-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

New Python-based Ransomware Targeting JupyterLab Web Notebooks

New Python-based Ransomware Targeting JupyterLab Web Notebooks

Mar 31, 2022
Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack," Assaf Morag, a data analyst at Aqua Security,  said  in a report. The new ransomware sample, which the cloud security firm detected after it was trapped in one of its honeypot servers, is said to have been executed after the unnamed adversary gained access to the server and downloaded the necessary tools required to carry out the encryption process by opening a terminal. Aqua Security characterized the attack as "simple and straightforward," unlike other traditional ransomware-as-a-service (RaaS) schemes, add...
Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks

Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks

Mar 31, 2022
A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which  masquerades  as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns. "Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites," Google's Threat Analysis Group (TAG)  said  in a new report, using it to siphon credentials entered by unsuspected victims to a remote server. Among other groups  using the war as a lure  in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include  Mustang Panda  and  Scarab  as well as nation-state actors...
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

Mar 31, 2022
A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher  briefly leaked  a  proof-of-concept  (PoC)  exploit  on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit ( JDK ) versions 9 and later and is a bypass for another vulnerability tracked as  CVE-2010-1622 , enabling an unauthenticated attacker to execute arbitrary code on the target system. Spring is a  software framework  for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform. "In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system," researchers Anthony Weems and Dallas Kaman  said . "However, exploitation of different configurations will require the at...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

Mar 31, 2022
Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company  said  in an advisory published on March 29, 2022. "If exploited, the vulnerability allows attackers to conduct denial-of-service attacks." Tracked as  CVE-2022-0778  (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices. QNAP, which is currently investigating its line-up, said it affects the following operating system versions – QTS 5.0.x and later QTS 4.5.4 and later QTS 4.3.6 and later QTS 4.3.4 and later QTS 4.3.3 and later QTS 4.2.6 and later QuTS hero h5.0.x and later QuTS hero h4.5.4 and later, and QuTScloud c5.0.x To date, t...
Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread

Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread

Mar 30, 2022
A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov  said  in a report published Tuesday. Based on the  Oski Stealer  and first discovered in June 2021,  Mars Stealer  is said to be constantly under development and available for sale on over 47 underground forums, darknet sites, and Telegram channels, costing only $160 for a lifetime subscription. Information stealers allow adversaries to vacuum personal information from compromised systems, including stored credentials and browser cookies, which are then sold on criminal marketplaces or used as a springboard for launching further attacks. The release of Mars Stealer last year has also ...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources