#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

threat detection | Breaking Cybersecurity News | The Hacker News

Category — threat detection
5 Steps to Boost Detection and Response in a Multi-Layered Cloud

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

Oct 14, 2024 Cloud Security / Vulnerability
The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning cloud infrastructure, workloads, and even applications. Despite these advanced tools, organizations often take weeks or even months to identify and resolve incidents.  Add to this the challenges of tool sprawl, soaring cloud security costs, and overwhelming volumes of false positives, and it becomes clear that security teams are stretched thin. Many are forced to make hard decisions about which cloud breaches they can realistically defend against.  By following these five targeted steps, security teams can greatly improve their real-time detection and response capabilities for cloud a
Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

Oct 09, 2024 Cybercrime / Threat Detection
Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance ( GASA ) and DNS Research Federation ( DNS RF ) to combat online scams . The initiative, which has been codenamed the Global Signal Exchange ( GSE ), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create more visibility into the facilitators of cybercrime. "By joining forces and establishing a centralized platform, GSE aims to improve the exchange of abuse signals, enabling faster identification and disruption of fraudulent activities across various sectors, platforms and services," Google said in a blog post shared with The Hacker News. "The goal is to create a user-friendly, efficient solution that operates at an internet-scale, and is accessible to qualifying organizations, with GASA and the DNS Research Federation managing access." The tech giant said it has sh
How to Get Going with CTEM When You Don't Know Where to Start

Want To Excel in Cybersecurity Risk Management?

Georgetown UniversityWebinar / Risk Management
Manage cybersecurity risk with a Georgetown master's degree. Learn more in our Oct. 23 webinar.
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Oct 03, 2024 Linux / Malware
Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker News. "When a new user logs into the server, it immediately stops all 'noisy' activities, lying dormant until the server is idle again. After execution, it deletes its binary and continues to run quietly in the background as a service." It's worth noting that some aspects of the campaign were disclosed last month by Cado Security, which detailed an activity cluster that targets internet-exposed Selenium Grid instances with both cryptocurrency mining and proxyjacking software. Specifically, the fileless perfctl malware has been found to exploit a security
cyber security

Master the Art of AI-powered Cybersecurity

websiteNVIDIAArtificial Intelligence / Cybersecurity
Learn to build and manage advanced AI workflows that safeguard data against emerging threats, enhancing your ability to detect and respond to potential security breaches with this free course.
5 Must-Have Tools for Effective Dynamic Malware Analysis

5 Must-Have Tools for Effective Dynamic Malware Analysis

Oct 02, 2024 Malware Analysis / Threat Detection
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the malware and the system in real-time is a great advantage when it comes to dynamic analysis. This way, you can not only observe its execution but also see how it responds to your inputs and triggers specific behaviors.  Plus, it saves time by allowing you to download samples hosted on file-sharing websites or open those packed inside an archive, which is a common way to deliver payloads to victims. The initial phishing email containing the malicious pdf and password for the archive Check out this sandbox session in the ANY.RUN sandbox that shows how interactivity is used for analyzing the en
Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Oct 02, 2024 Email Security / Vulnerability
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519 , a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to execute arbitrary commands on affected installations. "The emails spoofing Gmail were sent to bogus addresses in the CC fields in an attempt for Zimbra servers to parse and execute them as commands," Proofpoint said in a series of posts on X. "The addresses contained Base64 strings that are executed with the sh utility." The critical issue was addressed by Zimbra in versions 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1 released on September 4, 2024. A security researcher named lebr0nli (Alan Li) has been credited with discovering and reporting the short
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Sep 27, 2024 Software Security / Vulnerability
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said , have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8)  CVE-2024-46906 (CVSS score: 8.8)  CVE-2024-46907 (CVSS score: 8.8)  CVE-2024-46908 (CVSS score: 8.8)  CVE-2024-46909 (CVSS score: 9.8), and CVE-2024-8785 (CVSS score: 9.8) Security researcher Sina Kheirkhah of Summoning Team has been credited with discovering and reporting the first four flaws. Andy Niu of Trend Micro has been acknowledged for CVE-2024-46909, while Tenable has been credited for CVE-2024-8785. It's worth noting that Trend Micro recently reported that threat actors are actively exploiting proof-of-concept (PoC) exploits for other recently disclosed security flaws in WhatsU
How to Plan and Prepare for Penetration Testing

How to Plan and Prepare for Penetration Testing

Sep 27, 2024 Penetration Testing / Threat Detection
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or "interactive intrusion" techniques is especially alarming. Unlike malware attacks that rely on automated malicious tools and scripts, human-driven intrusions use the creativity and problem-solving abilities of attackers. These individuals can imitate normal user or administrative behaviors, making it challenging to distinguish between legitimate activities and cyber-attacks. The goal of most security practitioners today is to manage risk at scale. Gaining visibility, reducing the noise, and securing the attack surface across the enterprise requires the right people, processes, and security solutions. With the use of penetration testing services , organ
New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

Sep 27, 2024 GenAI / Cybercrime
Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling . The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF attachments or macro-laced Microsoft Excel documents. "HTML smuggling is primarily a payload delivery mechanism," Netskope researcher Nikhil Hegde said in an analysis published Thursday. "The payload can be embedded within the HTML itself or retrieved from a remote resource." The HTML file, in turn, can be propagated via bogus sites or malspam campaigns. Once the file is launched via the victim's web browser, the concealed payload is decoded and downloaded onto the machine. The attack subsequently banks on some level of social engineering to convince the victim to ope
Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar

Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar

Sep 26, 2024 Threat Detection / IT Security
Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats. It's time for a change. It's time to reclaim control. Join Zuri Cortez and Seth Geftic for an insightful webinar as they navigate the complexities of " Solving the SIEM Problem: A Hard Reset on Legacy Solutions ."  They'll share insider knowledge, battle-tested strategies, and a clear path to taming the SIEM beast in this informative session. Here's what we'll cover: SIEM 101: A quick refresher on what SIEM is, why it's important, and the challenges it faces today The Problem with Legacy SIEM: We'll pull back the curtain and reveal why traditional solutions are struggl
ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

Sep 25, 2024 Artificial Intelligence / Vulnerability
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware , could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions," security researcher Johann Rehberger said . The issue, at its core, abuses a feature called memory , which OpenAI introduced earlier this February before rolling it out to ChatGPT Free, Plus, Team, and Enterprise users at the start of the month. What it does is essentially allow ChatGPT to remember certain things across chats so that it saves users the effort of repeating the same information over and over again. Users also have the option to instruct the program to forget something. "ChatGPT's memories evolve with your interactions and aren't linked to s
Expert Insights / Articles Videos
Cybersecurity Resources