The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we'll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes increasingly prevalent in our software pipelines. What is CI/CD Pipeline Governance? CI/CD pipeline governance refers to the framework of policies, practices, and controls that oversee the entire software delivery process. It ensures that every step, from the moment the code is committed to when it's deployed in production, adheres to organizational standards, security protocols, and regulatory requirements. In DevOps, this governance acts as a guardrail, allowing teams to move fast without compromising on quality, security, or compliance. It's about striking the delicate balance betwee...

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information," ESET noted in its H2 2024 Threat Report shared with The Hacker News. The Slovak cybersecurity company is tracking the threat under the name Nomani , a play on the phrase "no money." It said the scam grew by over 335% between H1 and H2 2024, with more than 100 new URLs detected daily on average between May and November 2024. The attacks play out through fraudulent ads on social media platforms, in several cases targeting people who have previously been scammed by making use of Europol- and INTERPOL-related lures about contacting them for help ...

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (aka APT41). "Interestingly, our investigation revealed that Glutton's creators deliberately targeted systems within the cybercrime market," the company said . "By poisoning operations, they aimed to turn the tools of cybercriminals against them – a classic 'no honor among thieves' scenario." Glutton is designed to harvest sensitive system information, drop an ELF backdoor component, and perform code injection against popular PHP frameworks like Baota (BT), ThinkPHP, Yii, and Laravel. The ELF malware also shares "near-complete similarity" with a know...

The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv . These groups, per the agency, consisted exclusively of children aged 15 and 16. "The minors carried out hostile tasks of conducting reconnaissance, correcting strikes, and arson," the SSU said in a statement released Friday. "To mask subversive activities, both enemy cells operated separately from each other." As per the quest game rules set by the FSB, the children were given geographic coordinates, after which they were instructed to get to the location, take photos and videos of targets, and provide a general description of the surrounding area. The results of these reconnaissance m...

Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains in question. Impacted devices include digital picture frames, media players, and streamers, and likely phones and tablets. "What all of these devices have in common is that they have outdated Android versions and were delivered with pre-installed malware," the BSI said in a press release. BADBOX was first documented by HUMAN's Satori Threat Intelligence and Research team in October 2023, describing it as a "complex threat actor scheme" that involves deploying the Triada Android malware on low-cost, off-brand Android devices by exploiting weak supply chain links...

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai . "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not limited and can be used against any potential target." The starting point of the attack chain is a RAR archive containing two Windows shortcut files named in Thai that translate to "United States Department of Justice.pdf" and "United States government requests international cooperation in criminal matters.docx." The exact initial vector used to deliver the payload is currently not known, although Hegde speculated that it would likely be spear-phishing due to the lures employed and the fact that RAR files have been used as malicious attachment...

A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that involves phishing and several trojanized GitHub repositories hosting proof-of-concept (PoC) code for exploiting known security flaws. "Victims are believed to be offensive actors – including pentesters and security researchers, as well as malicious threat actors – and had sensitive data such as SSH private keys and AWS access keys exfiltrated," researchers Christophe Tafani-Dereeper, Matt Muir, and Adrian Korn said in an analysis shared with The Hacker News. It's no surprise that security researchers have been an attractive target for threat actors, including nation-sta...

A security flaw has been disclosed in OpenWrt 's Attended Sysupgrade ( ASU ) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143 , carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the flaw on December 4, 2024. The issue has been patched in ASU version 920c8a1 . "Due to the combination of the command injection in the imagebuilder image and the truncated SHA-256 hash included in the build request hash, an attacker can pollute the legitimate image by providing a package list that causes the hash collision," the project maintainers said in an alert. OpenWrt is a popular open-source Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Successful exploitation of the shortcoming could essentiall...

The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for DPRK-controlled companies Yanbian Silverstar and Volasys Silver Star, located in the People's Republic of China (PRC) and the Russian Federation (Russia), respectively, conspired to use false, stolen, and borrowed identities of U.S. and other persons to conceal their North Korean identities and foreign locations and obtain employment as remote information technology (IT) workers," the DoJ said . The IT worker scheme generated at least $88 million for the North Korean regime over a span of six years, it's been alleged. In addition, the remote workers engaged in information th...

Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), firewalls, and other Linux-based IoT/OT platforms. "While the malware is believed to be custom-built by the threat actor, it seems that the malware is generic enough that it is able to run on a variety of platforms from different vendors due to its modular configuration," the company said . The development makes IOCONTROL the tenth malware family to specifically single out Industrial Control Systems (ICS) after Stuxnet, Havex, Industroyer (aka CrashOverride), Triton (aka Trisis), BlackEnergy2, Industroyer2, PIPEDREAM (a...