March 7, 2024, has been codenamed Operation FlightNight in reference to the Slack channels operated by the adversary. Targets of the malicious activity span multiple government entities in India, counting those related t

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi Lumelsky, Guy Kaplan, and Gal Elbaz  said  in a Tuesday disclosure. "This flaw has been under active exploitation for the last seven months, affecting sectors like education, cryptocurrency, biopharma, and more." The campaign, ongoing since September 2023, has been codenamed  ShadowRay  by the Israeli application security firm. It also marks the first time AI workloads have been targeted in the wild through shortcomings underpinning the AI infrastructure. Ray is an  open-source, fully-managed compute framework  that allows organizations to build, train, and

In January 2024, Microsoft discovered they'd been the  victim of a hack  orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn't a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of an old, inactive account. This serves as a stark reminder of the importance of password security and why organizations need to protect every user account.  Password spraying: A simple yet effective attack The hackers gained entry by using a  password spray attack in November 2023 , Password spraying is a relatively simple brute force technique that involves trying the same password against multiple accounts. By bombarding user accounts with known weak and compromised passwords, the attackers were able to gain access to a legacy non-production test account within the Microsoft system which provided th

In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte