-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

Sep 06, 2022
Cybersecurity researchers have offered fresh insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT  said  in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on." Also tracked under the names Evil Corp, Gold Drake, Dudear, Indrik Spider, and SectorJ04, TA505 is an aggressive  Russian cybercrime syndicate  behind the infamous Dridex banking trojan and which has been linked to a  number of ransomware campaigns  in recent years.  It's also said to be connected to the  Raspberry Robin attacks  that emerged in September 2021, with similarities uncovered between the malware and Dridex. Other notable malware families assoc...
Integrating Live Patching in SecDevOps Workflows

Integrating Live Patching in SecDevOps Workflows

Sep 06, 2022
SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to organizations that the existing development framework doesn't work and that something new is needed. But what exactly is SecDevOps, why should you embrace it – and how can you do it more easily in practice? The fundamentals of SecDevOps By itself, SecDevOps is not just one single improvement. You may see it as a new tool, or set of tools, or perhaps a different mindset. Some might see SecDevOps as a culture. In reality, it's all of those factors wrapped into a new approach to development that's intended to put security first. SecDevOps rely on highly reproducible scenarios, touching on topics such as system...
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

Sep 06, 2022
A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers  said  in a Monday write-up. The platform generates phishing links that are nothing but cloned pages designed to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others. EvilProxy is similar to adversary-in-the-middle ( AiTM ) attacks in that users interact with a malicious proxy server that acts as a go-between for the target website, covertly harvesting the credentials and 2FA passcodes entered in the login pages. It's offered on a subscription basis per service...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
Researchers Find New Android Spyware Campaign Targeting Uyghur Community

Researchers Find New Android Spyware Campaign Targeting Uyghur Community

Sep 06, 2022
A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the  Uyghur community  in China. The malware comes under the guise of a book titled " The China Freedom Trap ," a biography written by the exiled Uyghur leader Dolkun Isa. "In light of the ongoing conflict between the Government of the People's Republic of China and the Uyghur community, the malware disguised as the book is a lucrative bait employed by threat actors (TAs) to spread malicious infection in the targeted community," cybersecurity firm Cyble  said  in a report published Monday. The existence of the malware samples, which come with the package name " com.emc.pdf ," was first disclosed by researchers from the  MalwareHunterTeam  late last month. Distributed outside of the official Google Play Store, the app, once installed and opened, displays a few pages of the book, includi...
QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw

QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw

Sep 06, 2022
QNAP has issued a new advisory urging users of its network-attached storage (NAS) devices to upgrade to the latest version of  Photo Station  following yet another wave of  DeadBolt ransomware attacks  in the wild by exploiting a zero-day flaw in the software. The Taiwanese company  said  it detected the attacks on September 3 and that "the campaign appears to target QNAP NAS devices running Photo Station with internet exposure." The issue has been addressed in the following versions - QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Details of the flaw have been kept under wraps for now, but the company is advising users to disable port forwarding on the routers, prevent NAS devices from being accessible on the Internet, upgrade NAS firmware, apply strong passwords for user accoun...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources