The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Are you concerned about ransomware attacks? You're not alone. In recent years, these attacks have become increasingly common and can cause significant damage to organizations of all sizes. But there's good news - with the right security measures in place, such as real-time MFA and service account protection, you can effectively protect yourself against these types of attacks. That's why we're excited to invite you to our upcoming webinar with Yiftach Keshet, cybersecurity expert and Chief Marketing Officer at Silverfort. During this webinar, Yiftach will share his insights on how real-time MFA and service account protection can defeat ransomware attacks, and why identity-focused protection is the only way to stop lateral movement and ransomware spread. Some of the key topics that will be covered in this webinar include: The increasing risk of lateral movement and how it's become one of the most critical risks facing organizations today. The blind spots in MFA...

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly,  said  in a tweet over the weekend. "It appears that Intel Boot Guard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake." Present in the leaked data are firmware image signing keys associated with 57 PCs and private signing keys for Intel Boot Guard used on 116 MSI products. The Boot Guard keys from MSI are believed to impact several device vendors, including Intel, Lenovo and Supermicro. Intel Boot Guard is a  hardware-based security technology  that's designed to protect computers against executing tampered UEFI firmware. The development comes a month after MSI  fell victim  to a double...

Digital storage giant Western Digital confirmed that an "unauthorized third party" gained access to its systems and stole personal information belonging to the company's online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephone numbers," the San Jose-based company  said  in a disclosure last week. "In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers." The development comes a little over a month after Western Digital  divulged  a "network security incident" on March 26, 2023, prompting the company to take its cloud services offline. A subsequent report from TechCrunch last month  revealed  that the threat actors behind the attack were allegedly in possession of "around 10 terabytes of data" and were negotiating with Western Digital for a ra...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

The suspected Pakistan-aligned threat actor known as  SideCopy  has been observed leveraging themes related to the Indian military research organization as part of an ongoing phishing campaign. This involves using a ZIP archive lure pertaining to India's Defence Research and Development Organization ( DRDO ) to deliver a malicious payload capable of harvesting sensitive information, Fortinet FortiGuard Labs  said  in a new report. The cyber espionage group, with  activity  dating back to at least 2019, targets entities that align with Pakistan government interests. It's believed to share overlaps with another Pakistani hacking crew called  Transparent Tribe . SideCopy's use of DRDO-related decoys for malware distribution was previously flagged by  Cyble  and Chinese cybersecurity firm  QiAnXin  in March 2023, and again by  Team Cymru  last month. Interestingly, the same attack chains have been observed to load and ex...

Threat hunting is an essential component of your cybersecurity strategy. Whether you're getting started or in an advanced state, this article will help you ramp up your threat intelligence program. What is Threat Hunting? The cybersecurity industry is shifting from a reactive to a proactive approach. Instead of waiting for cybersecurity alerts and then addressing them, security organizations are now deploying red teams to actively seek out breaches, threats and risks, so they can be isolated. This is also known as "threat hunting."  Why is Threat Hunting Required? Threat hunting complements existing prevention and detection security controls. These controls are essential for mitigating threats. However, they are optimized for low false positive alerting. Hunt solutions, on the other hand, are optimized for low false negatives. This means that the anomalies and outliers that are considered false positives for detection solutions, are hunting solutions' leads, to b...

An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA). The emails, per the  agency , are sent using compromised accounts and come with a ZIP archive that, in reality, is a  polyglot file  containing a decoy document and a JavaScript file. The JavaScript code is then used to launch an executable that paves for the execution of the  SmokeLoader malware . SmokeLoader, first detected in 2011, is a  loader  whose main objective is to download or load a stealthier or more effective malware onto infected systems. CERT-UA attributed the activity to a threat actor it calls UAC-0006 and characterized it as a financially motivated operation carried out with the goal of stealing credentials and making unauthorized fund transfers. In a related advisory, Ukraine's cybersecurity authority also revealed details of...

An advanced persistent threat (APT) actor known as  Dragon Breath  has been observed adding new layers of complexity to its attacks by adopting a novel  DLL side-loading  mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time," Sophos researcher Gabor Szappanos  said . "The latest campaigns add a twist in which a first-stage clean application 'side'-loads a second clean application and auto-executes it. The second clean application side-loads the malicious loader DLL. After that, the malicious loader DLL executes the final payload." Operation Dragon Breath, also tracked under the names APT-Q-27 and Golden Eye, was  first   documented  by QiAnXin in 2020, detailing a watering hole campaign designed to trick users into downloading a trojanized Windows installer for Telegram. A  subsequen...

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available both as a free and pro version, has over  two million active installations . The issue was discovered and reported to the maintainers on May 2, 2023. "This vulnerability allows any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by tricking a privileged user to visit the crafted URL path," Patchstack researcher Rafie Muhammad  said . Reflected XSS  attacks usually occur when victims are tricked into clicking on a bogus link sent via email or another route, causing the malicious code to be sent to the vulnerable website, which reflects ...

Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called  FluHorse  that abuses the Flutter software development framework. "The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs," Check Point  said  in a technical report. "These malicious apps steal the victims' credentials and two-factor authentication (2FA) codes." The malicious apps have been found to imitate popular apps like ETC and VPBank Neo, which are widely used in Taiwan and Vietnam. Evidence gathered so far shows that the activity has been active since at least May 2022.  The phishing scheme in itself is fairly straightforward, wherein victims are lured with emails that contain links to a bogus website that hosts malicious APK files. Also added to the website are checks that aim to screen victi...

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called  drIBAN  since at least 2019. "The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the beneficiary and transferring money to an illegitimate bank account," Cleafy researchers Federico Valentini and Alessandro Strino  said . The bank accounts, per the Italian cybersecurity firm, are either controlled by the threat actors themselves or their affiliates, who are then tasked with laundering the stolen funds. The use of web injects is a time-tested tactic that makes it possible for malware to inject custom scripts on the client side by means of a man-in-the-browser ( MitB ) attack and intercept traffic to and from the server. The fraudulent transactions are often realized by means of a technique ...

The North Korean state-sponsored threat actor known as  Kimsuky  has been discovered using a new reconnaissance tool called  ReconShark  as part of an ongoing global campaign. "[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros," SentinelOne researchers Tom Hegel and Aleksandar Milenkoski  said . Kimsuky  is also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Nickel Kimball, and Velvet Chollima. Active since at least 2012, the  prolific   threat actor  has been linked to  targeted   attacks  on non-governmental organizations (NGOs), think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe. The latest intrusion set documented by SentinelOne leverages geopolitical theme...

Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-party apps and open-source tools. Online businesses increasingly struggle to maintain complete visibility and control over the ever-changing third-party threat landscape, with sophisticated threats like evasive skimmers, Magecart attacks, and unlawful tracking practices potentially causing severe damage. This article explores the challenges of protecting modern websites from third-party scripts and the security risks associated with a lack of visibility over these scripts. Invisible to Standard Security Controls  Third-party scripts are often invisible to standard security controls like Web Application Firewalls (WAFs) because they are loaded from external sources that are not under the con...