The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods." IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of nearly five hours worth of video recordings of the state-sponsored group it calls ITG18 (also called Charming Kitten , Phosphorous , or APT35 ) that it uses to train its operators. Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist. "Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the researchers said. The IBM researchers said they found the videos on a virtual private cloud server that wa...

If you ask Alex, he won't admit being old-fashioned. He has been working in the IT industry for a while now and accepts that security is important for the business's health. But reluctant to take security as the business enabler. In today's environment, moving to digitization is a critical step required to drive innovation and business growth. When the application development takes the driver seat, security stalls the progress by saying NO to many things on the highway. — Is what he says. At that point, my friend Daniel got involved and argued that application security is no longer optional to our business as we rely on apps for our day-to-day activities. And, he added a powerful quote: "Because we've brakes in our cars, we can drive fast" - Robert Garigue Businesses will less likely advance if they don't have security (brakes) to do safely. The car's speed obtains improvement with brakes – the improvements to business are the improvement to th...

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps—a total of 337 non-financial Android applications on its target list. Dubbed " BlackRock " by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017. Chief among its features are stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps, in addition to being capable of hiding from antivirus software. "Not only did the [BlackRock] Trojan undergo changes in its code, but also comes with an increased target list and has been ongoing for a longer period," ThreatFabric said. "It contains an important nu...

In a report shared with The Hacker News, researchers at cybersecurity firm CheckPoint today disclosed details of a minor but easy-to-exploit flaw they reported in Zoom, the highly popular and widely used video conferencing software. The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential information using social engineering tricks. We know, social engineering attacks may sound a bit boring, but someone used the same to put Twitter on fire just last night when hundreds of high-profile Twitter accounts were hacked to promote a cryptocurrency scam, all thanks to an employee's compromised internal tooling account. The said vulnerability resides in Zoom's customizable URL feature dubbed Vanity URL, aiming to let companies create a custom URL on its subdomain and branded landing page, such as " yourcompany.zoom.us, " where the invitation link to a meeting then...

Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history . A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a cryptocurrency scam. The broadly targeted hack posted similar worded messages urging millions of followers to send money to a specific bitcoin wallet address in return for larger payback. "Everyone is asking me to give back, and now is the time," a tweet from Mr Gates' account said. "You send $1,000, I send you back $2,000." Twitter termed the security incident as a "coordinated social engineering attack" against its employees who have access to its internal tools. As of writing, the scammers behind the operation have amassed nearly $120,000 in bitco...