#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

digital forensics | Breaking Cybersecurity News | The Hacker News

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Mar 18, 2024 Cryptocurrency / Malspam
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called  AZORult  in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs researcher Jan Michael Alcantara  said  in a report published last week. The phishing campaign has not been attributed to a specific threat actor or group. The cybersecurity company described it as widespread in nature, carried out with an intent to collect sensitive data for selling them in underground forums. AZORult, also called PuffStealer and Ruzalto, is an  information stealer  first detected around 2016. It's typically distributed via phishing and malspam campaigns, trojanized installers for pirated software or media, and malvertising. Once installed, it's capable of gathering cr
DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

Mar 14, 2024 Malware / Cyber Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. "During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI) installers," Trend Micro  said . CVE-2024-21412 (CVSS score: 8.1) concerns an internet shortcut files security feature bypass vulnerability that permits an unauthenticated attacker to circumvent SmartScreen protections by tricking a victim into clicking on a specially crafted file. It was  fixed  by Microsoft as part of its Patch Tuesday updates for February 2024, but not before it was weaponized by a threat actor called  Water Hydra  (aka DarkCasino) to deliver the DarkMe malware in attacks targeting financial institutions. The latest finding
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
6 Steps to Accelerate Cybersecurity Incident Response

6 Steps to Accelerate Cybersecurity Incident Response

Nov 23, 2023 Incident Response / Endpoint Security
Modern security tools continue to improve in their ability to defend organizations' networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That's why it's essential that these teams not only have the right tools but also understand how to effectively respond to an incident. Resources like an  incident response template  can be customized to define a plan with roles and responsibilities, processes and an action item checklist. But preparations can't stop there. Teams must continuously train to adapt as threats rapidly evolve. Every security incident must be harnessed as an educational opportunity to help the organization better prepare for — or even prevent — future incidents. SANS Institute defines a framework with six steps to a successful IR. Preparation Identification Containment Eradication Recovery Lessons learned While these p
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
DFIR via XDR: How to expedite your investigations with a DFIRent approach

DFIR via XDR: How to expedite your investigations with a DFIRent approach

Apr 18, 2023 Incident Response / Digital Forensics
Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the picture. Before we dive into the details, let's first break down the main components of DFIR and define the differences between them. Digital Forensics vs Incident Response Digital forensics:  the practice of using scientific techniques and tools to identify, preserve, and analyze digital evidence from various sources, such as computers, smartphones, and other electronic devices, in a way that is admissible in a court of law. Incident response:  the process of responding to and managing the aftermath of a security breach or cyberattack. This involves identifying the nature and scope of the incident, containing the damage, eradicating the threat, and restoring the affected syst
The Incident Response Challenge 2020 — Results and Solutions Announced

The Incident Response Challenge 2020 — Results and Solutions Announced

Jul 08, 2020
In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as the top incident responders. Now that the competition is over (however, the challenge website is still open for anyone who wants to practice solving the challenges), Cynet makes the detailed solutions available as a free resource for knowledge and inspiration. Providing the thought process and detailed steps to solve each of the challenges will serve as a training aid and knowledge base for incident responders. The Fine Art of Forensic Investigation The core of any IR processes is the forensic investigation. It uncovers the critical path from the initial stage of suspicion or l
Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Jul 07, 2020
Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta , is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits , and other stealthy malware techniques such as process hiding . The project is named after Warsaw's Freta Street , the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I. "Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every us
The Incident Response Challenge 2020 — Win $5,000 Prize!

The Incident Response Challenge 2020 — Win $5,000 Prize!

