#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors

Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors

Nov 10, 2023 Cyber Attack / Cyber Threat
A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed by CrowdStrike to a threat actor it tracks under the name  Imperial Kitten , and which is also known as Crimson Sandstorm (previously Curium), TA456, Tortoiseshell, and Yellow Liderc. The latest findings from the company build on prior reports from  Mandiant ,  ClearSky , and  PwC , the latter of which also detailed instances of strategic web compromises (aka watering hole attacks) leading to the deployment of IMAPLoader on infected systems. "The adversary, active since at least 2017, likely fulfills Iranian strategic intelligence requirements associated with IRGC operations," CrowdStrike  said  in a technical report. "Its activity is characterized by its use of social engineering, particularly job recrui...
Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan

Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan

Nov 10, 2023 Privacy / Cyber Espionage
Urdu-speaking readers of a regional news website that caters to the Gilgit-Baltistan region have likely emerged as a target of a watering hole attack designed to deliver a previously undocumented Android spyware dubbed  Kamran . The campaign, ESET has  discovered , leverages Hunza News (urdu.hunzanews[.]net), which, when opened on a mobile device, prompts visitors of the Urdu version to install its Android app directly hosted on the website. The app, however, incorporates malicious espionage capabilities, with the attack compromising at least 20 mobile devices to date. It has been available on the website since sometime between January 7, and March 21, 2023, around when  massive protests  were held in the region over land rights, taxation, and extensive power cuts. The malware, activated upon package installation, requests for intrusive permissions, allowing it to harvest sensitive information from the devices.  This includes contacts, call logs, calendar ...
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability

Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability

Nov 09, 2023 Vulnerability / Zero Day
The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in  MOVEit Transfer  and  PaperCut servers . The issue, tracked as  CVE-2023-47246 , concerns a path traversal flaw that could result in code execution within on-premise installations. It has been patched by SysAid in version 23.3.36 of the software. "After exploiting the vulnerability, Lace Tempest issued commands via the SysAid software to deliver a malware loader for the Gracewire malware," Microsoft  said . "This is typically followed by human-operated activity, including lateral movement, data theft, and ransomware deployment." According to SysAid, the threat actor has been  observed  uploading a WAR archive containing a web shell and other payloads in...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Find and Fix the Gaps in Your Security Tools

websitePrelude SecuritySecurity Control Validation
Connect your security tools for 14-days to find missing and misconfigured controls.
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

Nov 09, 2023 Endpoint Security / Malware
A new  malvertising campaign  has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection," Malwarebytes' Jérôme Segura  said . While malvertising campaigns are known to set up replica sites advertising widely-used software, the latest activity marks a deviation in that the website mimics WindowsReport[.]com. The goal is to trick unsuspecting users searching for CPU-Z on search engines like Google by serving malicious ads that, when clicked, redirect them to the fake portal (workspace-app[.]online). At the same time, users who are not the intended victims of the campaign are served an innocuous blog with different articles, a technique known a...
When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules

When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules

Nov 09, 2023 Email Security / SaaS Security
While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company,  announced yesterday  that their SaaS shadow IT discovery methods now include a solution that solves for auto-email forwarding as well. While Wing's shadow IT solution is  offered as a free tool  that can be onboarded and used as a self-service, users willing to upgrade will be able to enjoy the company's new Gmail and Outlook integrations, which broaden the company's discovery capabilities and extend their data security features. The risks of email auto-forwarding rules Auto-forwarding emails is a great way to save time on repetitive tasks and are therefore very popular among employees who regularly collaborate and share information with external business par...
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel

MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel

Nov 09, 2023 Cyber Attack / Malware
Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called  MuddyC2Go  as part of  attacks targeting Israel . "The framework's web component is written in the Go programming language," Deep Instinct security researcher Simon Kenin  said  in a technical report published Wednesday. The tool has been attributed to  MuddyWater , an  Iranian   state-sponsored   hacking   crew  that's affiliated to the country's Ministry of Intelligence and Security (MOIS). The cybersecurity firm said the C2 framework may have been put to use by the threat actor since early 2020, with recent attacks leveraging it in place of PhonyC2 , another custom C2 platform from MuddyWater that came to light in June 2023 and has had its source code leaked. Typical attack sequences observed over the years have involved sending spear-phishing emails bearing malware-laced archives or bogus links that lea...
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation

CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation

Nov 09, 2023 Cyber Attack / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday  added  a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as  CVE-2023-29552  (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be weaponized to launch massive DoS amplification attacks. It was  disclosed  by Bitsight and Curesec earlier this April. "The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor," CISA  said . SLP is a protocol that allows systems on a local area network (LAN) to discover each other and establish communications. The exact details surrounding the nature of exploitation of the flaw a...
Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

Nov 08, 2023 Cloud Security / Cryptocurrency
Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft  Azure Automation  service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including one that can be executed on a victim's environment without attracting any attention. "While this research is significant because of its potential impact on cryptocurrency mining, we also believe it has serious implications for other areas, as the techniques could be used to achieve any task that requires code execution on Azure," security researcher Ariel Gamrian  said  in a report shared with The Hacker News. The study mainly set out to identify an "ultimate crypto miner" that offers unlimited access to computational resources, while simultaneously requiring little-to-no maintenance, is cost-free, and undetectable. That's where Azure Automation comes in. ...
WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

Nov 08, 2023 Privacy / Data Security
Meta-owned WhatsApp is officially rolling out a  new privacy feature  in its messaging service called "Protect IP Address in Calls" that masks users' IP addresses to other parties by relaying the calls through its servers. "Calls are end-to-end encrypted, so even if a call is relayed through WhatsApp servers, WhatsApp cannot listen to your calls," the company said in a statement shared with The Hacker News. The core idea is to make it harder for bad actors in the call to infer a user's location by securely relaying the connection through WhatsApp servers. However, a tradeoff to enabling the privacy option is a slight dip in call quality. Viewed in that light, it's akin to Apple's  iCloud Private Relay , which adds an anonymity layer by  routing users' Safari browsing sessions  through two secure internet relays. It's worth noting that the "Protect IP Address in Calls" feature has been under development since at least late Augu...
Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

Nov 08, 2023 Supply Chain / Software Security
A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called  BlazeStealer , Checkmarx said in a report shared with The Hacker News. "[BlazeStealer] retrieves an additional malicious script from an external source, enabling a Discord bot that gives attackers complete control over the victim's computer," security researcher Yehuda Gelb said. The campaign, which commenced in January 2023, entails a total of eight packages named Pyobftoexe, Pyobfusfile, Pyobfexecute, Pyobfpremium, Pyobflite, Pyobfadvance, Pyobfuse, and pyobfgood, the last of which was published in October.  These modules come with setup.py and init.py files that are designed to retrieve a Python script hosted on transfer[.]sh, which gets executed immediately upon...
Guide: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks

Guide: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks

Nov 08, 2023 Artificial Intelligence / Cybersecurity
Download the free guide , "It's a Generative AI World: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks." ChatGPT now boasts anywhere from 1.5 to 2 billion visits per month. Countless sales, marketing, HR, IT executive, technical support, operations, finance and other functions are feeding data prompts and queries into generative AI engines. They use these tools to write articles, create content, compose emails, answer customer questions and generate plans and strategies.  However, gen AI usage is happening far in advance of efforts to implement safeguards and cybersecurity constraints. Three primary areas of security concern associated with generative AI are: sensitive data included in gen AI scripts, outcomes produced by these tools that may put an organization at risk, and potential hazards related to utilizing third-party generative AI tools. Unchecked AI usage in organizations can lead to:  Major data breaches.  Compromised identities...
Expert Insights Articles Videos
Cybersecurity Resources