#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacking news | Breaking Cybersecurity News | The Hacker News

Feds Shut Down 'Longest-Running' Andromeda Botnet

Feds Shut Down 'Longest-Running' Andromeda Botnet

Dec 04, 2017
In a coordinated International cyber operation, Europol with the help of international law enforcement agencies has taken down what it called "one of the longest-running malware families in existence" known as Andromeda. Andromeda , also known as Win32/Gamarue, is an infamous HTTP-based modular botnet that has been around for several years now, and infecting computers with it's malicious intentions ever since. The primary goal of Andromeda bot is to distribute other malware families for mass global malware attacks. The botnet has been associated with at least 80 malware families, and in the last six months, it was detected (or blocked) on an average of more than 1 million machines per month. Last year, law enforcement agencies took down the criminal infrastructure of the infamous Avalanche botnet in a similar massive international cyber operation. Avalanche botnet was used as a delivery platform to spread other malware families, including Andromeda. While in
Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests

Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests

Dec 04, 2017
The United States Department of Homeland Security (DHS) has recently accused Da-Jiang Innovations (DJI), one of the largest drone manufacturers, of sending sensitive information about U.S. infrastructure to China through its commercial drones and software. A copy memo from the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE) has begun circulating online more recently, alleging "with moderate confidence" that DJI drones may be sending US critical infrastructure and law enforcement data back to China. However, the bureau accessed "with high confidence" that this critical data collected by the DJI systems could then be used by the Chinese government to conduct physical or cyber attacks against the U.S. critical infrastructure and its population. The memo goes on to specify the targets the Chinese Government has been attempting to spy on, which includes rail systems, water systems, hazardous material storage facilities, and constructio
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
PayPal Subsidiary Data Breach Hits Up to 1.6 Million Customers

PayPal Subsidiary Data Breach Hits Up to 1.6 Million Customers

Dec 04, 2017
Global e-commerce business PayPal has disclosed a data breach that may have compromised personally identifiable information for roughly 1.6 million customers at a payment processing company PayPal acquired earlier this year. PayPal Holdings Inc. said Friday that a review of its recently acquired company TIO Networks showed evidence of unauthorized access to the company's network, including some confidential parts where the personal information of TIO's customers and customers of TIO billers stored. Acquired by PayPal for US$233 Million in July 2017, TIO Network is a cloud-based multi-channel bill payment processor and receivables management provider that serves the largest telecom, wireless, cable and utility bill issuers in North America. PayPal did not clear when or how the data breach incident took place, neither it revealed details about the types of information being stolen by the hackers, but the company did confirm that its platform and systems were not affecte
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Here's the NSA Employee Who Kept Top Secret Documents at Home

Here's the NSA Employee Who Kept Top Secret Documents at Home

Dec 02, 2017
A former employee—who worked for an elite hacking group operated by the U.S. National Security Agency—pleaded guilty on Friday to illegally taking classified documents home , which were later stolen by Russian hackers. In a press release published Friday, the US Justice Department announced that Nghia Hoang Pho , a 67-year-old of Ellicott City, Maryland, took documents that contained top-secret national information from the agency between 2010 and 2015. Pho, who worked as a developer for the Tailored Access Operations (TAO) hacking group at the NSA, reportedly moved the stolen classified documents and tools to his personal Windows computer at home, which was running Kaspersky Lab software. According to authorities, the Kaspersky Labs' antivirus software was allegedly used, one way or another, by Russian hackers to steal top-secret NSA documents and hacking exploits from Pho's home PC in 2015. "Beginning in 2010 and continuing through March 2015, Pho removed an
After 27-Year Sentence, Russian Hacker Faces Another 14 Years in Prison

After 27-Year Sentence, Russian Hacker Faces Another 14 Years in Prison

Dec 01, 2017
Roman Valerevich Seleznev , the son of a prominent Russian lawmaker who's already facing a 27-year prison sentence in the United States, has been handed another 14-year prison sentence for his role in an "organized cybercrime ring" that caused $59 Million in damages across the US. In April this year, Seleznev, the 33-year-old son of a Russian Parliament member of the nationalist Liberal Democratic Party (LDPR), was sentenced to 27 years in prison for payment card fraud, causing nearly $170 million in damages to small business and financial institutions in the US. The sentence was so far the longest sentence ever imposed in the United States for a hacking-related case. Now, after pleading guilty in two criminal cases stemming from a hacking probe in September, Seleznev Thursday  received another 14-year prison sentence for racketeering in Nevada and another 14 years for conspiracy to commit bank fraud charges in Georgia. The sentences will run concurrently to
Google to Block Third-Party Software from Injecting Code into Chrome Browser

