hacking news | Breaking Cybersecurity News | The Hacker News

Although the original creators of the infamous IoT malware Mirai have already been arrested and sent to jail, the variants of the notorious botnet are still in the game due to the availability of its source code on the Internet. Hackers have widely used the infamous IoT malware to quietly amass an army of unsecured internet-of-things devices , including home and office routers, that could be used at any time by hackers to launch Internet-paralyzing DDoS attacks . Another variant of Mirai has hit once again, propagating rapidly by exploiting a zero-day vulnerability in a Huawei home router model. Dubbed Satori (also known as Okiru), the Mirai variant has been targeting Huawei's router model HG532, as Check Point security researchers said they tracked hundreds of thousands of attempts to exploit a vulnerability in the router model in the wild. Identified initially by Check Point researchers late November, Satori was found infecting more than 200,000 IP addresses in just

While continuing its crackdown on services that help Chinese citizens to bypass Great Firewall, Chinese authorities have sentenced a man to five-and-a-half years in prison for selling a VPN service without obtaining a proper license from the government. Earlier this year, the Chinese government announced a ban on "unauthorized" VPN services , making it mandatory for companies to obtain an appropriate license from the government in order to operate in the country. Citizens in China usually make use of VPN and Proxy services to bypass the country's Great Firewall, also known as the Golden Shield project, which employs a variety of tricks to censor the Internet in the country. The Great Firewall project already blocked access to more than 150 out of the world's 1,000 top websites, which includes Google, Facebook, Twitter, Dropbox, Tumblr, and The Pirate Bay in the country. VPN helps Chinese citizens encrypt their Internet traffic and route it through a distant c

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

If you receive a video file ( packed in zip archive ) sent by someone ( or your friends ) on your Facebook messenger — just don't click on it. Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices. Dubbed Digmine , the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name "video_xxxx.zip" (as shown in the screenshot), but is actually contains an AutoIt executable script. Once clicked, the malware infects victim's computer and downloads its components and related configuration files from a remote command-and-control (C&C) server. Digimine primarily installs a cryptocurrency miner, i.e.  miner.exe—a modified version of an open-source Monero miner known as XMRig —which silently mines the Monero cryptocurrency in the background for h

It's the last month of this year, but possibly not the last data breach report. Nissan warns of a possible data breach of personal information on its customers who financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada. Although the company says it does not know precisely how many customers were affected by the data breach, Nissan is contacting all of its roughly 1.13 million current and previous customers. In a statement released Thursday, Nissan Canada said the company became aware of an " unauthorized access to personal information " of some customers on December 11. " Nissan Canada Finance recently became aware it was the victim of a data breach that may have involved an unauthorized person(s) gaining access to the personal information of some customers that have financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada, " the company said . It's believed that the unkno

Security researchers have discovered multiple attack campaigns conducted by an established Chinese criminal group that operates worldwide, targeting database servers for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The researchers from security firm GuardiCore Labs have analyzed thousands of attacks launched in recent months and identified at least three attack variants— Hex, Hanako, and Taylor —targeting different MS SQL and MySQL servers for both Windows and Linux. The goals of all the three variants are different—Hex installs cryptocurrency miners and remote access trojans (RATs) on infected machines, Taylor installs a keylogger and a backdoor, and Hanako uses infected devices to build a DDoS botnet. So far, researchers have recorded hundreds of Hex and Hanako attacks and tens of thousands of Taylor attacks each month and found that most compromised machines are based in China, and some in Thailand, the United States, Japan and others.

Romanian police have arrested five individuals suspected of infecting tens of thousands of computers across Europe and the United States in recent years by spreading two infamous ransomware families—Cerber and CTB Locker. Under Operation Bakovia —a major global police operation conducted by Europol, the FBI and law enforcement agencies from Romanian, Dutch, and the UK—raided six houses in East Romania and made five arrests, Europol said on Wednesday. Authorities have seized a significant amount of hard drives, external storage, laptops, cryptocurrency mining devices, numerous documents and hundreds of SIM cards during the raid. One thing to note is that all of the five suspects were not arrested for developing or maintaining the infamous ransomware strains, but for allegedly spreading CTB Locker and Cerber. Based on CryptoLocker, CTB Locker , aka Critroni, was the most widely spread ransomware families in 2016 and was the first ransomware to use the Tor anonymizing network

Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors. One such incident happened recently when the renowned developer BestWebSoft sold a popular Captcha WordPress plugin to an undisclosed buyer, who then modified the plugin to download and install a hidden backdoor. In a blog post published on Tuesday, WordFence security firm revealed why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store. While reviewing the source code of the Captcha plugin, WordFence folks found a severe backdoor that could allow the plugin author or attackers to remotely gain administrative access to WordPress websites without requiring any authentication. The plugin was configured to automatically pull an updated "backdoored" version from a remote URL — https[://]simplywordpress[dot]net/captcha/captcha_pro_update.php — after installati

Due to the recent surge in cryptocurrency prices, not only hackers but also legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of your PC to mine Bitcoin or other cryptocurrencies. Just last week, researchers from AdGuard discovered that some popular video streaming and ripper sites including openload, Streamango, Rapidvideo, and OnlineVideoConverter hijacks CPU cycles from their over hundreds of millions of visitors for mining Monero cryptocurrency. Now, researchers from Moscow-based cyber security firm Kaspersky Lab have uncovered a new strain of Android malware lurking in fake anti-virus and porn applications, which is capable of performing a plethora of nefarious activities—from mining cryptocurrencies to launching Distributed Denial of Service (DDoS) attacks. Dubbed Loapi , the new Android Trojan can perform so many more malicious activities at a time that can exploit a handset to the e

