The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive ads. The findings were  reported  by the Czech cybersecurity firm Avast on Monday, which said the 21 malicious apps (list  here ) were downloaded nearly eight million times from Google's app marketplace. The apps masqueraded as harmless gaming apps and came packed with  HiddenAds  malware, a notorious Trojan known for its capabilities to serve intrusive ads outside of the app. The group behind the operation relies on social media channels to lure users into downloading the apps. Earlier this June, Avast discovered a  similar HiddenAds campaign  involving 47 gaming apps with over 15 million downloads that were leveraged to display device-wide intrusive ads. "Developers of adware are increasingly using social media channels, like regular marketers would," Avast's Jakub Vávra said....

Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. "Links shared in chats may contain private information intended only for the recipients," researchers Talal Haj Bakry and Tommy Mysk  said . "This could be bills, contracts, medical records, or anything that may be confidential." "Apps that rely on servers to generate link previews may be violating the privacy of their users by sending links shared in a private chat to their servers." Generating Link Previews at the Sender/Receiver Side Link previews are a common feature in most chat apps, making it easy to display a visual preview and a brief description of the shared link. Although apps like  Signal  and  Wire  give users the option to turn on/off l...

Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a  new open framework  that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the  Adversarial ML Threat Matrix , the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems. Just as artificial intelligence (AI) and ML are being deployed in a wide variety of novel applications, threat actors can not only  abuse the technology  to power their malware but can also leverage it to  fool machine learning models  with poisoned datasets, thereby causing beneficial systems to make incorrect decisions, and pose a threat to stability and safety of AI applications. Indeed, ESET researchers last year found  Emotet  — a notorious  email-based malware  behind several botnet-driven spam campaigns and ransomware attacks — to...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to hijack targeted computers. Tracked as CVE-2020-15999 , the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome. The vulnerability was discovered and reported by security researcher Sergei Glazunov of Google Project Zero on October 19 and is subject to a seven-day public disclosure deadline due to the flaw being under active exploitation. Glazunov also immediately reported the zero-day vulnerability to FreeType developers, who then ...

Graphic for illustration Cybersecurity researchers on Tuesday  disclosed details  about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were discovered by Pakistani security researcher Rafay Baloch in the summer of 2020 and jointly reported by Baloch and cybersecurity firm  Rapid7  in August before they were addressed by the browser makers over the past few weeks. UCWeb and Bolt Browser remain unpatched as yet, while Opera Mini is expected to receive a fix on November 11, 2020. The issue stems from using malicious executable JavaScript code in an arbitrary website to force the browser to update the address bar while the page is still loading to another address of the attacker's choice. Original PoC demo "The vulnerability occurs ...

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed " GravityRAT " — now masquerades as legitimate Android and macOS apps to capture device data, contact lists, e-mail addresses, and call and text logs and transmit them to an attacker-controlled server. First documented by the Indian Computer Emergency Response Team (CERT-In) in August 2017 and subsequently by  Cisco Talos  in April 2018, GravityRAT has been known to target Indian entities and organizations via malware-laced Microsoft Office Word documents at least since 2015. Noting that the threat actor developed at least four different versions of the espionage tool, Cisco said, "the developer was clever enough to keep this infrastructure safe, and not have it blackl...

The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the "most disruptive and destructive series of computer attacks ever attributed to a single group," according to the Justice Department ( DoJ ). All the six men — Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin — have been charged with seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. "The object of the conspiracy was to deploy destructive malware and take other disruptive actions, for the strateg...

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer  Andy Nguyen , the three flaws — collectively called BleedingTooth — reside in the open-source  BlueZ  protocol stack that offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices. The first and the most severe is a heap-based type confusion ( CVE-2020-12351 , CVSS score 8.3) affecting Linux kernel 4.8 and higher and is present in the Logical Link Control and Adaptation Protocol ( L2CAP ) of the Bluetooth standard, which provides multiplexing of data between different higher layer protocols. "A remote attacker in short distance knowing the victim's [Bluetooth device] address can send a malicious l2cap packet and cause denial ...