Google to Block Third-Party Software from Injecting Code into Chrome Browser

Dec 01, 2017
To improve performance and reduce crashes caused by third-party software on Windows, Google Chrome, by mid-2018, will no longer allow outside applications to run code within its web browser. If you are unaware, many third-party applications, like accessibility or antivirus software, inject code into your web browser for gaining more control over your online activities in order to offer some additional features and function properly. However, Google notes that over 15 percent of Chrome users running third-party applications on their Windows machines that inject code into their web browsers experience crashes—and trust me it's really annoying. But don't you worry. Google now has a solution to this issue. In a blog post published Thursday on Chromium Blog, Google announced its plan to block third-party software from injecting code into Chrome—and these changes will take place in three steps: April 2018 — With the release of Chrome 66, Google will begin informing use
Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser

Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser

Nov 30, 2017
Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser. Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor's PC to mine Bitcoin or other cryptocurrencies. After the world's most popular torrent download website, The Pirate Bay , caught secretly  using Coinhive , a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads. However, websites using such crypto-miner services can mine cryptocurrencies as long as you're on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining. Un
Hackers Exploit Recently Disclosed Microsoft Office Bug to Backdoor PCs

Hackers Exploit Recently Disclosed Microsoft Office Bug to Backdoor PCs

Nov 29, 2017
A recently disclosed severe 17-year-old vulnerability in Microsoft Office that lets hackers install malware on targeted computers without user interaction is now being exploited in the wild to distribute a backdoor malware. First spotted by researchers at security firm Fortinet , the malware has been dubbed Cobalt because it uses a component from a powerful and legitimate penetration testing tool, called Cobalt Strike . Cobalt Strike is a form of software developed for Red Team Operations and Adversary Simulations for accessing covert channels of a system. The vulnerability (CVE-2017-11882) that Cobalt malware utilizes to deliver the backdoor is a memory-corruption issue that allows unauthenticated, remote attackers to execute malicious code on the targeted system when opened a malicious file and potentially take full control over it. This vulnerability impacts all versions of Microsoft Office and Windows operating system, though Microsoft has already released a patch upda
22-Year-Old Hacker Pleads Guilty to 2014 Yahoo Hack, Admits Helping Russian Intelligence

22-Year-Old Hacker Pleads Guilty to 2014 Yahoo Hack, Admits Helping Russian Intelligence

Nov 29, 2017
Karim Baratov , a 22-year-old Kazakhstan-born Canadian citizen, has pleaded guilty to hacking charges over his involvement in massive 2014 Yahoo data breach that affected all three billion yahoo accounts . In March, the US Justice Department announced charges against two Russian intelligence officers (Dmitry Dokuchaev and Igor Sushchin) from Russia's Federal Security Service (FSB) and two hackers (Alexsey Belan and Karim Baratov) for breaking into yahoo servers in 2014. While Karim Baratov (Kay, a.k.a Karim Taloverov, a.k.a Karim Akehmet Tokbergenov) was arrested in Toronto at his Ancaster home by the Toronto Police Department in March this year, Alexsey Belan and both FSB officers currently reside in Russia, unlikely to be extradited. In the federal district court in San Francisco on Tuesday, Baratov admitted to helping the Russian spies and pleaded guilty to a total of nine counts which includes: One count of conspiring to violate the Computer Fraud and Abuse Act by
macOS High Sierra Bug Lets Anyone Gain Root Access Without a Password

macOS High Sierra Bug Lets Anyone Gain Root Access Without a Password

Nov 29, 2017
If you own a Mac computer and run the latest version of Apple's operating system, macOS High Sierra, then you need to be extra careful with your computer. A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk. Discovered by developer Lemi Orhan Ergin on Tuesday, the vulnerability only requires anyone with physical access to the target macOS machine to enter "root" into the username field, leave the password blank, and hit the Enter a few times—and Voila! In simple words, the flaw allows an unauthorized user that gets physical access on a target computer to immediately gain the highest level of access to the computer, known as "root," without actually typing any password. Needless to say, this blindingly easy Mac exploit really scary stuff. This vulner
New Mirai Botnet Variant Found Targeting ZyXEL Devices In Argentina

