The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company Phylum found them all to be copies of  W4SP Stealer . W4SP Stealer primarily functions to siphon user data, including credentials, cryptocurrency wallets, Discord tokens, and other files of interest. It's created and published by an actor who goes by the aliases BillyV3, BillyTheGoat, and billythegoat356. "For some reason, each deployment appears to have simply tried to do a find/replace of the W4SP references in exchange for some other seemingly arbitrary name," the researchers  said  in a report published earlier this week. The 16 rogue modules are as follows: modulesecurity, inform...

The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called  FrodoPIR . The idea, the company  said , is to use the technology to build out a wide range of use cases such as safe browsing, scanning passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called  FrodoPIR  because "the client can perform hidden queries to the server, just as Frodo remained hidden from Sauron," a reference to the characters from J. R. R. Tolkien's  The Lord of the Rings . PIR, short for  private information retrieval , is a cryptographic protocol that enables users (aka clients) to retrieve a piece of information from a database server without revealing to its owner which element was selected. In other words, the goal is to be able to query a platform for information (say, cooking videos) without letting the service provider infer from...

A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity  STEPPY#KAVACH , attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".LNK files are used to initiate code execution which eventually downloads and runs a malicious C# payload, which functions as a remote access trojan (RAT)," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov  said  in a new report. SideCopy, a  hacking crew  believed to be of Pakistani origin and active since at least 2019, is said to share ties with another actor called  Transparent Tribe  (aka APT36 or Mythic Leopard). It's also known to impersonate attack chains leveraged by  SideWinder , a prolific nation-state group that disproportionately singles out Pakistan-based military entities, to deploy its own toolset. That s...

Tis the season for security and IT teams to send out that company-wide email: “No, our CEO does NOT want you to buy gift cards.”  As much of the workforce signs off for the holidays, hackers are stepping up their game. We’ll no doubt see an increase in activity as hackers continue to unleash e-commerce scams and holiday-themed phishing attacks. Hackers love to use these tactics to trick end users into compromising not only their personal data but also their organization’s data.  But that doesn’t mean you should spend the next couple of weeks in a constant state of anxiety.  Instead, use this moment as an opportunity to ensure that your incident response (IR) plan is rock solid.  Where to start?  First, make sure that your strategy follows the six steps to complete incident response.  Here’s a refresher: The 6 steps of a complete IR Preparation:  This is the first phase and involves reviewing existing security measures and policies; performing...

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed ' PolyVice ,' implements a robust encryption scheme, using  NTRUEncrypt  and  ChaCha20-Poly1305  algorithms," SentinelOne researcher Antonio Cocomazzi  said  in an analysis. Vice Society , which is tracked by Microsoft under the moniker DEV-0832, is an intrusion, exfiltration, and extortion hacking group that first appeared on the threat landscape in May 2021. Unlike other ransomware gangs, the cybercrime actor does not use file-encrypting malware developed in-house. Instead, it's known to deploy third-party lockers such as Hello Kitty, Zeppelin, and RedAlert ransomware in their attacks. Per SentinelOne, indications are that the threat actor behind the custom-branded ransomware is also selling similar payloads to other hacking crews based on PolyVice's extensive similarities to...

France's privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés (CNIL)  noted  that users visiting the home page of its Bing search engine did not have a "mechanism to refuse cookies as easily as accepting them." The authority, which carried out an online audit between September 2020 and May 2021 following a complaint it received in February 2020,  stated  the tech giant deposited cookies with an aim to serve ads and fight advertising fraud without getting a user's permission beforehand, as is required by law. Along with the fines, Microsoft has also been ordered to alter its cookie practices within three months, or risk facing an additional penalty of €60,000 per day of non-compliance following the end ...

The  August 2022 security breach  of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults by using data siphoned from the earlier break-in. Among the data stolen are "basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," the company  said . The August 2022 incident, which  remains  a subject of an ongoing investigation, involved the miscreants accessing source code and proprietary technical information from its development environment via a single compromised employee account. LastPass said this permitted the unidentified attacker to obtain credentials and keys that...

An exhaustive analysis of  FIN7  has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware  DarkSide ,  REvil , and  LockBit  families. The highly active threat group, also known as Carbanak, is  known  for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing. More than 8,147 victims have been compromised by the financially motivated adversary across the world, with a majority of the entities located in the U.S. Other prominent countries include China, Germany, Canada, Italy, and the U.K. FIN7's intrusion techniques, over ...

We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and when all our efforts failed, only then we considered banding together with our peers to outnumber them. Cybercriminals don't reinvent themselves each time. Their resources are limited, and they have a limited budget. Therefore they use playbooks to attack many people. Meaning most of the attacks are known to people and not innovative. Yet, all we hear about is one breach after another despite hundreds of millions of dollars being thrown into the industry. So if we know that teaming up and sharing information is the key, why aren't security vendors doing it? It's simple. Vendors don't want to give it to you; they want to sell it to you. Cyber Threat Intelligence: A better way to fight cybercrime  As the internet continues to expand and connect more people and devices than ever before, the need for effective cyber threat intelligence sharing has never been g...

Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within the application," Swiss cybersecurity firm modzero AG  said  in a report published this week. "Some of the individual vulnerabilities can be chained to gain a shell on the Passwordstate host system and dump all stored passwords in cleartext, starting with nothing more than a valid username." Passwordstate, developed by an Australian company named Click Studios, has over  29,000 customers  and is used by more than 370,000 IT professionals. One of the flaws also impacts  Passwordstate version 9.5.8.4  for the Chrome web browser. The latest version of the browser a...