#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacking news | Breaking Cybersecurity News | The Hacker News

Beware! Undetectable CrossRAT malware targets Windows, MacOS, and Linux systems

Beware! Undetectable CrossRAT malware targets Windows, MacOS, and Linux systems

Jan 25, 2018
Are you using Linux or Mac OS? If you think your system is not prone to viruses, then you should read this. Wide-range of cybercriminals are now using a new piece of 'undetectable' spying malware that targets Windows, macOS, Solaris and Linux systems. Just last week we published a detailed article on the report from EFF/Lookout that revealed a new advanced persistent threat (APT) group, called Dark Caracal , engaged in global mobile espionage campaigns. Although the report revealed about the group's successful large-scale hacking operations against mobile phones rather than computers, it also shed light on a new piece of cross-platform malware called CrossRAT (version 0.1), which is believed to be developed by, or for, the Dark Caracal group. CrossRAT is a cross-platform remote access Trojan that can target all four popular desktop operating systems, Windows, Solaris, Linux, and macOS, enabling remote attackers to manipulate the file system, take screenshots, ru
Yikes! Three armed men tried to rob a Bitcoin Exchange in Canada

Yikes! Three armed men tried to rob a Bitcoin Exchange in Canada

Jan 25, 2018
As many non-tech savvy people think that Bitcoin looks like a Gold coin as illustrated in many stock images, perhaps these robbers also planned to rob a cryptocurrency exchange thinking that way. All jokes apart, we saw one such attempt on Tuesday morning, when three men armed with handguns entered the offices of a Canadian Bitcoin exchange in Ottawa, and restrained four of its employees. The intruders then struck one of the employees in the head with a handgun, asking them to make an outbound transaction from the cryptocurrency exchange. A fifth employee in another cabin, who remained unseen in an office, called the police before any assets could be taken, and the robbers left empty-handed. One of the suspects arrested later Wednesday after arriving police officers saw him run into a ravine north of Colonnade Road and deployed "extensive resources," including K-9 unit officers, to find him, CBC News reports . "Police are looking for two additional suspects,
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

Jan 24, 2018
A critical remote code execution vulnerability has been reported in Electron —a popular web application framework that powers thousands of widely-used desktop applications including Skype, Signal, Wordpress and Slack—that allows for remote code execution. Electron is an open-source framework that is based on Node.js and Chromium Engine and allows app developers to build cross-platform native desktop applications for Windows, macOS and Linux, without knowledge of programming languages used for each platform. The vulnerability, assigned as the number CVE-2018-1000006, affects only those apps that run on Microsoft Windows and register themselves as the default handler for a protocol like myapp://. "Such apps can be affected regardless of how the protocol is registered, e.g. using native code, the Windows registry, or Electron's app.setAsDefaultProtocolClient API," Electron says in an advisory published Monday. The Electron team has also confirmed that applications
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Critical Flaw in All Blizzard Games Could Let Hackers Hijack Millions of PCs

Critical Flaw in All Blizzard Games Could Let Hackers Hijack Millions of PCs

Jan 23, 2018
A Google security researcher has discovered a severe vulnerability in Blizzard games that could allow remote attackers to run malicious code on gamers' computers. Played every month by half a billion users—World of Warcraft, Overwatch, Diablo III, Hearthstone and Starcraft II are popular online games created by Blizzard Entertainment . To play Blizzard games online using web browsers, users need to install a game client application, called ' Blizzard Update Agent ,' onto their systems that run JSON-RPC server over HTTP protocol on port 1120, and " accepts commands to install, uninstall, change settings, update and other maintenance related options. " Google's Project Zero team researcher Tavis Ormandy discovered that the Blizzard Update Agent is vulnerable to a hacking technique called the " DNS Rebinding " attack that allows any website to act as a bridge between the external server and your localhost. Just last week, Ormandy revealed a simi
Nearly Half of the Norway Population Exposed in HealthCare Data Breach

Nearly Half of the Norway Population Exposed in HealthCare Data Breach

Jan 22, 2018
Cybercriminals have stolen a massive trove of Norway's healthcare data in a recent data breach, which likely impacts more than half of the nation's population. An unknown hacker or group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stolen personal info and health records of some 2.9 million Norwegians out of the country's total 5.2 million inhabitants. Health South-East RHA is a healthcare organisation that manages hospitals in Norway's southeast region, including Østfold, Akershus, Oslo, Hedmark, Oppland, Buskerud, Vestfold, Telemark, Aust-Agder and Vest-Agder. The healthcare organisation announced the data breach on Monday after it had been alerted by HelseCERT, the Norwegian CERT department for its healthcare sector, about an "abnormal activity" against computer systems in the region. HelseCERT also said the culprits behind the data breach are "advanced and professional" hacke
15-Year-Old Schoolboy Posed as CIA Chief to Hack Highly Sensitive Information

