-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

Jan 19, 2022
The financially motivated  FIN8 actor , in all likelihood, has resurfaced with a never-before-seen ransomware strain called " White Rabbit " that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February 2021. "One of the most notable aspects of White Rabbit's attack is how its payload binary requires a specific command-line password to decrypt its internal configuration and proceed with its ransomware routine," the researchers  noted . "This method of hiding malicious activity is a trick that the ransomware family Egregor uses to hide malware techniques from analysis." Egregor, which commenced operations in September 2020 until its operations took a huge hit, is widely believed to be a  reincarnation of Maze , which shut down its criminal enterp...
DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

Jan 19, 2022
An IRC  (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC)  said  in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader and  UDP RAT  was used." The attack works by uploading the malware-laced games to webhards — which refers to a web hard drive or a remote file hosting service — in the form of compressed ZIP archives that, when opened, includes an executable ("Game_Open.exe") that's orchestrated to run a malware payload aside from launching the actual game. This payload, a GoLang-based downloader, establishes connections with a remote command-and-control (C&C) server to retrieve additional malware, including an IRC bot that can perform DDoS attacks. "It is...
Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure

Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure

Jan 19, 2022
The coordinated cyberattacks targeting  Ukrainian government websites  and the deployment of a data-wiper malware called  WhisperGate  on select government systems are part of a broader wave of malicious activities aimed at  sabotaging critical infrastructure  in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the recently disclosed  Log4j vulnerabilities  to gain access to some of the compromised systems. "The attack used vulnerabilities in the site's content management systems (October CMS) and Log4j, as well as compromised accounts of employees of the development company," the SSU  said , corroborating prior disclosure from the  Ukraine CERT team . The disclosure comes days after Microsoft warned of a malware operation aimed at government, non-profit, and information technology entities in Ukraine, attributing the attacks to a threat cluster cod...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

Jan 18, 2022
Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers  said  in a report shared with The Hacker News. The cybersecurity company said it reported the issue to the cloud service provider on November 2, 2021, post which fixes were issued by Box. MFA is an authentication method that relies on a combination of factors such as a password (something only the user knows) and a temporary one-time password aka TOTP (something only the user has) to provide users a second layer of defense against credential stuffing and other account takeover attacks. This two-step authentication can either involve sending the code as an SMS or alternat...
Europol Shuts Down VPNLab, Cybercriminals' Favourite VPN Service

Europol Shuts Down VPNLab, Cybercriminals' Favourite VPN Service

Jan 18, 2022
VPNLab.net, a  VPN provider  that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the U.S., and the U.K. A second outcome of the seizure is that at least 100 businesses that have been identified as at risk of impending cyber attacks are being notified. Europol didn't disclose the names of the companies. Established in 2008, the tool provided an advanced level of anonymity by offering double VPN connections to its clients — wherein the internet traffic is routed through two VPN servers located in different countries instead of one — for as cheap as $60 a year. "This made VPNLab.net a popular ...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources