The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Don't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day. Join our FREE webinar " Navigating the SMB Threat Landscape: Key Insights from Huntress' Threat Report ," in which Jamie Levy — Director of Adversary Tactics at Huntress, a renowned cybersecurity expert with extensive experience in combating cyber threats — breaks down the latest cyber threats to SMBs like yours and explains what you can do about them. Here's a sneak peek of what you'll learn: Attackers are Blending In: Cyber attackers are getting smarter. They are increasingly using legitimate tools to disguise their activities, making it harder for traditional security measures to detect them. Learn how these techniques work and what you can do to detect these hidden threats. Ransomware on the Rise:  Following the takedown of Qakbot, there ...

Introduction The Colonial Pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were pivotal moments in cybersecurity, starting a new challenge for Chief Information Security Officers ( CISOs ). These attacks highlighted the importance of collaboration between CISOs and DevOps teams to ensure proper cloud security configurations. In this article, we will outline the 6-step approach to fostering strong partnerships between CISOs, DevOps teams, IT management, and organizations that can help to drive innovation while maintaining a robust security posture. You will learn how a CISO can effectively communicate with IT leadership and what methods to try. Our narrative will emphasize the most crucial aspect of an organization's security - growing your strong security team and moving to a proactive approach.  Understanding such breaches, such as the Capital One data breach (2019), Epsilon data breach (2019), Magecart compromises (ongoing), and MongoDB breaches (2...

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier  CVE-2024-5274 , the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on May 20, 2024. Type confusion vulnerabilities  occur when a program attempts to access a resource with an incompatible type. It can have  serious consequences  as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code. The development marks the fourth zero-day that Google has patched since the start of the month after  CVE-2024-4671 ,  CVE-2024-4761 , and  CVE-2024-4947 . The tech giant did not disclose additional technical details about the flaw, but  acknowled...

Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known implant called RustDoor. The software supply chain attack, tracked as CVE-2024-4978 (CVSS score: 8.7), impacts JAVS Viewer v8.3.7, a component of the  JAVS Suite 8  that allows users to create, manage, publish, and view digital recordings of courtroom proceedings, business meetings, and city council sessions. Cybersecurity firm Rapid7  said  it commenced an investigation earlier this month after discovering a malicious executable called "fffmpeg.exe" (note the three Fs) in the Windows installation folder of the software, tracing it to a binary named "JAVS Viewer Setup 8.3.7.250-1.exe" that was downloaded from the official JAVS site on March 5, 2024. "Analysis of the installer JAVS Viewer Setup 8.3.7.250-1.exe showed that it was signed with an unexpected Authenticode ...

Cybersecurity researchers have discovered that the malware known as  BLOODALCHEMY  used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT campaigns, it is crucial to pay special attention to the usage trend of this malware," Japanese company ITOCHU Cyber & Intelligence  said . BLOODALCHEMY was  first documented  by Elastic Security Labs in October 2023 in connection with a campaign mounted by an intrusion set it tracks as REF5961 targeting the Association of Southeast Asian Nations (ASEAN) countries. A barebones x86 backdoor written in C, it's injected into a signed benign process ("BrDifxapi.exe") using a technique called DLL side-loading, and is capable of overwriting the toolset, gathering ho...

Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware deployed, new findings show. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse," cybersecurity firm Sygnia  said  in a report shared with The Hacker News. The Israeli company, through its incident response efforts involving various ransomware families like LockBit, HelloKitty, BlackMatter, RedAlert (N13V), Scattered Spider, Akira, Cactus, BlackCat and Cheerscrypt, found that attacks on virtualization environments adhere to a similar sequence of actions. This includes the following steps - Obtaining initial access through phishing attacks, malicious file downloads, and exploitation of known vulnerabilities in internet-facing assets Escalating their ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as  CVE-2020-17519 , the issue relates to a case of improper access control that could allow an attacker to read any file on the local filesystem of the JobManager through its REST interface. This also means that a remote unauthenticated attacker could send a specially crafted directory traversal request that could permit unauthorized access to sensitive information. The vulnerability, which impacts Flink versions 1.11.0, 1.11.1, and 1.11.2, was  addressed  in January 2021 in versions 1.11.3 or 1.12.0. The exact nature of the attacks exploiting the flaw is presently unknown, although Palo Alto Networks Unit 42 warned of exte...

The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. "The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools," Check Point said in a report shared with The Hacker News. "This refined approach suggests a deeper understanding of their targets." The Israeli cybersecurity firm is tracking the activity under a new name  Sharp Dragon , describing the adversary as careful in its targeting, while at the same time broadening its reconnaissance efforts. The adversary  first came to light  in June 2021, when it was detected targeting a Southeast Asian government to deploy a backdoor on Windows systems dubbed VictoryDLL. Subsequent attacks mounted by Sharp Dragon have set their sights on high-profile gov...

Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed  Operation Diplomatic Specter  since at least late 2022. "An analysis of this threat actor's activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks Unit 42 researchers Lior Rochberger and Daniel Frank  said  in a report shared with The Hacker News. "The threat actor performed intelligence collection efforts at a large scale, leveraging rare email exfiltration techniques against compromised servers." The cybersecurity firm, which previously tracked the activity cluster under the name CL-STA-0043, said it's graduating it to a temporary actor group codenamed TGR-STA-0043 owing to its assessment that the intrusion set is the work of a single actor operating on behalf of Chinese state-aligned interests. Targets of the attacks i...

Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could we get it back? All are valid and necessary conversations for technology organizations of all shapes and sizes. Still, the average company uses  400+ SaaS applications . The same report also uncovered that 56% of IT professionals aren't aware of their data backup responsibilities. This is alarming, given that 84% of survey respondents said at least 30% of their business-critical data lives inside SaaS applications.  SaaS data isn't like on-premises or cloud data because you have no ownership over the operating environment and far less ownership of the data itself. Due to those restrictions, creating automated backups, storing them in secure environments, and owning the restorati...