#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

ransomware | Breaking Cybersecurity News | The Hacker News

Category — ransomware
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

Dec 05, 2024 Vulnerability / Threat Intelligence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend , and CyberPanel to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property CVE-2023-45727 (CVSS score: 7.5) - An improper restriction of XML External Entity (XXE) reference vulnerability that could allow a remote, unauthenticated attacker to conduct an XXE attack CVE-2024-11680 (CVSS score: 9.8) - An improper authentication vulnerability that allows a remote, unauthenticated attacker to create accounts, upload web shells, and embed malicious JavaScript CVE-2024-11667 (CVSS score: 7.5) - A path traversal vulnerabilit...
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Dec 04, 2024 Vulnerability / Ransomware
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine," Veeam said in an advisory. Another defect patched by Veeam relates to a vulnerability (CVE-2024-42449, CVSS score: 7.1) that could be abused to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine. Both the identified vulnerabilities affect Veeam Service Provider Console 8.1.0.21377 and all earlier versions of 7 and 8 builds. They have been addressed in version 8.1.0.21999. Veeam furt...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

Dec 03, 2024 Malware / Phishing Attack
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer malware such as Rhadamanthys and Meduza . "Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts," security researcher Artem Ushkov said in a Monday analysis. "The script files [are] disguised as requests and bids from potential customers or partners." The threat actors behind the operations have demonstrated their active development of the JavaScript payload, making significant changes during the course of the campaign. In some instances, the ZIP archive has been found to contain other docum...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

Dec 02, 2024 Malware / Cryptocurrency
Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News. "While SmokeLoader primarily serves as a downloader to deliver other malware, in this case, it carries out the attack itself by downloading plugins from its [command-and-control] server." SmokeLoader , a malware downloader first advertised in cybercrime forums in 2011, is chiefly designed to execute secondary payloads. Additionally, it possesses the capability to download more modules that augment its own functionality to steal data, launch distributed denial-of-service (DDoS) attacks, and mine cryptocurrency. "SmokeLoader detects analysis environments, generates fake network t...
THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)

THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)

Dec 02, 2024 Cyber Threats / Weekly Recap
Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds. And get this - while we're all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity experts have trouble spotting them. What's even crazier? Some of the latest malware is like a digital chameleon - it literally watches how you try to catch it and changes its behavior to slip right past your defenses. Pretty mind-bending stuff, right? This week's roundup is packed with eye-opening developments that'll make you see your laptop in a whole new light. ⚡ Threat of the Week T-Mobile Spots Hackers Trying to Break In: U.S. telecom service provider T-Mobile caught some suspicious activity on their network recently - basically, someone was trying to sneak into th...
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

Nov 30, 2024 Ransomware / Cybercrime
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, the investigator has collected sufficient evidence, the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits," the Russian Ministry of Internal Affairs said in a statement. Matveev has been charged under Part 1 of Article 273 of the Criminal Code of the Russian Federation, which relates to the creation, use, and distribution of computer programs that can cause "destruction, blocking, modification or copying of computer information." He was previously charged and ...
INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

Nov 27, 2024 Cybercrime / Financial Fraud
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti , the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email compromise (BEC), digital extortion, and online scams. The participating nations in the operation were Algeria, Angola, Benin, Cameroon, Côte d'Ivoire, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe. These activities, which ranged from online credit card fraud and Ponzi schemes to investment and multi-level marketing scams, victimized more than 35,000 people, leading to financial losses nearly amounting to $193 million across the world. In connection with the $6 million online Ponzi ...
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)

Nov 25, 2024 Cybersecurity / Critical Updates
We hear terms like "state-sponsored attacks" and "critical vulnerabilities" all the time, but what's really going on behind those words? This week's cybersecurity news isn't just about hackers and headlines—it's about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn't just about stolen data—it's about power. Hackers are positioning themselves to control the networks we rely on for everything, from making calls to running businesses. And those techy-sounding CVEs? They're not just random numbers; they're like ticking time bombs in the software you use every day, from your phone to your work tools. These stories aren't just for the experts—they're for all of us. They show how easily the digital world we trust can be turned against us. But they also show us the power of staying informed and prepared. Dive into this week's recap, and let's uncover the risks, the solutions, and the small steps we can all take to stay a...
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Nov 25, 2024 Malware / Windows Security
Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver ( BYOVD ) to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda," Trellix security researcher Trishaan Kalra said in an analysis published last week. "The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system." The starting point of the attack is an executable file (kill-floor.exe) that drops the legitimate Avast Anti-Rootkit driver, which is subsequently registered as a service using Service Control (sc.exe) to perform its malicious actions. Once the driver is up and running, the malware gains kernel-level access to the system, allowing it...
Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks

Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks

Nov 22, 2024 Financial Fraud / Cybercrime
Meta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. To that end, Microsoft's Digital Crimes Unit (DCU) said it seized 240 fraudulent websites associated with an Egypt-based cybercrime facilitator named Abanoub Nady (aka MRxC0DER and mrxc0derii), who advertised for sale a phishing kit called ONNX. Nady's criminal operation is said to date as far back as 2017. "Numerous cybercriminal and online threat actors purchased these kits and used them in widespread phishing campaigns to bypass additional security measures and break into Microsoft customer accounts," Microsoft DCU's Steven Masada said . "While all sectors are at risk, the financial services industry has been heavily targeted given the sensitive data and transactions they handle. In these instances, a successful phish can have devastating real-world consequences...
New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Nov 19, 2024 Ransomware / Linux
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group could be evolving its current operations to target virtualized infrastructures via VMware." Helldown was first publicly documented by Halcyon in mid-August 2024, describing it as an "aggressive ransomware group" that infiltrates target networks by exploiting security vulnerabilities. Some of the prominent sectors targeted by the cybercrime group include IT services, telecommunications, manufacturing, and healthcare. Like other ransomware crews, Helldown is known for leveraging data leak sites to pressure victims into paying ransoms by threatening to publish s...
Expert Insights / Articles Videos
Cybersecurity Resources