-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Russian APT Hackers Used COVID-19 Lures to Target European Diplomats

Russian APT Hackers Used COVID-19 Lures to Target European Diplomats

Feb 09, 2022
The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET's  T3 2021 Threat Report  shared with The Hacker News, the intrusions paved the way for the deployment of Cobalt Strike Beacon on compromised systems, followed by leveraging the foothold to drop additional malware for gathering information about the hosts and other machines in the same network. Also tracked under the names The Dukes, Cozy Bear, and Nobelium, the advanced persistent threat group is an infamous cyber-espionage group that has been active for more than a decade, with its attacks targeting Europe and the U.S., before it gained widespread attention for the  supply‐chain compromise  of SolarWinds, leading to further infections in several downstream entities, including U.S. government agencies in 2020. The spear-phishing attacks commen...
Microsoft and Other Major Software Firms Release February 2022 Patch Updates

Microsoft and Other Major Software Firms Release February 2022 Patch Updates

Feb 09, 2022
Microsoft on Tuesday rolled out its monthly security updates with  fixes for 51 vulnerabilities  across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated Important and one is rated Moderate in severity, making it one of the rare Patch Tuesday updates without any fixes for Critical-rated vulnerabilities. This is also in addition to  19 more flaws  the company addressed in its Chromium-based Edge browser. None of the security vulnerabilities are listed as under active exploit, while of the flaws —  CVE-2022-21989  (CVSS score: 7.8) — has been classified as a publicly disclosed zero-day at the time of the release. The issue concerns a privilege escalation bug in Windows Kernel, with Microsoft warning of potential attacks exploiting the shortcoming. "Successful exploitation of this vulnerability requires an attacker to...
Palestine-Aligned Hackers Use New NimbleMamba Implant in Recent Attacks

Palestine-Aligned Hackers Use New NimbleMamba Implant in Recent Attacks

Feb 08, 2022
An advanced persistent threat (APT) hacking group operating with motives that likely align with Palestine has embarked on a new campaign that takes advantage of a previously undocumented implant called NimbleMamba . The intrusions leveraged a sophisticated attack chain targeting Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline, enterprise security firm Proofpoint  said  in a report, attributing the covert operation to a threat actor tracked as Molerats (aka TA402). Notorious for continuously updating their malware implants and their delivery methods, the APT group was most recently linked to an  espionage offensive  aimed at human rights activists and journalists in Palestine and Turkey, while a previous attack exposed in June 2021 resulted in the deployment of a backdoor called  LastConn . But the lull in the activities has been offset by the operators actively working to retool their arsenal, resulting in the developm...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Several Malware Families Using Pay-Per-Install Service to Expand Their Targets

Several Malware Families Using Pay-Per-Install Service to Expand Their Targets

Feb 08, 2022
A detailed examination of a Pay-per-install (PPI) malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as  SmokeLoader ,  RedLine Stealer ,  Vidar ,  Raccoon , and  GCleaner  since at least May 2021. Loaders are malicious programs used for loading additional executables onto the infected machine. With PPI malware services such as PrivateLoader, malware operators pay the service owners to get their payloads "installed" based on the targets provided. "The accessibility and moderate costs allow malware operators to leverage these services as another weapon for rapid, bulk and geo-targeted malware infections," cybersecurity firm Intel 471  said  in a new report shared with The Hacker News. PrivateLoader, written in the C++ programming language, is designed to retrieve URLs for the malicious payloads to be deployed on the infected host, with the distribution primarily relying on a network...
'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns

'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns

Feb 08, 2022
A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and  Germany  for the first time. Dubbed  Roaming Mantis , the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android users are infected with a banking trojan known as Wroba whereas iPhone users are redirected to a phishing page that masquerades as the official Apple website. The top affected countries, based on telemetry data gathered by Kaspersky between July 2021 and January 2022, are France, Japan, India, China, Germany, and Korea. Also tracked under the names  MoqHao  and XLoader (not to be confused with the info-stealer malware of the same name  targeting Windows and macOS ), the group's activity has continued to expand geographically even as the operators broadened ...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources