#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
AI Security

data security | Breaking Cybersecurity News | The Hacker News

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

Jul 17, 2024 Cybercrime / Malware
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a security dodging tool known to be used by ransomware groups like AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. "AvNeutralizer (aka AuKill ), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple ransomware groups," cybersecurity company SentinelOne said in a report shared with The Hacker News. FIN7, an e-crime group of Russian and Ukrainian origin, has been a persistent threat since at least 2012, shifting gears from its initial targeting of point-of-sale (PoS) terminals to acting as a ransomware affiliate for now-defunct gangs such as REvil and Conti, before launching its own ransomware-as-a-service (RaaS) programs DarkSide and BlackMatter. The threat actor, which is also tracked under the names Carbanak, Carbon Spide
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Jul 17, 2024 Vulnerability / Data Security
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are recommended to upgrade to version 1.3.0 with Java11 and enable the Auth system, which fixes the issue," the Apache Software Foundation noted in late April 2024. "Also you could enable the 'Whitelist-IP/port' function to improve the security of RESTful-API execution." Additional technical specifics about the flaw were released by penetration testing company SecureLayer7 in early June, stating it enables an attacker to bypass sandbox restrictions and achieve code execution, giving them complete control over a susceptible server. This week, the Shadowserver Foundat
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Jul 15, 2024Cyber Crime / Data Protection
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it. Let's start with what infostealer malware actually is. As the name suggests, it's malware that... steals data. Depending on the specific type, the information it extracts might differ slightly, but most will try to extract the following: Cryptocurrency wallets Bank account information and saved credit card details Saved passwords from various apps Bro
Kaspersky Exits U.S. Market Following Commerce Department Ban

Kaspersky Exits U.S. Market Following Commerce Department Ban

Jul 16, 2024 National Security / Data Security
Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also expected to lay off less than 50 employees in the U.S. "The company has carefully examined and evaluated the impact of the U.S. legal requirements and made this sad and difficult decision as business opportunities in the country are no longer viable," the company said in a statement. In late June 2024, the Commerce Department said it was enforcing a ban after what it said was an "extremely thorough investigation." The company was also added to the Entity List, preventing U.S. enterprises from conducting business with it. It's currently not known what was
cyber security

Top 4 Security Risks of GenAI

websiteWizGenAI Security / Technology
Gain a competitive edge and unlock the top 4 major emerging risks within GenAI. This report from Gartner provides insights and recommended actions for security and product leaders.
Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool

Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool

Jul 03, 2024 Spyware / Vulnerability
Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S. "MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems," Fortinet FortiGuard Labs researcher Cara Lin said in a report published last week. The starting point of the attack chain is a Microsoft Word document that ostensibly contains a job description for a software engineer role. But opening the file triggers the exploitation of CVE-2021-40444 , a high-severity flaw in MSHTML that could result in remote code execution without requiring any user interaction. It was addressed by Microsoft as part of Patch Tuesday updates released in September 2021. In this case, it paves the way for the download of an HTML file ("olerender.html") from a remote s
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Jun 26, 2024 Web Skimming / Website Security
Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information .  According to Sucuri, the latest campaign entails making malicious modifications to the checkout PHP file associated with the WooCommerce plugin for WordPress ("form-checkout.php") to steal credit card details. "For the past few months, the injections have been changed to look less suspicious than a long obfuscated script," security researcher Ben Martin said , noting the malware's attempt to masquerade as Google Analytics and Google Tag Manager. Specifically, it utilizes the same substitution mechanism employed in Caesar cipher to encode the malicious piece of code into a garbled string and conceal the external domain that's used to host the payload.
Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024

Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024

Jun 20, 2024 Endpoint Protection / Data Security
Highlights Complex Tool Landscape : Explore the wide array of cybersecurity tools used by MSPs, highlighting the common challenge of managing multiple systems that may overlap in functionality but lack integration. Top Cybersecurity Challenges : Discuss the main challenges MSPs face, including integration issues, limited visibility across systems, and the high cost and complexity of maintaining diverse tools. Effective Solutions and Strategies : Introduce strategic approaches and solutions, such as consolidating tools into unified platforms to enhance efficiency, reduce costs, and improve overall cybersecurity management. As MSPs continue to be the backbone of IT security for numerous businesses, the array of tools at their disposal has grown exponentially. However, this abundance of options isn't without its drawbacks. The challenge isn't just in choosing the right tools but in efficiently integrating and managing them to ensure seamless security coverage and operational efficiency
Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Jun 14, 2024
Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed, shared, and even used to train the next wave of AI. This creates a huge challenge: how do you secure such a vast, ever-changing landscape? That's why we've brought together a powerhouse panel of industry experts who have not only faced these challenges but conquered them. Join us for an exclusive webinar, " Data Security at the Petabyte Scale ," and gain insights from the best in the field: Shaun Marion: Former CISO of McDonald's, a global brand with data security demands on a massive scale. Robert Bigman: Former CISO at the CIA, where protecting classified information at the highest levels is paramount. Asaf Kochan: Former head of Unit 8200
New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

