network intrusion | Breaking Cybersecurity News | The Hacker News

A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. "Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration ( SLAAC ) spoofing , to move laterally in the compromised network, intercepting packets and redirecting the traffic of legitimate Chinese software so that it downloads malicious updates from a server controlled by the attackers," ESET researcher Facundo Muñoz said in a report shared with The Hacker News. The attack paves the way for a malicious downloader that's delivered by hijacking the software update mechanism associated with Sogou Pinyin. The downloader then acts as a conduit to drop a modular backdoor codenamed WizardNet. This is not the first time Chinese threat actors have abused Sogou Pinyin's software update process to deliver their own malware. In Janu...

The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss cybersecurity company PRODAFT said in a technical report of the malware. FIN7, also called Carbon Spider, ELBRUS, Gold Niagara, Sangria Tempest, and Savage Ladybug, is a Russian cybercrime group known for its ever-evolving and expanding set of malware families for obtaining initial access and data exfiltration. In recent years, the threat actor is said to have transitioned to a ransomware affiliate. In July 2024, the group was observed using various online aliases to advertise a tool called AuKill (aka AvNeutralizer) that's capable of terminating security tools in a likely ...

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171 , and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple vendors for extended periods, maintaining access in one instance for over three years," Cisco Talos said , describing the hackers as highly sophisticated and well-funded. "The long timeline of this campaign suggests a high degree of coordination, planning, and patience — standard hallmarks of advanced persistent threat (APT) and state-sponsored actors." The networking equipment major said it found no evidence that other known security bugs have been weaponized by the hacking crew, contrary to a recent report from Recorded Future that revealed exploitation attempts inv...

What could be even worse than getting hacked? It's the "failure to detect intrusions" that always results in huge losses to the organizations. Utah-based technology company InfoTrax Systems is the latest example of such a security blunder, as the company was breached more than 20 times from May 2014 until March 2016. What's ironic is that the company detected the breach only after it received an alert that its servers had reached maximum storage capacity due to a data archive file that the hacker created. InfoTrax Systems is an American company based in Utah that provides backend operations systems to multi-level marketers, which also includes an extensive amount of sensitive data on their users' compensation, inventory, orders, and accounting. The breach reportedly occurred in May 2014 when the hacker exploited vulnerabilities in InfoTrax's server and its client's website to gain remote control over its server, allowing him to gain access t...

Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and expressed confidence that customers can now safely use their credit and debit cards in its stores. Nashville, Tennessee-based Genesco stated that the intrusion affected its U.S. Journeys, Journeys Kidz, Shi by Journeys, Johnston & Murphy stores, and some Underground Station stores. The company is currently investigating the extent of the compromise with the help of an outside expert. Robert Dennis, Chairman, President, and CEO of Genesco, said, "Since we learned of the intrusion, we have worked diligently with outside experts to protect our customers' information, and we are confident that they are safe shopping with their credit and debit cards at our stores. We recommend that our cust...