#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Third-Party ChatGPT Plugins Could Lead to Account Takeovers

Third-Party ChatGPT Plugins Could Lead to Account Takeovers

Mar 15, 2024 Data Privacy / Artificial Intelligence
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to  new research  published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users' consent and hijack accounts on third-party websites like GitHub. ChatGPT plugins , as the name implies, are tools designed to run on top of the large language model (LLM) with the aim of accessing up-to-date information, running computations, or accessing third-party services. OpenAI has since also introduced  GPTs , which are bespoke versions of ChatGPT tailored for specific use cases, while reducing third-party service dependencies. As of March 19, 2024, ChatGPT users  will no longer  be able to install new plugins or create new conversations with existing plugins. One of the flaw...
Google Introduces Enhanced Real-Time URL Protection for Chrome Users

Google Introduces Enhanced Real-Time URL Protection for Chrome Users

Mar 15, 2024 Browser Security / Phishing Attack
Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. "The  Standard protection mode for Chrome  on desktop and iOS will check sites against Google's server-side list of known bad sites in real-time," Google's Jonathan Li and Jasika Bawa  said . "If we suspect a site poses a risk to you or your device, you'll see a warning with more information. By checking sites in real time, we expect to block 25% more phishing attempts." Up until now, the Chrome browser used a locally-stored list of known unsafe sites that's updated every 30 to 60 minutes, and then leveraging a  hash-based approach  to compare every site visited against the database. Google  first revealed  its plans to switch to real-time server-side checks without sharing users' browsing history with the company in September 2023. The reason for the change, the...
Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Mar 15, 2024 Malvertising / Threat Intelligence
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy  Geacon , a Golang-based implementation of Cobalt Strike. "The malicious site found in the notepad++ search is distributed through an advertisement block," Kaspersky researcher Sergey Puzan  said . "Opening it, an attentive user will immediately notice an amusing inconsistency: the website address contains the line vnote, the title offers a download of Notepad‐‐ (an analog of Notepad++, also distributed as open-source software), while the image proudly shows Notepad++. In fact, the packages downloaded from here contain Notepad‐‐." The website, named vnote.fuwenkeji[.]cn, contains download links to Windows, Linux, and macOS versions of the software, with the link to the Windows variant pointing to the official  Gitee repository  containin...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Find and Fix the Gaps in Your Security Tools

websitePrelude SecuritySecurity Control Validation
Connect your security tools for 14-days to find missing and misconfigured controls.
LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

Mar 14, 2024 Ransomware / Cyber Crime
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev , an Ontario resident, was  originally arrested  in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with doing so." News of Vasiliev's jail term was  first reported  by CTV News.  The defendant, who had his home searched by Canadian law enforcement authorities in August and October 2022, is said to have kept a list of "prospective or historical" victims and screenshots of communications exchanged with "LockBitSupp" on the Tox messaging platform. The raid also uncovered a text file with instructions to deploy LockBit ransomware, the ransomware source code, and a control panel used by the e-crime group to deliver the file-locking malware....
Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Mar 14, 2024 Container Security / Vulnerability
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. "The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled  said . "To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster." Tracked as CVE-2023-5528 (CVSS score: 7.2), the shortcoming impacts all versions of kubelet, including and after version 1.8.0. It was addressed as part of updates released on November 14, 2023, in the following versions - kubelet v1.28.4 kubelet v1.27.8 kubelet v1.26.11, and kubelet v1.25.16 "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes," Kubernetes maintainers  s...
3 Things CISOs Achieve with Cato

3 Things CISOs Achieve with Cato

Mar 14, 2024 Data Protection / Cybersecurity
Being a CISO is a balancing act: ensuring organizations are secure without compromising users' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the  Cato SASE Cloud platform  to balance these factors without compromise. This article details how CISOs are leveraging Cato across different touchpoints of their  SASE  and SSE transition journey. It shows the top 3 achievements CISOs can accomplish: visibility, real-time threat prevention, and data sovereignty. Read and discover how it's done. Since Cato is easy to deploy, adopt and manage, you can soon benefit from these capabilities as well. To read a more in-depth explanation of these findings, click  here . Achievement #1: Comprehensive Visibility Sites can be quickly onboarded using Cato's zero-touch Socket edge SD-WAN devices or IPSEC tunnels. At the same time, remote users ca...
RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

