#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

digital forensics | Breaking Cybersecurity News | The Hacker News

Category — digital forensics
Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

Sep 11, 2024 Cyber Crime / Hacking
The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six men, aged between 32 and 42, are suspected of being linked to a "global syndicate" that conducts malicious cyber activities. Pursuant to the operation, electronic devices and cash were seized. Among those apprehended includes a 42-year-old Chinese national from Bidadari Park Drive, who was found to be in possession of a laptop that contained credentials to access web servers used by known hacker groups. The identities of the threat actors were not disclosed. In addition, five laptops, six mobile phones, cash totaling more than S$24,000 (USD$18,400), and cryptocurrency worth approximately USD$850,000 were confiscated from th
Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group

Aug 23, 2024 Cyber Crime / Ransomware
A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021. Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit money laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to the U.S. as of this month. "Zolotarjovs is a member of a known cybercriminal organization that attacks computer systems of victims around the world," the U.S. Department of Justice (DoJ) said in a press release this week. "Among other things, the Russian cybercrime group steals victim data and threatens to release it unless the victim pays ransom in cryptocurrency. The group maintains a leaks and auction website that lists victim companies and offers stolen data for download." Zolotarjovs is believed to have been an active member of the e-crime group, engaging with ot
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Sep 09, 2024SaaS Security / Risk Management
Designed to be more than a one-time assessment— Wing Security's SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it's free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can't afford to overlook the constantly evolving risks in their SaaS ecosystems. New SaaS apps, shifting permissions, and emerging threats mean risks are always in motion. SaaS Pulse makes it easy to treat SaaS risk management as an ongoing practice, not just an occasional check-up. Security teams instantly get a real-time security "health" score, prioritized risks, contextualized threat insights, and the organization's app inventory—without setups or integrations. SaaS is a Moving Target SaaS stacks don't stand still. Business critical apps can easily slip into a state of vulnerability (i.e. supply chain attacks, account takeovers
Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details

Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details

Aug 21, 2024 Cyber Espionage / Threat Intelligence
In what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked data from their own computer, including details related to the clients, profit information, nicknames, phone numbers, and email addresses. Styx Stealer, a derivative of the Phemedrone Stealer , is capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency wallet information, cybersecurity company Check Point said in an analysis. It first emerged in April 2024. "Styx Stealer is most likely based on the source code of an old version of Phemedrone Stealer, which lacks some features found in newer versions such as sending reports to Telegram, report encryption, and more," the company noted . "However, the creator of Styx Stealer added some new features: auto-start, clipboard monitor and crypto-clipper, additional sandbox evasion, and anti-analysis techniques, and re-implemented sending dat
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

Jul 12, 2024 Malware / Cyber Attack
Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North America, Europe, and parts of Asia. "This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware," security researchers Vishwa Thothathri, Yijie Sui, Anmol Maurya, Uday Pratap Singh, and Brad Duncan said . DarkGate, which first emerged in 2018, has evolved into a malware-as-a-service (MaaS) offering used by a tightly controlled number of customers. It comes with capabilities to remotely control compromised hosts, execute code, mine cryptocurrency, launch reverse shells, and drop addit
Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

Jul 08, 2024 Dark Web / Cyber Crime
An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week. "A notable 4.2% had credentials for multiple sources, suggesting a higher likelihood of criminal behavior." Over the past few years, off-the-shelf info-stealer variants have become a pervasive and ubiquitous threat targeting various operating systems with an aim to siphon sensitive information such as credentials, cryptocurrency wallets, payment card data, and screenshots. This is evidenced in the rise of new stealer malware strains such as Kematian Stealer , Neptune Stealer , 0bj3ctivity , Poseidon (formerly RodStealer), Satanstealer , and StrelaStealer . Distribut
Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Mar 18, 2024 Cryptocurrency / Malspam
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called  AZORult  in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs researcher Jan Michael Alcantara  said  in a report published last week. The phishing campaign has not been attributed to a specific threat actor or group. The cybersecurity company described it as widespread in nature, carried out with an intent to collect sensitive data for selling them in underground forums. AZORult, also called PuffStealer and Ruzalto, is an  information stealer  first detected around 2016. It's typically distributed via phishing and malspam campaigns, trojanized installers for pirated software or media, and malvertising. Once installed, it's capable of gathering cr
DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

