Search results for pdf | Breaking Cybersecurity News | The Hacker News

A new "all-in-one" stealer malware named  EvilExtractor  (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin  said . "It also contains environment checking and Anti-VM functions. Its primary purpose seems to be to steal browser data and information from compromised endpoints and then upload it to the attacker's FTP server." The network security company said it observed a surge in attacks spreading the malware in the wild in March 2023, with a majority of the victims located in Europe and the U.S. While marketed as an educational tool, EvilExtractor has been adopted by threat actors for use as an information stealer. The attack tool is being sold by an actor named Kodex on cybercrime forums like Cracked dating back to October 22, 2022. It's continually updated and

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are  repurposing legitimate services  for malicious ends. "Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or legitimate," Cisco Talos researcher Craig Jackson  said  last week. While adversaries have used popular cloud-based services such as Google Drive, OneDrive, Dropbox, SharePoint, DocuSign, and Oneflow to host phishing documents in the past, the latest development marks an escalation designed to evade email security controls. DDP services allow users to upload and share PDF

As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.  Which is why many highly regulated sectors, from finance to utilities, are turning to military-grade cyber defenses to safeguard their operations. Regulatory Pressures Impacting Cyber Decisions Industries such as finance, healthcare, and government are subject to strict regulatory standards, governing data privacy, security, and compliance. Non-compliance with these regulations can result in severe penalties, legal repercussions, and damage to reputation. To meet regulatory requirements and mitigate the ever-increasing risk, organizations are shifting to adopt more robust cybersecurity measures. Understanding the Increase of Threats Attacks on regulated industries have increased dramatically over the past 5 years, with o

The United States federal authorities have boosted charges against a former IBM Corp. software developer in China for allegedly stealing valuable source code from his former employer in the US. Chinese national Xu Jiaqiang, 30, was arrested by the FBI in December last year, when he was charged with just one count of theft of a trade secret. However, Jiaqiang has been charged with six counts: three counts of economic espionage and three counts of theft of a trade secret, as US prosecutors accused him of selling the stolen information to other companies, according to the Justice Department indictment [ PDF ]. The proprietary source code, which Jiaqiang was intended to sell for the benefit of the Chinese government, has been described as "a product of decades of work." Jiaqiang worked as a software developer for an unnamed American company that developed networking software from November 2010 to May 2014. In May 2014, Jiaqiang resigned the company only to sell the c

Ashley Madison, an American most prominent dating website that helps married people cheat on their spouses has been hacked, has agreed to pay a hefty fine of $1.6 Million for failing to protect account information of 36 Million users , after a massive data breach last year. Yes, the parent company of Ashley Madison , Ruby Corp. will pay $1.6 Million to settle charges from both Federal Trade Commission (FTC) and 13 states alleging that it misled its consumers about its privacy practices and did not do enough to protect their information. Not only the company failed to protect the account information of its 36 Million users, but also it failed to delete account information after regretful users paid a $20 fee for "Full Delete" of their accounts. Moreover, the Ashley Madison site operators were accused of creating fake accounts of "female" users in an effort to attract new members. Avid Life Media denied the claim at the time, but a year later when the com

Homeland Security have eye on Journalists The Department of Homeland Security has declared its intention to gather personal data on journalists or others who might use " traditional and/or social media in real time to keep their audience situationally aware and informed ". Well, it'll be interesting to see the reaction of Obama's adoring White House press corps when they discover their activities are being tracked by the Department of Homeland Security. Under the National Operations Center (NOC)'s Media Monitoring Initiative that came out of DHS headquarters in November, Washington has the written permission to retain data on users of social media and online networking platforms. Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances. The department says

Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices. The vulnerability, assigned as CVE-2019-9506 , resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices choose an entropy value for encryption keys while pairing to secure their connection. Referred to as the Key Negotiation of Bluetooth ( KNOB ) attack, the vulnerability could allow remote attackers in close proximity to targeted devices to intercept, monitor, or manipulate encrypted Bluetooth traffic between two paired devices. The Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate, also known as "Bluetooth Classic") is a wireless technology standard that has typically been designed for relatively short-range, continuous wireless connection such as streaming audio to headsets