New Mirai Botnet Variant Found Targeting ZyXEL Devices In Argentina

Nov 28, 2017
While tracking botnet activity on their honeypot traffic, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new variant of Mirai —the well known IoT botnet malware that wreaked havoc last year. Last week, researchers noticed an increase in traffic scanning ports 2323 and 23 from hundreds of thousands of unique IP addresses from Argentina in less than a day. The targeted port scans are actively looking for vulnerable internet-connected devices manufactured by ZyXEL Communications using two default telnet credential combinations— admin/CentryL1nk and admin/QwestM0dem —to gain root privileges on the targeted devices. Researchers believe (instead "quite confident") this ongoing campaign is part of a new Mirai variant that has been upgraded to exploit a newly released vulnerability (identified as CVE-2016-10401 ) in ZyXEL PK5001Z modems. "ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes it easier for rem
Google Detects Android Spyware That Spies On WhatsApp, Skype Calls

Google Detects Android Spyware That Spies On WhatsApp, Skype Calls

Nov 28, 2017
In an attempt to protect Android users from malware and shady apps, Google has been continuously working to detect and remove malicious apps from your devices using its newly launched Google Play Protect service. Google Play Protect —a security feature that uses machine learning and app usage analysis to check devices for potentially harmful apps—recently helped Google researchers to identify a new deceptive family of Android spyware that was stealing a whole lot of information on users. Discovered on targeted devices in African countries, Tizi is a fully-featured Android backdoor with rooting capabilities that installs spyware apps on victims' devices to steal sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram. "The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities," Google said in
U.S. Charges Three Chinese Hackers for Hacking Siemens, Trimble & Moody

U.S. Charges Three Chinese Hackers for Hacking Siemens, Trimble & Moody

Nov 28, 2017
The United States Justice Department has charged three Chinese nationals for allegedly hacking Moody's Analytics economist, German electronics manufacturer Siemens, and GPS maker Trimble, and stealing gigabytes of sensitive data and trade secrets. According to an indictment unsealed Monday in federal court in Pittsburgh, Pennsylvania, the three men worked for a Chinese cybersecurity company, Guangzhou Bo Yu Information Technology Company Limited ( Boyusec ), previously linked to China's Ministry of State Security. Earlier this year, security researchers also linked Boyusec to one of the active Chinese government-sponsored espionage groups, called Advanced Persistent Threat 3 (or APT3 ), which is also known as Gothic Panda, UPS Team, Buckeye, and TG-0110. In 2013, APT3 allegedly stole the blueprints for ASIO's new Canberra building using a piece of malware that was uploaded to an ASIO employee's laptop. According to the indictment, the three Chinese nationals
Feds Seize Over 20,500 Domain Names For Selling Counterfeit Products

Feds Seize Over 20,500 Domain Names For Selling Counterfeit Products

Nov 27, 2017
In a coordinated International cyber operation, law enforcement agencies have seized over 20,520 website domains for illegally selling counterfeit products, including luxury products, sportswear, electronics, pharmaceuticals and online piracy on e-commerce platforms and social networks. Counterfeiting is a form of trademark infringement that involves the manufacturing and/or distribution of fake lookalike branded products with a primary purpose to confuse or dupe consumers into buying them. The operation, dubbed " In Our Sites (Project TransAtlantic VIII) ," was conducted by Europol in association with the Interpol, the US National Intellectual Property Rights Coordination Centre (NIPRCC), FBI, Department of Justice (DOJ), and law enforcement authorities from 27 European Member States. Counterfeit goods are a huge business, as the International Trademark Association suggested that around $460 billion worth of counterfeit goods were bought and sold last year alone.
Gladius Shows Promise in Utilizing Blockchain Tech to Fight Hackers