Moscow-based cyber security firm Kaspersky Lab has taken the United States government to a U.S. federal court for its decision to ban the use of Kaspersky products in federal agencies and departments. In September 2017, the United States Department of Homeland Security (DHS) issued a Binding Operational Directive (BOD) ordering civilian government agencies to remove Kaspersky Lab software from their computers and networks within 90 days. The order came amid mounting concern among United States officials that the Kaspersky antivirus software could be helping Russian government spy on their activities, which may threaten the U.S. national security. U.S. President Donald Trump also signed into law last week legislation that bans the use of Kaspersky products within the U.S. government, capping a months-long effort to purge Kaspersky from federal agencies amid concerns it's vulnerable to Kremlin influence. The Kaspersky's appeal is part of an ongoing campaign by the c

One of the most common network security solutions is the branch firewall. Branch firewall appliances can pack into a single device a wide range of security capabilities including a stateful or next-generation firewall, anti-virus, URL filtering, and IDS/IPS. But the reality is that most of these edge devices lack the processing power to apply the full scope of capabilities on all of the necessary traffic. If the firewall deployed in the branch cannot scale to address critical security needs, an alternative strategy must be used. Wholesale appliance upgrades are easy but expensive. Regional security hubs are complex and also costly. A new approach, called firewall bursting , leverages cloud scalability to offer an easier, more cost-effective alternative to branch office security. (You can find a great table comparing the different Firewall approaches here .) Costly Appliance Upgrades and Secure Hub Architectures The existing methods of evolving branch security force IT int

Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a popular internet forum software—vBulletin—one of which could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. vBulletin is a widely used proprietary Internet forum software package based on PHP and MySQL database server. It powers more than 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. The vulnerabilities were discovered by a security researcher from Italy-based security firm TRUEL IT and an unknown independent security researcher, who disclosed the details of the vulnerabilities by Beyond Security's SecuriTeam Secure Disclosure program. The vulnerabilities affect version 5 of the vBulletin forum software and are currently unpatched. Beyond Security claims, it tried to contact vBulletin since November 21, 2017, but received no response from the compa

If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users' permission. According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network. Ormandy was not the only one who noticed the Keeper Password Manager. Some Reddit users complained about the hidden password manager about six months ago, one of which reported Keeper being installed on a virtual machine created with Windows 10 Pro. Critical Flaw In Keeper Pas

Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected. Researchers from the Mandiant division of security firm FireEye published a report on Thursday, suggesting state-sponsored attackers used the Triton malware to cause physical damage to an organization. Neither the targeted organization name has been disclosed by the researchers nor they have linked the attack to any known nation-state hacking group. According to separate research conducted by ICS cybersecurity firm Dragos, which calls this malware "

Net neutrality is DEAD —3 out of 5 federal regulators voted Thursday to hand control of the future of the Internet to cable and telecommunication companies, giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs) to treat all services and websites on the Internet equally and prohibit them from blocking sites or charging for higher-quality service. This action repeals the FCC's 2015 Open Internet Order decision taken during the Obama administration. What is Net Neutrality and Why Is It Important? Net Neutrality is simply Internet Freedom—Free, Fast and Open Internet for all. In other words, Net Neutrality is the principle that governs ISPs to give consumers access to all and every content on an equal basis, treating all Internet traffic equally. Today, if there's something that ma

Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months. The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take full control of the device, placing millions of people who've signed up to DirecTV service at risk. The vulnerability actually resides in WVBR0-25 —a Linux-powered wireless video bridge manufactured by Linksys that AT&T provides to its new customers. DirecTV Wireless Video Bridge WVBR0-25 allows the main Genie DVR to communicate over the air with customers' Genie client boxes (up to 8) that are plugged into their TVs around the home. Trend Micro researcher Ricky Lawshae, who is also a DirecTV customer, decided to take a closer look at the device and found that Linksy

The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks last year. According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old Washington) and Dalton Norman (21-year-old from Louisiana) were indicted by an Alaska court last week on multiple charges for their role in massive cyber attacks conducted using Mirai botnet. Mirai is a piece of nasty IoT malware that scans for insecure routers, cameras, DVRs, and other Internet of Things devices which are still using their default passwords and then add them into a botnet network, which is then used to launch DDoS attacks on websites and Internet infrastructure. According to his plea agreement, Jha " conspired to conduct DDoS attacks against websites and web ho

Even after so many efforts by Google like launching bug bounty program and preventing apps from using Android accessibility services , malicious applications somehow manage to get into Play Store and infect people with malicious software. The same happened once again when security researchers discovered at least 85 applications in Google Play Store that were designed to steal credentials from users of Russian-based social network VK.com and were successfully downloaded millions of times. The most popular of all masqueraded as a gaming app with more than a million downloads. When this app was initially submitted in March 2017, it was just a gaming app without any malicious code, according to a blog post published Tuesday by Kaspersky Lab. However, after waiting for more than seven months, the malicious actors behind the app updated it with information-stealing capabilities in October 2017. Besides this gaming app, the Kaspersky researchers found 84 such apps on Google Play