The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. Called " Sunspot ," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop. "This highly sophisticated and novel code was designed to inject the Sunburst malicious code into the SolarWinds Orion Platform without arousing the suspicion of our software development and build teams," SolarWinds' new CEO Sudhakar Ramakrishna  explained . While  preliminary evidence  found that operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, the latest findings reveal a new timeline that establishes the first brea...

Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in  the SolarWinds hack  to a previously known malware strain. In new  research  published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as  Kazuar , a .NET-based malware first documented by Palo Alto Networks in 2017. Disclosed early last month, the  espionage campaign  was notable for its scale and stealth, with the attackers leveraging the trust associated with SolarWinds Orion software to infiltrate government agencies and other companies so as to deploy a custom malware codenamed "Sunburst." Shared Features Between Sunburst and Kazuar Attribution for the SolarWinds supply-chain compromise has been difficult in part due to little-to-no clues linking the attack infrastructure to previous campaigns or other well-known threat groups. But Kaspersky's l...

A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies. Andrei Tyurin was  charged  with computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses, and for his role in one of the largest thefts of U.S. customer data from a single financial institution in history, which involved the personal information of more than 80 million J.P. Morgan Chase customers. Besides the investment bank, some of the other major targets of the hacks were E*Trade, Scottrade, and the Wall Street Journal. Tyurin, who carried out the extensive hacking from his home in Moscow between 2012 to mid-2015, is believed to have netted over $19 million in criminal proceeds as part of his intrusion schemes. In one such instance of security f...

Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it. The vulnerability (tracked as CVE-2021-3011 ) allows the bad actor to extract the encryption key or the  ECDSA  private key linked to a victim's account from a FIDO Universal 2nd Factor (U2F) device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections. "The adversary can sign in to the victim's application account without the U2F device, and without the victim noticing," NinjaLab researchers Victor Lomne and Thomas Roche  said  in a 60-page analysis. "In other words, the adversary created a clone of the U2F device for the victim's application account. This c...

A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to  APT37  (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT). "The file contains an embedded macro that uses a VBA self decoding technique to decode itself within the memory spaces of Microsoft Office without writing to the disk. It then embeds a variant of the RokRat into Notepad," the researchers  noted  in a Wednesday analysis. Believed to be active at least since 2012, the  Reaper APT  is known for its focus on public and private entities primarily in South Korea, such as chemicals, electronics, manufacturing, aerospace, automotive, and healthcare entities. Since then, their victimology has expanded beyond the Korean...