The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have started relying more on technology and are busy fighting with the pandemic, the attackers now have plenty of options to target them more than ever. According to PWC's April report, the number of security threats to the Indian company doubled in March 2020—especially what's more worrying is a 100% rise between March 17 and 20—from Jan 2020. Sanjay Dhotre, the Union Minister of State for Electronics & Information Technology (MeITY),  said  that India has seen over 350,000 cyberattacks in the second quarter, triple the number of recorded events in the first quarter of 2020. He also highlighted that the...

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor's Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8. For those unaware, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists, political dissidents and journalists. FinSpy malware can target both desktop and mobile operating systems, including And...

A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye's Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations' networks, in addition to deploying point-of-sale (POS) malware targeting financial, retail, restaurant, and pharmaceutical sectors. "Recent FIN11 intrusions have most commonly led to data theft, extortion and the disruption of victim networks via the distribution of CLOP ransomware ," Mandiant said . Although FIN11's activities in the past have been tied to malware such as FlawedAmmyy , FRIENDSPEAK , and MIXLABEL, Mandiant notes significant overlap in TTPs with another threat group that cybersecurity researchers call TA505 , which is behind the infamous Dridex banking Trojan and Locky ransomware that'...

Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security solution instances across their client base. Multitenancy allows various independent instances of a solution to be managed in a single, shared environment. Cybersecurity company Cynet just published an instructive paper on the benefits along with the key considerations MSSPs should evaluate when selecting a multitenant platform ( download here ). Eliminating Information Overload with a Single Pane of Glass Many MSSPs suffer from information whiplash - jumping between screens every time a different client environment needs attention. And, effectively monitoring and responding to the torrent of se...

Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its  October 2020 Patch Tuesday , including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect Windows, Office and Office Services and Web Apps, Visual Studio, Azure Functions, .NET Framework, Microsoft Dynamics, Open Source Software, Exchange Server, and the Windows Codecs Library. Although none of these flaws are listed as being under active attack, six vulnerabilities are listed as publicly known at the time of release. Chief among the most critical bugs patched this month include  CVE-2020-16898  (CVSS score 9.8). According to Microsoft, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer to exploit the RCE flaw in the TCP/IP stack to execute ...

Days after the US Government took steps to disrupt the notorious TrickBot botnet , a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit , Lumen's Black Lotus Labs , ESET , Financial Services Information Sharing and Analysis Center ( FS-ISAC ), NTT , and Broadcom's Symantec , was undertaken after their request to halt TrickBot's operations was granted by the US District Court for the Eastern District of Virginia. The development comes after the US Cyber Command mounted a campaign to thwart TrickBot's spread over concerns of ransomware attacks targeting voting systems ahead of the presidential elections next month. Attempts aimed at impeding the botnet were first reported by KrebsOnSecurity early this month. Microsoft and its partners analyzed over 186,000 TrickBot samples, using it to track down the m...

Since the beginning of this year, organizations' IT staff have faced numerous challenges and an increased workload as a result of the global pandemic and shift to a mainly remote workforce. Supporting end-users that are now working from home has introduced new challenges in troubleshooting since it isn't as simple as visiting an end user's desk to resolve issues as they arise. One support issue common to both on-premises and remote end-users is password resets and other account-related activities. These include accounts that are locked out, passwords that have expired, and password changes. Implementing a  self-service password reset (SSPR)  solution can be a quick win for IT staff who are now supporting both on-premises and remote workers and taking care of other normal daily tasks. Let's look at why SSPR solutions can lead to quick results in lowering the overall support burden on IT staff. Increased Strain On IT Staff The global pandemic this year has been challengin...

Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note. The findings concern a variant of a known Android ransomware family dubbed "MalLocker.B" which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as an obfuscation mechanism to evade security solutions. The development comes amid a huge surge in ransomware attacks against critical infrastructure across sectors, with a 50% increase in the daily average of ransomware attacks in the last three months compared to the first half of the year, and cybercriminals increasingly incorporating double extortion in their playbook. MalLocker has been known for being hosted on malicious websites and circulated on online forums using various social engineering lures by masquerading as popular apps, cracked games, or video players. Pre...