Mar 14, 2024 Cyber Espionage / Malware
The Russian-speaking cybercrime group called  RedCurl  is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant ( PCA ) to execute malicious commands. "The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues with older programs," Trend Micro  said  in an analysis published this month. "Adversaries can exploit this utility to enable command execution and bypass security restrictions by using it as an alternative command-line interpreter. In this investigation, the threat actor uses this tool to obscure their activities." RedCurl , which is also called Earth Kapre and Red Wolf, is known to be active since at least 2018, orchestrating corporate cyber espionage attacks against entities located in Australia, Canada, Germany, Russia, Slovenia, the U.K., Ukraine, and the U.S. In July 2023, F.A.C.C.T.  revealed  that a major Russian bank an...
Ande Loader Malware Targets Manufacturing Sector in North America

Ande Loader Malware Targets Manufacturing Sector in North America

Mar 14, 2024 Cyber Threat / Malware
The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire  said . Blind Eagle (aka APT-C-36) is a  financially motivated threat actor  that has a history of orchestrating cyber attacks against entities in Colombia and Ecuador to deliver an  assortment of RATs , including AsyncRAT, BitRAT, Lime RAT, NjRAT, Remcos RAT, and Quasar RAT. The latest findings mark an expansion of the threat actor's targeting footprint, while also leveraging phishing emails bearing RAR and BZ2 archives to activate the infection chain. The password-protected RAR archives come with a malicious Visual Basic Script (VBScript) file that's responsible for establishing persistence in the Windows Startup folder and launching the Ande Loade...
DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

Mar 14, 2024 Malware / Cyber Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. "During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI) installers," Trend Micro  said . CVE-2024-21412 (CVSS score: 8.1) concerns an internet shortcut files security feature bypass vulnerability that permits an unauthenticated attacker to circumvent SmartScreen protections by tricking a victim into clicking on a specially crafted file. It was  fixed  by Microsoft as part of its Patch Tuesday updates for February 2024, but not before it was weaponized by a threat actor called  Water Hydra  (aka DarkCasino) to deliver the DarkMe malware in attacks targeting financial instituti...
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Mar 14, 2024 Vulnerability / Network Security
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests," the company  said  in an advisory. The vulnerability, tracked as CVE-2023-48788, carries a CVSS rating of 9.3 out of a maximum of 10. It impacts the following versions - FortiClientEMS 7.2.0 through 7.2.2 (Upgrade to 7.2.3 or above) FortiClientEMS 7.0.1 through 7.0.10 (Upgrade to 7.0.11 or above) Horizon3.ai, which  plans  to release additional technical details and a proof-of-concept (PoC) exploit next week, said the shortcoming could be exploited to obtain remote code execution as SYSTEM on the server. Fortinet has credited Thiago Santana from the Forticlien...
Demystifying a Common Cybersecurity Myth

Demystifying a Common Cybersecurity Myth

Mar 13, 2024 App Security / Cyber Security
One of the most common misconceptions in file upload cybersecurity is that certain tools are "enough" on their own—this is simply not the case. In our latest  whitepaper  OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today's ever-evolving file upload security landscape, and a big part of that is understanding where the pitfalls are, and how to avoid them. The first step in that process is understanding that three commonly used tools or solutions are not enough on their own. Let's explore this concept and take a closer look at a better solution. Understanding the Challenge Modern web applications are complex, utilizing internet-connected IT systems that interface with critical OT systems, as well as leveraging a wide range of cloud providers and protocols. All these systems transfer and store highly sensitive and valuable data across government, healthcare, power, financial, and other critical sectors the wor...
PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

Mar 13, 2024 Financial Fraud / Mobile Security
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app's icon from the home screen of the victim's device, IBM said in a technical report published today. "Thanks to this new technique, during PixPirate reconnaissance and attack phases, the victim remains oblivious to the malicious operations that this malware performs in the background," security researcher Nir Somech  said . PixPirate, which was  first documented  by Cleafy in February 2023, is known for its abuse of Android's accessibility services to covertly perform unauthorized fund transfers using the PIX instant payment platform when a targeted banking app is opened. The constantly mutating malware is also capable of stealing victims' online banking credentials and credit card information, as well as capturing keystrokes and interc...
Expert Insights Articles Videos
Cybersecurity Resources