The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are certain to improve your company's threat awareness and overall security. Finding threats targeting orgs in your region The most basic, yet high-impact way to learn about the current threat landscape for your company is to go and see what type of attacks other organizations in your region are experiencing.  In most cases, threat actors attempt to target dozens of businesses at the same time as part of a single campaign. This makes it possible to catch the threat early and make correct adjustments in your organization. How it contributes to your security: More targeted and effective de...

Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker . "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ various deceptive entry points such as software update notifications on compromised WordPress sites, malvertising redirects, phishing emails that link to spoofed update pages, fake CAPTCHA verification prompts , direct downloads from phoney or infected sites, and links shared via social media and messaging apps. Regardless of the method utilized to initiate the infection chain, the software update prompts make use of Microsoft Edge Webview2 to trigger the execution of the payload. "Webview2's dependency on pre-installed components and user interaction complicates dynami...

A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets are usually high-profile organizations, such as governments, diplomatic entities, and research institutions." Also known as Careto, the threat actor was previously documented by the Russian cybersecurity company over a decade ago in February 2014 as having targeted over 380 unique victims since 2007. The origins of the hacking group are currently unknown. Initial access to target networks is facilitated by means of spear-phishing emails embedding links to malicious websites that are designed to trigger browser-based zero-day exploits to infect the visitor (e.g., CVE-...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel (Patched by Adobe in March 2024 )  CVE-2024-35250 (CVSS score: 7.8) - Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges (Patched by Microsoft in June 2024 ) Taiwanese cybersecurity company DEVCORE, which discovered and reported CVE-2024-35250, shared additional technical details in August 2024, stating it's rooted in the Microsoft Kernel Streaming Service (MSKSSRV). There are currently no details on how the shortcomings are being weaponized ...

Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds . "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over 1 million daily 'ad impressions' [in the last ten days] and causing thousands of daily victims to lose their accounts and money through a network of 3,000+ content sites funneling traffic," Nati Tal, head of Guardio Labs, said in a report shared with The Hacker News. The campaigns, as documented by several cybersecurity companies in recent months, involve directing visitors of pirated movie sites and others to bogus CAPTCHA verification pages that instruct them to copy and execute a Base64-encoded PowerShell command, ultimately leading to the deployment of information st...

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy , according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the company said in an 87-page technical report. An analysis of forensic evidence points to the spyware installation occurring when the phone belonging to independent journalist Slaviša Milanov was in the hands of the Serbian police during his detention in early 2024. Some of the other targets included youth activist Nikola Ristić, environmental activist Ivan Milosavljević Buki, and an unnamed activist from Krokodil, a Belgrade-based organization promoting dialogue and reconciliation in the Western Balkans. The development marks one of the first known instances where two dispara...

This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there's a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins against some shady online marketplaces, and technology giants are racing to patch problems before they become a full-blown crisis. If you've been too busy to keep track, now is the perfect time to catch up on what you may have missed. ⚡ Threat of the Week Cleo Vulnerability Comes Under Active Exploitation — A critical vulnerability (CVE-2024-50623) in Cleo's file transfer software—Harmony, VLTrader, and LexiCom—has been actively exploited by cybercriminals , creating major security risks for organizations worldwide. The flaw enables attackers to execute code remotely without authorization...

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we'll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes increasingly prevalent in our software pipelines. What is CI/CD Pipeline Governance? CI/CD pipeline governance refers to the framework of policies, practices, and controls that oversee the entire software delivery process. It ensures that every step, from the moment the code is committed to when it's deployed in production, adheres to organizational standards, security protocols, and regulatory requirements. In DevOps, this governance acts as a guardrail, allowing teams to move fast without compromising on quality, security, or compliance. It's about striking the delicate balance betwee...

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information," ESET noted in its H2 2024 Threat Report shared with The Hacker News. The Slovak cybersecurity company is tracking the threat under the name Nomani , a play on the phrase "no money." It said the scam grew by over 335% between H1 and H2 2024, with more than 100 new URLs detected daily on average between May and November 2024. The attacks play out through fraudulent ads on social media platforms, in several cases targeting people who have previously been scammed by making use of Europol- and INTERPOL-related lures about contacting them for help ...