The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are instead led to the download of IcedID, an info-stealing malware," the company's threat intelligence team  said  in a write-up published last Friday. IceID  is a Windows-based banking trojan that's used for reconnaissance and exfiltration of banking credentials, alongside features that allow it to connect to a remote command-and-control (C2) server to deploy additional payloads such as ransomware and malware capable of performing hands-on-keyboard attacks, stealing credentials, and moving laterally across affecte...

The SolarWinds attack , which succeeded by utilizing the sunburst malware , shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual property and other assets. Among the co-victims: US government, government contractors, Information Technology companies, and NGOs. An incredible amount of sensitive data was stolen from several customers after a trojanized version of SolarWinds' application was installed on their internal structures. Looking at the technical capabilities of the malware, as you will see, this particular attack was quite impressive. A particular file, named  SolarWinds.Orion.Core.BusinessLayer.dll  is a SolarWinds digitally signed component of the Orion software framework. The threat actors installed a...

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee  said  in an analysis published on Monday. The apps in question were designed to target users in Brazil, Spain, and the U.S., with most of them accruing anywhere between 1,000 to 5,000 installs. Another app named DefenseScreen racked up 10,000 installs before it was removed from the Play Store last year. First documented by Kaspersky in August 2019,  BRATA  (short for "Brazilian Remote Access Tool Android") emerged as an Android malware with screen recording abilities before steadily morphing into a banking trojan. "It combines full device control capabilitie...

An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working  exploit  concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed to be the same flaw demonstrated by Dataflow Security's Bruno Keith and Niklas Baumstark at  Pwn2Own 2021 hacking contest  last week. Keith and Baumstark were awarded $100,000 for leveraging the vulnerability to run malicious code inside Chrome and Edge. According to the screenshot shared by Agarwal, the PoC HTML file, and its associated JavaScript file, can be loaded in a Chromium-based browser to exploit the security flaw and launch the Windows calculator (calc.exe) app. But it's worth noting that the exploit needs to be chained with another flaw that can allow it to ...

Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled from the company's server. The breach was first disclosed by independent researcher  Rajshekhar Rajaharia  on April 11. It's not immediately clear when the incident occurred. Reacting to the development, the company however said it had recently upgraded its security systems following reports of "unauthorized access into our database" while stressing that users' funds and securities remained protected. As a precaution, besides initiating a secure password reset of users' accounts, Upstox said it restricted access to the impacted database, implying it was a case ...