15-Year-Old Schoolboy Posed as CIA Chief to Hack Highly Sensitive Information

Jan 20, 2018
Remember " Crackas With Attitude "? A notorious pro-Palestinian hacking group behind a series of embarrassing hacks against United States intelligence officials and leaked the personal details of 20,000 FBI agents , 9,000 Department of Homeland Security officers, and some number of DoJ staffers in 2015. Believe or not, the leader of this hacking group was just 15-years-old when he used "social engineering" to impersonate CIA director and unauthorisedly access highly sensitive information from his Leicestershire home, revealed during a court hearing on Tuesday. Kane Gamble , now 18-year-old, the British teenager hacker targeted then CIA director John Brennan , Director of National Intelligence James Clapper , Secretary of Homeland Security Jeh Johnson, FBI deputy director Mark Giuliano , as well as other senior FBI figures. Between June 2015 and February 2016, Gamble posed as Brennan and tricked call centre and helpline staff into giving away broadband and
Facebook Password Stealing Apps Found on Android Play Store

Facebook Password Stealing Apps Found on Android Play Store

Jan 18, 2018
Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store. Security researchers have now discovered a new piece of malware, dubbed GhostTeam , in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users. Discovered independently by two cybersecurity firms, Trend Micro and Avast , the malicious apps disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and video downloader apps. Like most malware apps, these Android apps themselves don't contain any malicious code, which is why they managed to end up on Google's official Play Store. Once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloads the malware payload, which prompts the victim to
Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

Jan 17, 2018
Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon , the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services. Active since early 2016, Zyklon is an HTTP botnet malware that communicates with its command-and-control servers over Tor anonymising network and allows attackers to remotely steal keylogs, sensitive data, like passwords stored in web browsers and email clients. Zyklon malware is also capable of executing additional plugins, including secretly using infected systems for DDoS attacks and cryptocurrency mining. Different versions of the Zyklon malware has previously been found being advertised on a popular underground marketplace for $75 (normal build) and $125 ( Tor-enabled build). According to a recently published report
Skygofree — Powerful Android Spyware Discovered

Skygofree — Powerful Android Spyware Discovered

Jan 16, 2018
Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely. Dubbed Skygofree , the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years. Since 2014, the Skygofree implant has gained several novel features previously unseen in the wild, according to a new report published by Russian cybersecurity firm Kaspersky Labs. The 'remarkable new features' include location-based audio recording using device's microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers. Skygofree is being distributed through fake web pages mimicking leading mobile network operators, most of which have been registered by the attackers since 2015—the year when the distribution ca
LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials

LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials

Jan 16, 2018
Canadian authorities have arrested and charged an Ontario man for operating a website that collected 'stolen' personal identity records and credentials from some three billion online accounts and sold them for profit. According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com —a major repository that compiled public data breaches and sold access to the data, including plaintext passwords. Launched in late 2015, LeakedSource had collected around 3 billion personal identity records and associated passwords from some of the massive data breaches, including LinkedIn , VK.com , Last.Fm , Ashley Madison ,  MySpace , Twitter ,  Weebly and Foursquare , and made them accessible and searchable to anyone for a fee. LeakedSource was shut down , and its associated social media accounts have been suspended after the law enforcement raided its operator earlier last year. However, another
Flaw in Popular Transmission BitTorrent Client Lets Hackers Control Your PC Remotely

Flaw in Popular Transmission BitTorrent Client Lets Hackers Control Your PC Remotely

Jan 16, 2018
A critical vulnerability has been discovered in the widely used Transmission BitTorrent app that could allow hackers to remotely execute malicious code on BitTorrent users' computers and take control of them. The vulnerability has been uncovered by Google's Project Zero vulnerability reporting team, and one of its researchers Tavis Ormandy has also posted a proof-of-concept attack—just 40 days after the initial report. Usually, Project Zero team discloses vulnerabilities either after 90 days of reporting them to the affected vendors or until the vendor has released a patch. However, in this case, the Project Zero researchers disclosed the vulnerability 50 days prior to the actual time limit because Transmission developers failed to apply a ready-made patch provided by the researchers over a month ago. "I'm finding it frustrating that the transmission developers are not responding on their private security list, I suggested moving this into the open so that
OnePlus Site’s Payment System Reportedly Hacked to Steal Credit Card Details

OnePlus Site's Payment System Reportedly Hacked to Steal Credit Card Details

Jan 15, 2018
This year's first bad news for OnePlus users—a large number of OnePlus customers are reporting of fraudulent credit card transactions after buying products from the Chinese smartphone manufacturer's official online store. The claim initially surfaced on the OnePlus support forum over the weekend from a customer who said that two of his credit cards used on the company's official website was suspected of fraudulent activities. " The only place that both of those credit cards had been used in the last 6 months was on the Oneplus website ," the customer wrote. Later a good number of users posted similar complaints on OnePlus, Twitter and Reddit forums, saying they also became a victim of credit card fraud. Many of the customers claimed that their credit cards had been compromised after they bought a new phone or some accessories directly from the OnePlus official website, indicating that the leak might have been through the company itself. Cybersecurity
Fourth Fappening Hacker Admits to Stealing Celebrity Pics From iCloud Accounts

Fourth Fappening Hacker Admits to Stealing Celebrity Pics From iCloud Accounts

Jan 13, 2018
Almost three years after the massive leakage of high-profile celebrities' photos—well known as " The Fappening " or " Celebgate " scandal—a fourth hacker has been charged with hacking into over 250 Apple iCloud accounts belonged to Hollywood celebrities. A federal court has accused George Garofano , 26, of North Branford, of violating the Computer Fraud and Abuse Act, who had been arrested by the FBI. Garofano has admitted to illegally obtaining credentials for his victims' iCloud accounts using a phishing scheme, which eventually allowed him to steal personal information on his victims, including sensitive and private photographs and videos. Among celebrities whose photographs were posted online back in 2014 are Jennifer Lawrence, Kim Kardashian, Kirsten Dunst, and Kate Upton. Also, female victims also include American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and Lauren O'Neil. Between April 2013 to Oct
Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users

Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users

Jan 12, 2018
A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018. Dubbed OSX/MaMi , an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012. DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information. First appeared on the Malwarebytes forum, a user posted a query regarding unknown malware that infected his friend's computer that silently changed DNS settings on infected macOS to 82.163.143.135 and 82.163.142.137 addresses. After looking at the post, ex-NSA hacker Patrick Wardle analysed the malware and found that it is indeed a ' DNS Hijacker, ' which also invokes security tools to install a new root certificate in an attempt to intercept encrypte
New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

Jan 12, 2018
It's been a terrible new-year-starting for Intel. Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally. As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities , security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely. Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user's device in less than 30 seconds. AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organisation. The bug allows anyone with phy
Skype Finally Adds End-to-End Encryption for Private Conversations

Skype Finally Adds End-to-End Encryption for Private Conversations

Jan 12, 2018
Good news for Skype users who are concerned about their privacy. Microsoft is collaborating with popular encrypted communication company Signal to bring end-to-end encryption support to Skype messenger. End-to-end encryption assured its users that no one, not even the company or server that transmits the data, can decrypt their messages. Signal Protocol is an open source cryptographic protocol that has become an industry-wide standard—which is used in  Facebook Messenger , Whatsapp , and Google Allo for secure messaging. Dubbed Private Conversations , the new feature which is about to be introduced in Skype will offer end-to-end encryption for audio calls, text, and multimedia messages like videos and audio files. "Skype Private Conversations give you enhanced security through end-to-end encryption with an additional layer of security for conversations between you and your friends and family," the company announced .  "Private Conversations can only be betwe
macOS Malware Creator Charged With Spying on Thousands of PCs Over 13 Years

macOS Malware Creator Charged With Spying on Thousands of PCs Over 13 Years

Jan 11, 2018
The U.S. Justice Department unsealed 16-count indictment charges on Wednesday against a computer programmer from Ohio who is accused of creating and installing spyware on thousands of computers for more than 13 years. According to the indictment, 28-year-old Phillip R. Durachinsky is the alleged author of FruitFly malware that was found targeting Apple Mac users earlier last year worldwide, primarily in the United States. Interestingly, Durachinsky was just 14 years old when he programmed the first version of the FruitFly malware, and this full-fledged backdoor trojan went largely undetected for several years, despite using unsophisticated and antiquated code. The malware was initially discovered in January 2017 by Malwarebytes and then Patrick Wardle, an ex-NSA hacker, found around 400 Mac computers infected with the newer strain of FruitFly. However, Wardle believed the number of infected Macs would likely be much higher. The malware is capable of advanced surveillance
[Bug] macOS High Sierra App Store Preferences Can Be Unlocked Without a Password

[Bug] macOS High Sierra App Store Preferences Can Be Unlocked Without a Password

Jan 11, 2018
Yet another password vulnerability has been uncovered in macOS High Sierra, which unlocks App Store System Preferences with any password (or no password at all). A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to unlock App Store menu in System Preferences with any random password or no password at all. The impact of this vulnerability is nowhere as serious as the previously disclosed root login bug in Apple's desktop OS that enabled access to the root superuser account simply by entering a blank password on macOS High Sierra 10.13.1. As reported on Open Radar earlier this week, the vulnerability impacts macOS version 10.13.2 and requires the attacker to be logged in with an administrator-level account for this vulnerability to work. I checked the bug on my fully updated Mac laptop, and it worked by entering a blank password as well as any random password. If you're running latest macOS
Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day

Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day

Jan 10, 2018
If you think that only CPU updates that address this year's major security flaws— Meltdown and Spectre —are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to. Microsoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been actively exploited by several threat groups in the wild. Sixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework. The zero-day vulnerability ( CVE-2018-0802 ), described by Microsoft as a memory corruption flaw in Office, is already being targeted in the wild by several threat actor groups in the past few months. The vulnerability, discovered by several researchers from Chinese com
Cybersecurity Resources