Gladius Shows Promise in Utilizing Blockchain Tech to Fight Hackers

Nov 27, 2017
Image Credit: Pixelbay Blockchain startups are cropping up left and right aiming to disrupt existing services and business models. These range from the trivial to potentially game-changing solutions that can revolutionize the internet as we know it. Among those that promise to change the world, most are attempting to reconstruct the entire internet infrastructure into something that is decentralized, secure, scalable, and tokenized. There are also those that aim to solve the most significant problems plaguing the digital world, particularly potentially costly and tedious security issues. We do not lack for dangers, ranging from data breaches to denial-of-service attacks, and other hacks. For the most part, there are capable SaaS and software-defined services that are capable enough in addressing the threats that involve malware and DDoS. However, blockchains offer much much more. The plague of DDoS Distributed denial-of-service or DDoS attacks involve a malicious hacke
Another Facebook Bug Allowed Anyone to Delete Your Photos

Another Facebook Bug Allowed Anyone to Delete Your Photos

Nov 27, 2017
If you think a website whose value is more than $500 billion does not have any vulnerability in it, then you are wrong. Pouya Darabi, an Iranian web developer, discovered and reported a critical yet straightforward vulnerability in Facebook earlier this month that could have allowed anyone to delete any photo from the social media platform. The vulnerability resides in Facebook's new Poll feature, launched by the social media giant earlier this month, for posting polls that include images and GIF animations. Darabi analyzed the feature and found that when creating a new poll, anyone can easily replace the image ID (or gif URL) in the request sent to the Facebook server with the image ID of any photo on the social media network. Now, after sending the request with another user image ID (uploaded by someone else), that photo would appear in the poll. "Whenever a user tries to create a poll, a request containing gif URL or image id will be sent, poll_question_data[
Exim Internet Mailer Found Vulnerable to RCE And DoS Bugs; Patch Now

Exim Internet Mailer Found Vulnerable to RCE And DoS Bugs; Patch Now

Nov 27, 2017
A security researcher has discovered and publicly disclosed two critical vulnerabilities in the popular Internet mail message transfer agent Exim , one of which could allow a remote attacker to execute malicious code on the targeted server. Exim is an open source mail transfer agent (MTA) developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which is responsible for routing, delivering and receiving email messages. The first vulnerability, identified as CVE-2017-16943 , is a use-after-free bug which could be exploited to remotely execute arbitrary code in the SMTP server by crafting a sequence of BDAT commands. "To trigger this bug, BDAT command is necessary to perform an allocation by raising an error," the researcher said. "Through our research, we confirm that this vulnerability can be exploited to remote code execution if the binary is not compiled with PIE." The researcher ( mehqq_ ) has also published a Proof-of-Concept (PoC)
Imgur—Popular Image Sharing Site Was Hacked In 2014; Passwords Compromised

Imgur—Popular Image Sharing Site Was Hacked In 2014; Passwords Compromised

Nov 25, 2017
Only after a few days of Uber admitting last year's data breach of 57 million customers , the popular image sharing site disclosed that it had suffered a major data breach in 2014 that compromised email addresses and passwords of 1.7 million user accounts. In a blog post published on Friday, Imgur claimed that the company had been notified of a three-year-old data breach on November 23 when a security researcher emailed the company after being sent the stolen data. Imgur Chief Operating Officer (COO) then alerted the company's founder and the Vice President of Engineering to the issue before began working to validate that the data belonged to Imgur users. After completing the data validation, the company confirmed Friday morning that the 2014 data breach impacted approximately 1.7 million Imgur user accounts (a small fraction of its 150 million user base) and that the compromised information included only email addresses and passwords. Since Imgur has never asked fo
MS Office Built-In Feature Could be Exploited to Create Self-Replicating Malware

MS Office Built-In Feature Could be Exploited to Create Self-Replicating Malware

Nov 23, 2017
Earlier this month a cybersecurity researcher shared details of a security loophole with The Hacker News that affects all versions of Microsoft Office, allowing malicious actors to create and spread macro-based self-replicating malware. Macro-based self-replicating malware, which basically allows a macro to write more macros, is not new among hackers, but to prevent such threats, Microsoft has already introduced a security mechanism in MS Office that by default limits this functionality. Lino Antonio Buono, an Italian security researcher who works at InTheCyber , reported a simple technique (detailed below) that could allow anyone to bypass the security control put in place by Microsoft and create self-replicating malware hidden behind innocent-looking MS Word documents. What's Worse? Microsoft refused to consider this issue a security loophole when contacted by the researcher in October this year, saying it's a feature intended to work this way only—just like MS Offic
Cybersecurity Resources