The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cyberattacks on small to medium-sized businesses (SMBs) are continuing at a relentless pace, with the vast majority of data breaches coming from outside the organization . Some believe hackers are aggressively targeting these smaller firms because they believe SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses. A new report from Cisco, however, challenges this assumption. SMBs have made significant strides enhancing their security protocols and are closing the gap with their bigger counterparts. The report notes 87 percent of SMB business owners rank security a top priority, and more than 99 percent have a dedicated resource focusing on security. SMBs are also becoming more diligent about defining metrics to assess their security effectiveness and implementing security controls and tools at rates similar to large enterprises. No doubt, the emergence of security solutions developed specifically for SMBs is support...

An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT) that can steal passwords, documents, browser cookies, email credentials, and other sensitive information. In an analysis published by Cybereason researchers yesterday, the Evilnum group has not only tweaked its infection chain but has also deployed a Python RAT called "PyVil RAT," which possesses abilities to gather information, take screenshots, capture keystrokes data, open an SSH shell and deploy new tools. "Since the first reports in 2018 through today, the group's TTPs have evolved with different tools while the group has continued to focus on fintech targets," the cybersecurity firm said . "These variations include a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT)" to spy...

Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response. XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top cybersecurity companies are actively moving into this space. Why is XDR receiving all the buzz? Combining (or orchestrating) security technologies in a usable manner has become the bane of cybersecurity as technology spread has overwhelmed the space. There's a massive market for cybersecurity technologies that combine and rationalize other cybersecurity technologies (see SIEM and SOAR). However, most companies find selecting, implementing, integrating, normalizing, operating, and maintaining a fully combined set of cybersecurity technologies far too daunting and only within reach of the largest companies with the deepest pockets. XDR Insights Next week, Senior Analyst Dave Gruber of E...

Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncovered by Norwegian cybersecurity firm Watchcom during a pentest, affect all currently supported versions of the Jabber client (12.1-12.9) and has since been fixed by the company. Two of the four flaws can be exploited to gain remote code execution (RCE) on target systems by sending specially crafted chat messages in group conversations or specific individuals. The most severe of the lot is a flaw (CVE-2020-3495, CVSS score 9.9) that's caused by improper validation of message contents, which could be leveraged by an attacker by sending maliciously-crafted Extensible Messaging and Presence Protocol ( XMPP ) messages to the affected software. "A successful exploit could allow the...

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers. "For threat actors, this data exfiltration mechanism is efficient and doesn't require them to keep up infrastructure that could be taken down or blocked by defenders," Jérôme Segura of Malwarebytes said in a Monday analysis . "They can even receive a notification in real time for each new victim, helping them quickly monetize the stolen cards in underground markets." The TTP was first publicly documented by security researcher @AffableKraut in a Twitter thread last week using data from Dutch cybersecurity firm Sansec. Injecting e-skimmers on shopping websites by exploiting a known...