Jun 13, 2024 Vulnerability / Software Security
The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning (ML) models to corrupt the model itself, posing a severe supply chain risk to an organization's downstream customers. "Sleepy Pickle is a stealthy and novel attack technique that targets the ML model itself rather than the underlying system," security researcher Boyan Milanov said . While pickle is a widely used serialization format by ML libraries like PyTorch , it can be used to carry out arbitrary code execution attacks simply by loading a pickle file (i.e., during deserialization). "We suggest loading models from users and organizations you trust, relying on signed commits, and/or loading models from [TensorFlow] or Jax formats with the from_
Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

Jun 11, 2024 Data Theft / Cloud Security
As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the cloud data warehousing platform in its incident response efforts, is tracking the as-yet-unclassified activity cluster under the name UNC5537 , describing it as a financially motivated threat actor. "UNC5537 is systematically compromising Snowflake customer instances using stolen customer credentials, advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims," the threat intelligence firm said on Monday. "UNC5537 has targeted hundreds of organizations worldwide, and frequently extorts victims for financial gain. UNC5537 operates under various aliases on Telegram channels and cybercrime forums." There is evidence to suggest tha
Cybersecurity CPEs: Unraveling the What, Why & How

Cybersecurity CPEs: Unraveling the What, Why & How

Jun 10, 2024 Cybersecurity / Exposure Management
Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs are essentially units of measurement used to quantify the time and effort professionals spend on maintaining and enhancing skills and knowledge in the field of cybersecurity, and they act as points that demonstrate a commitment to staying current. CPEs are best understood in terms of other professions: just like medical, legal and even CPA certifications require continuing education to stay up-to-date on advancements and industry changes, cybersecurity professionals need CPEs to stay informed about the latest hacking tactics and defense strategies. CPE credits are crucial for maintaining certifications issued by various cybersecurity credentialing organizations, such as (ISC)², ISACA, and C
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

Jun 07, 2024 Ransomware / Endpoint Security
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov," FBI Cyber Division Assistant Director Bryan Vorndran said in a keynote address at the 2024 Boston Conference on Cyber Security (BCCS). LockBit, which was once a prolific ransomware gang, has been linked to over 2,400 attacks globally, with no less than 1,800 impacting entities in the U.S. Earlier this February, an international law enforcement operation dubbed Cronos led by the U.K. National Crime Agency (NCA) dismantled its online infrastructure. Last month, a 31-year-old Russian national named Dmitry Yuryevich Khoroshev was outed by authorities as the group's administrator and developer, a
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

Jun 05, 2024 Vulnerability / Data Security
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations. Impacted models include NAS326 running versions V5.21(AAZF.16)C0 and earlier, and NAS542 running versions V5.21(ABAG.13)C0 and earlier. The shortcomings have been resolved in versions V5.21(AAZF.17)C0 and V5.21(ABAG.14)C0, respectively. A brief description of the flaws is as follows - CVE-2024-29972 - A command injection vulnerability in the CGI program "remote_help-cgi" that could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request CVE-2024-29973 - A command injection vulnerability in the 'setCookie' parameter that could allow a
BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

May 29, 2024 Cyber Crime / Data Breach
The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow , Dark Web Informer , and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, who has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000. This includes full names, addresses, email addresses, phone numbers, ticket sales and event information, and the last four digits of credit cards and their associated expiration dates. However, in an interesting twist, visitors of the site are now being asked to sign up for an account in order to view the content. The development follows a joint law enforcement action that seized all the new domains belonging to BreachForums (breachforums[.]st/.cx/.is/.
4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets

4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets

May 28, 2024 Threat Exposure Management
You're probably familiar with the term "critical assets". These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If anything happens to these assets, such as application servers, databases, or privileged identities, the ramifications to your security posture can be severe.  But is every technology asset considered a critical asset? Moreover, is every technology asset considered a  business -critical asset? How much do we really know about the risks to our  business -critical assets?  Business-critical assets are the underlying technology assets of your business in general – and we all know that technology is just one of the 3 essential pillars needed for a successful business operation. In order to have complete cybersecurity governance, organizations should consider: 1) Technology, 2) Business processes, and 3) Key People. When these 3 pillars come together, organizations can begin to understand the
Are Your SaaS Backups as Secure as Your Production Data?

Are Your SaaS Backups as Secure as Your Production Data?

May 23, 2024 Encryption / Cloud Computing
Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could we get it back? All are valid and necessary conversations for technology organizations of all shapes and sizes. Still, the average company uses  400+ SaaS applications . The same report also uncovered that 56% of IT professionals aren't aware of their data backup responsibilities. This is alarming, given that 84% of survey respondents said at least 30% of their business-critical data lives inside SaaS applications.  SaaS data isn't like on-premises or cloud data because you have no ownership over the operating environment and far less ownership of the data itself. Due to those restrictions, creating automated backups, storing them in secure environments, and owning the restoration proces
Cybersecurity
Expert Insights
Cybersecurity Resources