The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol's  COVID-19 Cybercrime Analysis Report , based on the feedback of 194 countries, phishing/scam/fraud, malware/ransomware, malicious domains, and fake news have emerged as the biggest digital threats across the world in the wake of the pandemic. Image source: interpol.int There are primarily two reasons for emerging cyber threats in 2020: Most of the population is working, learning, shopping, or running their business from home, where they're using personal devices from the home/public internet connection, which are usually unsafe and hence highly vulnerable to cybercrimes. The cybercriminals are using the COVID-19 theme to exploit people and...

The US Federal Bureau of Investigation (FBI) and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown  happened  last week on December 17. The operators of Joker's Stash operate several versions of the platform, including  Blockchain proxy server domains  — .bazar, .lib, .emc, and .coin — that are responsible for redirecting users to the actual website and two other Tor (.onion) variants. Joker's Stash implemented the use of  Blockchain DNS  via a  Chrome browser extension  in 2017. These Blockchain websites make use of a decentralized DNS where the top-level domains (e.g., .bazar) are not owned by a single central authority, with the lookup records shared over a peer-to-peer network as opposed to a DNS provider, thus bringing in significant advantages like  bul...

The US Cybersecurity Infrastructure and Security Agency (CISA) has  warned  of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks. The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two of these are rated critical in severity. Treck's embedded TCP/IP stack is deployed worldwide in manufacturing, information technology, healthcare, and transportation systems. The most severe of them is a heap-based buffer overflow vulnerability ( CVE-2020-25066 ) in the Treck HTTP Server component that could permit an adversary to crash or reset the target device and even execute remote code. It has a CVSS score of 9.8 out of a maximum of 10. The second flaw is an out-of-bounds write in the IPv6 component ( CVE-2020-27337 , CVSS score 9.1) that could be exploited by an unauthentic...

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre (EC3), announced today the coordinated takedown of Safe-Inet, a popular virtual private network (VPN) service that was used to facilitate criminal activity. The three domains in question — insorg[.]org, safe-inet[.]com, and safe-inet[.]net — were shut down, and their infrastructure seized as part of a joint investigation called "Operation Nova." Europol called Safe-Inet a cybercriminals' " favorite ." A crucial reason for the domains' seizure has been their central role in facilitating ransomware, carrying out web-skimming, spear-phishing, and account takeover attacks. The service, which comes with support for Russian and English languages and has been active for over a decade, offered " bulletproof hosting services " to website visitors, often at a steep price to the criminal underworld. As of December 1, the ...

As the probe into the  SolarWinds supply chain attack  continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor," Microsoft 365 research team  said  on Friday in a post detailing the Sunburst malware. What makes the newly revealed malware, dubbed "Supernova," different is that unlike the Sunburst DLL,  Supernova  ("app_web_logoimagehandler.ashx.b6031896.dll") is not signed with a legitimate SolarWinds digital certificate, signaling that the compromise may be unrelated to the previously disclosed supply chain attack. In a  standalone write-up , ...