The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called  GhostLocker . “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad  said  in a report shared with The Hacker News. “GhostLocker and Stormous ransomware have started a new ransomware-as-a-service (RaaS) program STMX_GhostLocker, providing various options for their affiliates.” Attacks mounted by the group have targeted victims in Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkiye, Egypt, Vietnam, Thailand, and Indonesia. Some of the most impacted business verticals include technology, education, manufacturing, government, transportation, energy, medicolegal, real estate, and telecom. GhostSec – not to be confused with  Ghost Security Group  (which i...

A financial entity in Vietnam was the target of a previously undocumented threat actor called  Lotus Bane  as part of a cyber attack that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have been active since at least 2022. The exact specifics of the infection chain remain unknown as yet, but it involves the use of various malicious artifacts that serve as the stepping stone for the next-stage. "The cybercriminals used methods such as DLL side-loading and data exchange via named pipes to run malicious executables and create remote scheduled tasks for lateral movement," the company  said . Group-IB told The Hacker News that the techniques used by Lotus Bane overlap with that of  OceanLotus , a Vietnam-aligned threat actor also known as APT32, Canvas Cyclone (formerly Bismuth), and Cobalt Kitty. This stems from the use of malware like PIPEDANCE for named pip...

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225  - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296  - A memory corruption issue in the RTKit real-time operating system (RTOS) that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections It’s currently not clear how the flaws are being weaponized in the wild. Apple said both the vulnerabilities were addressed with improved validation in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6. The updates are available for the following devices - iOS 16.7.6 and iPadOS 16.7.6  - iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation i...

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called  TODDLERSHARK . According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The threat actor gained access to the victim workstation by exploiting the exposed setup wizard of the ScreenConnect application,” security researchers Keith Wojcieszek, George Glass, and Dave Truman said . “They then leveraged their now ‘hands on keyboard’ access to use cmd.exe to execute mshta.exe with a URL to the Visual Basic (VB) based malware.” The ConnectWise flaws in question are  CVE-2024-1708 and CVE-2024-1709 , which came to light last month and have since come under heavy exploitation by multiple threat actors to deliver cryptocurrency miners, ransomware, remote access trojans, and stealer malware. Kimsuky, also known as APT43, ARCHIPELAGO, Black Banshee, Emerald ...

Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets. While there has been a bit of a backswing against the pricing and lock-in presented when using cloud infrastructure, cloud is still the preferred provider for the majority of SMBs. As a result, external attack surfaces are increasingly complex and distributed and, therefore, harder to monitor and secure. This expanded attack surface gives hackers plenty of blind spots and gaps to exploit. Security teams are on the back, reacting, often too slowly, to changes in their own attack surface as engineering teams continuously spin up and expose new systems, services, and data to the internet. This is compounded by the fact that the threat landscape is always changing. Thousands of new vulne...

A new DNS threat actor dubbed  Savvy Seahorse  is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. “Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia,” Infoblox  said  in a report published last week. Targets of the campaigns include Russian, Polish, Italian, German, Czech, Turkish, French, Spanish, and English speakers, indicating that the threat actors are casting a wide net in their attacks. Users are lured via ads on social media platforms like Facebook, while also tricking them into parting with their personal information in return for alleged high-return investment opportunities through fake ChatGPT and WhatsApp bots. The financial scam campaigns are notable for using DNS canonical name (CNAME) records to create a traffic distribution system ( TDS ), thereb...