A new Spam email campaign making the rounds in Germany are delivering a new variant of a powerful banking malware , a financial threat designed to steal users' online banking credentials, according to security researchers from Microsoft. The malware, identified as Emotet , was first spotted last June by security vendors at Trend Micro. The most standout features of Emotet is its network sniffing ability , which enables it to capture data sent over secured HTTPS connections by hooking into eight network APIs, according to Trend Micro. Microsoft has been monitoring a new variant of Emotet banking malware , Trojan:Win32/Emotet.C , since November last year. This new variant was sent out as part of a spam email campaign that peaked in November. Emotet has been distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware. HeungSoo Kang of Microsoft's Malware Protection Center identifi

A huge data-stealing cyber espionage campaign that targeted Banks, Corporations and Governments in Germany, Switzerland, and Austria for 12 years, has finally come for probably the longest-lived online malware operation in history. The campaign is dubbed as ' Harkonnen Operation ' and involved more than 800 registered front companies in the UK — all using the same IP address – that helped intruder installs malware on victims' servers and network equipments from different organizations, mainly banks, large corporations and government agencies in Germany, Switzerland and Austria. In total, the cyber criminals made approximately 300 corporations and organisations victims of this well-organised and executed cyber-espionage campaign . CyberTinel , an Israel-based developer of a signature-less endpoint security platform, uncovered this international cyber-espionage campaign hitting Government institutions, Research Laboratories and critical infrastructure facilit

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users' cellular networks, modify the contents of their communications, and even can re-route them to malicious or phishing websites. LTE, or Long Term Evolution, is the latest mobile telephony standard used by billions of people designed to bring many security improvements over the predecessor standard known as Global System for Mobile (GSM) communications. However, multiple security flaws have been discovered over the past few years, allowing attackers to intercept user's communications, spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and knock devices entirely offline. 4G LTE Network Vulnerabilities Now, security researchers

Security researchers have discovered several severe zero-day vulnerabilities in the mobile bootloaders from at least four popular device manufacturers that could allow an attacker to gain persistent root access on the device. A team of nine security researchers from the University of California Santa Barbara created a special static binary tool called BootStomp that automatically detects security vulnerabilities in bootloaders. Since bootloaders are usually closed source and hard to reverse-engineer, performing analysis on them is difficult, especially because hardware dependencies hinder dynamic analysis. Therefore, the researchers created BootStomp, which "uses a novel combination of static analysis techniques and underconstrained symbolic execution to build a multi-tag taint analysis capable of identifying bootloader vulnerabilities." The tool helped the researchers discover six previously-unknown critical security bugs across bootloaders from HiSilicon (Huawe

Security researchers at Kaspersky have identified a sophisticated APT hacking group that has been operating since at least 2012 without being noticed due to their complex and clever hacking techniques. The hacking group used a piece of advanced malware—dubbed Slingshot —to infect hundreds of thousands of victims in the Middle East and Africa by hacking into their routers. According to a 25-page report published [ PDF ] by Kaspersky Labs, the group exploited unknown vulnerabilities in routers from a Latvian network hardware provider Mikrotik as its first-stage infection vector in order to covertly plant its spyware into victims' computers. Although it is unclear how the group managed to compromise the routers at the first place, Kaspersky pointed towards WikiLeaks Vault 7 CIA Leaks , which revealed the ChimayRed exploit , now available on GitHub , to compromise Mikrotik routers. Once the router is compromised, the attackers replace one of its DDL (dynamic link libraries)

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system," Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn  said . "A user would not know their USB device is infected or possibly used to exfiltrate data out of their networks." The cybersecurity company said it uncovered the artifact during an incident response effort following a Black Basta ransomware attack against an unnamed victim. Among other tools discovered in the compromised environment include the  Gootkit  malware loader and the  Brute Ratel C4  red team framework. The use of Brute Ratel by the Black Basta group was previously  highlighted  by Trend Micro in October 2022, with the software delivered as a second-stage