Apr 21, 2020
Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts. The challenge is available on https://incident-response-challenge.com/ and is open to anyone willing to test his or her investigation skills, between April 21st and May 15th. What's more interesting is that there's a USD 5000 prize for the first-place winner of the challenge. Forensic investigation is at the core of any IR processes and provides the critical path from the initial stage of suspicion or limited attack view to the concrete and actionable knowledge on the attack's root cause and the impact that is essential for recovery and restore operations. The challenge of the incident responder is to identify and collect the scattered traces the attackers have left them and connect the dots to understand the how, what, and where of the atta
Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

Aug 03, 2017
The cyber criminals behind the global WannaCry ransomware attack that caused chaos worldwide have finally cashed out their ransom payments. Nearly three months ago, the WannaCry ransomware shut down hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of computers in more than 150 countries, encrypting files and then charging victims $300-$600 for the keys. WannaCry was really bad, as the nasty ransomware forced the British NHS (National Health Service) to shut down hospitals and doctor's surgeries, and infected a Spanish telecommunications company and Russian mobile operator, among much more. Even a month after the outbreak, the WannaCry ransomware was found infecting systems at Honda Motor Company , forcing the factory to shut down its production, and 55 speed and traffic light cameras in Victoria, Australia. Overall, the hackers behind WannaCry made $140,000 in Bitcoins from the victims who paid for the decryption keys—but for
WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China

WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China

Mar 31, 2017
WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran. Dubbed " Marble ," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware. The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation. The leaked files indicate that the Marble's source code includes Chinese, Russian, Korean, Arabic and Farsi languages, as well as English, which shows that the CIA has engaged in clever hacking games. "Marble is used to hamper[ing] forensic investigators and anti-virus companies from attributin
Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Jan 12, 2017
The company that sells digital forensics and mobile hacking tools to others has itself been hacked. Israeli firm Cellebrite , the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker. But the hacker has not yet publicly released anything from the stolen data archive, which includes its customer information, user databases, and a massive amount of technical data regarding its hacking tools and products. Instead, attackers are looking for possible opportunities to sell the access to Cellebrite system and data on a few selected IRC chat rooms, the hacker told Joseph Cox, contributor at Motherboard , who was contacted by the hacker and received a copy of the stolen data. Meanwhile, Cellebrite also admitted that it recently experienced "unauthorized access to an external web server," and said that it is "conducting an investigation
Photos On Dark Web Reveal Geo-locations Of 229 Drug Dealers — Here's How

Photos On Dark Web Reveal Geo-locations Of 229 Drug Dealers — Here's How

Sep 21, 2016
It's a Fact! No matter how smart the criminals are, they always leave some trace behind. Two Harvard students have unmasked around 229 drug and weapon dealers with the help of pictures taken by criminals and used in advertisements placed on dark web markets. Do you know each image contains a range of additional hidden data stored within it that can be a treasure to the investigators fighting criminals? Yeah it's true — "A picture is worth a thousand words." Digital images come with basic metadata, as well as EXIF data that contains information about the device with which it was taken. EXIF, stands for " Exchangeable Image File Format ," may contain image dimensions, date and time (when it was originally taken and modified), the model of camera and its settings, information about the software used for editing, it's creator and copyright information, as well as GPS co-ordinates of the location where the photo was taken. If a criminal, let's say a
FBI may have found a New Way to Unlock Shooter's iPhone without Apple

FBI may have found a New Way to Unlock Shooter's iPhone without Apple

Mar 22, 2016
There's more coming to the high-profile Apple vs. FBI case. The Federal Bureau of Investigation (FBI) might not need Apple's assistance to unlock iPhone 5C  that belonged to San Bernardino shooter, Syed Rizwan Farook. If you have followed the San Bernardino case closely, you probably know everything about the ongoing encryption battle between the FBI and Apple. In short, the US Department of Justice (DOJ) wants Apple to help the FBI create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple, meanwhile, is evident on its part , saying that the FBI wants the company to effectively create the " software equivalent of cancer " that would likely open up all iPhones to malicious hackers. FBI to Apple: We'll Unlock iPhone by Our Own Now the Feds say they may be able to crack the iPhone without the Apple's assistance after all. In a court filing [ PDF ] submitted on Mo
Cybersecurity Resources