The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The U.S. Cyber Command (USCYBERCOM) on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's Cyber National Mission Force (CNMF)  said  in a statement. "These include side-loading  DLLs  in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions." The agency characterized the hacking efforts as a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS), corroborating earlier reports about the nation-state actor's provenance. Also tracked under the monikers Static Kitten, Seedworm, Mercury and TEMP.Zagros,  MuddyWater  is known for its  attacks  primarily directed against a wide gamu...

Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent  denial-of-service (DoS) issue  affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its  release notes  for iOS and iPadOS 15.2.1, termed it as a "resource exhaustion issue" that could be triggered when processing a maliciously crafted HomeKit accessory name, adding it addressed the bug with improved validation. The so-called "doorLock" vulnerability, tracked as CVE-2022-22588, affects HomeKit, the software API for connecting smart home devices to iOS applications. Should it be successfully exploited, iPhones and iPads can be sent into a crash spiral simply by changing the name of a HomeKit device to a string larger than 500,000 characters and tricking the target into accepting a malicious Home invitation. Even worse, since HomeKit device names are backed up to iClou...

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as  Nanocore ,  Netwire , and  AsyncRAT  to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and Singapore, researchers from Cisco Talos said in a report shared with The Hacker News. Using existing legitimate infrastructure to facilitate intrusions is increasingly becoming part of an attacker's playbook as it obviates the need to host their own servers, not to mention be used as a cloaking mechanism to evade detection by security solutions. In recent months, collaboration and communication tools like  Discord, Slack, and Telegram  have found a place in many an infection chain to  commandeer and exfiltrate data  from the victim machines....

A new  cross-platform backdoor  called " SysJoker " has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021. "SysJoker masquerades as a system update and generates its [command-and-control server] by decoding a string retrieved from a text file hosted on Google Drive," Intezer researchers Avigayil Mechtinger, Ryan Robinson, and Nicole Fishbein  noted  in a technical write-up publicizing their findings. "Based on victimology and malware's behavior, we assess that SysJoker is after specific targets." The Israeli cybersecurity company, attributing the work to an advanced threat actor, said it first discovered evidence of the implant in December 2021 during an active attack against a Linux-based web server belonging to an unnamed educational institution. A C++-based malware, SysJoker is delivered via a dr...

SMBs and SMEs are increasingly turning to MSSPs to secure their businesses because they simply do not have the resources to manage an effective security technology stack. However, it’s also challenging for MSSPs to piece together an effective but manageable security technology stack to protect their clients, especially at an affordable price point. This is where Extended Detection and Response (XDR) comes in and can help MSSPs boost their profitability from SMB and SME and improve their protections. XDR is heating up within the MSSP market as these security service providers stand to gain tremendous financial and operational benefits from this nascent technology. XDR promises far better security outcomes at a lower cost than the current security stack approaches most MSSPs currently have in place. One sticky point that keeps arising in the XDR discussion has to do with the different technology approaches XDR providers rely upon to deliver platform capabilities. Most of us have heard...