Facebook has admitted that the company gave dozens of tech companies and app developers special access to its users' data after publicly saying it had restricted outside companies to access such data back in 2015. It's an unusual clear view of how the largest social networking site manages your personal information. During the Cambridge Analytica scandal revealed March this year, Facebook stated that it already cut off third-party access to its users' data and their friends in May 2015 only. However, in a 747-page long document [ PDF ] delivered to Congress late Friday, the social networking giant admitted that it continued sharing data with 61 hardware and software makers , as well as app developers after 2015 as well. The disclosure comes in response to hundreds of questions posed to Facebook CEO Mark Zuckerberg by members of Congress in April about its company's practices with data of its billions of users. The Washington Post reported that the company

Since cybersecurity is definitely an issue that's here to stay, I've just checked out the recently released first episodes of Cato Networks  Cybersecurity Master Class Series .  According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and real-world case studies on cybersecurity; and bring the voices and opinions of top cybersecurity thought-leaders. Designed for security and IT professionals, C-level managers and security experts, each session contains both theory and hands-on examples about strategic, tactical, and operational issues on a wide range of topics.  The classes are hosted by industry-recognized cybersecurity researcher and keynote speaker, Etay Maor, who is also Senior Director of Security Strategy at Cato. Four out of the planned annual 8-10 episodes are currently available online.  Episode 1 , entitled  How (and Why) to Apply OSINT to Protect your Enterprise  takes an in-depth look at our era of data proli

Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer , which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access (RDMA) channels. However, a separate team of security researchers has now demonstrated a second network-based remote Rowhammer technique that can be used to attack systems using uncached memory or flush instruction while processing the network requests. The research was carried out by researchers who discovered Meltdown and Spectre CPU vulnerabilities, which is independent of the Amsterdam researchers who presented a series of Rowhammer attacks, including Throwhammer published last week. If you are unaware, Rowhammer is a critical issue with recent generation dynamic random access memory (DRAM) chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row, allowing attackers to change the contents of the memory. The

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies  said . The joint advisory comes courtesy of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the U.K.'s National Cyber Security Centre (NCSC). The cyberespionage actor was  outed this year  as conducting malicious operations as part of Iran's Ministry of Intelligence and Security (MOIS) targeting a wide range of government and private-sector organizations, including telecommunications, defense, local government, and oil and natural gas sectors, in Asia, Afric

Citigroup hacked again - 92,000 customers info exposed from Japan For the second time this year, Citigroup has suffered a major breach of its credit customers' personal information; this time the breach involved 92,400 customers at its Japanese unit. Citigroup's Japanese credit card unit said personal information for more than 92,000 of its customers was illegally sold to a third party. The information exposed included the names, account numbers addresses, phone numbers birthdates, and sex of 92,408 credit card holders, Citi Cards Japan warned in an advisory (PDF) issued Friday . The personal identification numbers and card security codes were not accessed. Citi Cards Japan did not mention how customer information was obtained as the sale of such information is currently under investigation. " While the risk of fraud is minimal due to the absence of security information, CCJ has placed internal fraud alerts and enhanced monitoring on all accounts identified, and no unusual or s

And the Winners of this year's Turing Award are: Whitfield Diffie and Martin E. Hellman . The former chief security officer at Sun Microsystems Whitfield Diffie and the professor at Stanford University Martin E. Hellman won the 2015 ACM Turing Award, which is frequently described as the "Nobel Prize of Computing" . Turing Award named after  Alan M. Turing , the British mathematician and computer scientist who was a key contributor to the Allied cryptanalysis of the German Enigma cipher and the German "Tunny" encoding machine in World War II. The Association for Computing Machinery (ACM) announced the Turing Award the same day when FBI Director  James Comey  appeared before a congressional committee to discuss how  encryption has become Threat  to law enforcement. The ACM  announced the award on Tuesday, which includes the top prize of $1 Million that has been awarded to two men who invented the "public-key cryptography" – a technique that