Mar 14, 2024 Malware / Cyber Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. "During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI) installers," Trend Micro  said . CVE-2024-21412 (CVSS score: 8.1) concerns an internet shortcut files security feature bypass vulnerability that permits an unauthenticated attacker to circumvent SmartScreen protections by tricking a victim into clicking on a specially crafted file. It was  fixed  by Microsoft as part of its Patch Tuesday updates for February 2024, but not before it was weaponized by a threat actor called  Water Hydra  (aka DarkCasino) to deliver the DarkMe malware in attacks targeting financial institutions. The latest finding
6 Steps to Accelerate Cybersecurity Incident Response

6 Steps to Accelerate Cybersecurity Incident Response

Nov 23, 2023 Incident Response / Endpoint Security
Modern security tools continue to improve in their ability to defend organizations' networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That's why it's essential that these teams not only have the right tools but also understand how to effectively respond to an incident. Resources like an  incident response template  can be customized to define a plan with roles and responsibilities, processes and an action item checklist. But preparations can't stop there. Teams must continuously train to adapt as threats rapidly evolve. Every security incident must be harnessed as an educational opportunity to help the organization better prepare for — or even prevent — future incidents. SANS Institute defines a framework with six steps to a successful IR. Preparation Identification Containment Eradication Recovery Lessons learned While these p
DFIR via XDR: How to expedite your investigations with a DFIRent approach

DFIR via XDR: How to expedite your investigations with a DFIRent approach

Apr 18, 2023 Incident Response / Digital Forensics
Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the picture. Before we dive into the details, let's first break down the main components of DFIR and define the differences between them. Digital Forensics vs Incident Response Digital forensics:  the practice of using scientific techniques and tools to identify, preserve, and analyze digital evidence from various sources, such as computers, smartphones, and other electronic devices, in a way that is admissible in a court of law. Incident response:  the process of responding to and managing the aftermath of a security breach or cyberattack. This involves identifying the nature and scope of the incident, containing the damage, eradicating the threat, and restoring the affected syst
The Incident Response Challenge 2020 — Results and Solutions Announced

The Incident Response Challenge 2020 — Results and Solutions Announced

Jul 08, 2020
In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as the top incident responders. Now that the competition is over (however, the challenge website is still open for anyone who wants to practice solving the challenges), Cynet makes the detailed solutions available as a free resource for knowledge and inspiration. Providing the thought process and detailed steps to solve each of the challenges will serve as a training aid and knowledge base for incident responders. The Fine Art of Forensic Investigation The core of any IR processes is the forensic investigation. It uncovers the critical path from the initial stage of suspicion or l
Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Jul 07, 2020
Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta , is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits , and other stealthy malware techniques such as process hiding . The project is named after Warsaw's Freta Street , the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I. "Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every us
The Incident Response Challenge 2020 — Win $5,000 Prize!

The Incident Response Challenge 2020 — Win $5,000 Prize!

Apr 21, 2020
Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts. The challenge is available on https://incident-response-challenge.com/ and is open to anyone willing to test his or her investigation skills, between April 21st and May 15th. What's more interesting is that there's a USD 5000 prize for the first-place winner of the challenge. Forensic investigation is at the core of any IR processes and provides the critical path from the initial stage of suspicion or limited attack view to the concrete and actionable knowledge on the attack's root cause and the impact that is essential for recovery and restore operations. The challenge of the incident responder is to identify and collect the scattered traces the attackers have left them and connect the dots to understand the how, what, and where of the atta
Expert Insights / Articles Videos
Cybersecurity Resources