The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In the span of a few years, cryptocurrencies have gone from laughingstock and novelty to a serious financial instrument, and a major sector in high-tech. The price of Bitcoin and Ethereum has gone from single dollars to thousands, and they're increasingly in the mainstream.  This is undoubtedly a positive development, as it opens new avenues for finance, transactions, tech developments, and more. Unfortunately, no innovation is without its dark side, and the crypto industry is no exception. A new webinar from XDR provider Cynet ( you can see it here ) dives deeper into this dark corner to explore the intersection of cybersecurity and cryptocurrency.  The first question is how, exactly, cryptocurrency creates security vulnerabilities for organizations. There's no single answer, and in many cases, the results are more indirect. This bears closer inspection, and the webinar, led by Cynet  CyOps Analyst  Ronen Ahdut, studies the different ways cryptocurrencies are use...

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country. The Pakistani threat actor, dubbed  SideCopy , is said to have used the platform to single out people with ties to the Afghan government, military and law enforcement in Kabul. The campaign, which Meta dubbed as a "well-resourced and persistent operation," involved sending malicious links, often shortened using URL shortener services, to websites hosting malware between April and August of 2021, what with the operators posing as young women and tricking the recipients with romantic lures in a bid to make them click on phishing links or download trojanized chat applications. Meta's threat intelligence analysts said these apps were a front for two distinct malwa...

Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all  DRAM  (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique — dubbed " Blacksmith " ( CVE-2021-42114 , CVSS score: 9.0) — is designed to trigger bit flips on target refresh rate-enabled DRAM chips with the help of novel "non-uniform and frequency-based" memory access patterns, according to a study jointly published by academics from ETH Zurich, Vrije Universiteit Amsterdam, and Qualcomm Technologies. Originally disclosed in 2014,  Rowhammer  refers to a fundamental hardware vulnerability that could be abused to alter or corrupt memory contents by taking advantage of DRAM's tightly-packed, matrix-like memory cell architecture to repeatedly access certain rows (aka "aggressors") that induces an electrical disturbance large enough to cause t...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

No fewer than 1,220 Man-in-the-Middle (MitM) phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users' credentials and carrying out further follow-on attacks. The findings come from a  new study  undertaken by a group of researchers from Stony Brook University and Palo Alto Networks, who have demonstrated a new fingerprinting technique that makes it possible to identify MitM phishing kits in the wild by leveraging their intrinsic network-level properties, effectively automating the discovery and analysis of phishing websites. Dubbed " PHOCA " — named after the Latin word for "seals" — the tool not only facilitates the discovery of previously unseen MitM phishing toolkits, but also can be used to detect and isolate malicious requests coming from such servers. Phishing toolkits aim to  automate and streamline  the work required by attackers to cond...

The notorious Emotet malware is staging a comeback of sorts  nearly 10 months  after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a  new report  from security researcher Luca Ebach, the infamous  TrickBot  malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously infected by the former. The latest  variant  takes the form of a DLL file, with the first occurrence of the deployment being detected on November 14. Europol  dubbed   Emotet  as the "world's most dangerous malware" for its ability to act as a "door opener" for threat actors to obtain unauthorized access, becoming a precursor to many critical data theft and ransomware attacks. Interestingly, the loader operation enabled other malware families such as Trickbot, QakBot, and Ryuk to enter a machine. The resurfacing is also significa...

A new politically-motivated hacker group named " Moses Staff " has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom. "The group openly states that their motivation in attacking Israeli companies is to cause damage by leaking the stolen sensitive data and encrypting the victim's networks, with no ransom demand," Check Point Research  said  in a report published Monday. "In the language of the attackers, their purpose is to 'Fight against the resistance and expose the crimes of the Zionists in the occupied territories.'" At least 16 victims have had their data leaked to date, according to stats released by the collective. The threat actor is said to leverage publicly known vulnerabilities as a means to breach enterprise servers and gain initial ac...

Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on mobile devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed " SharkBot " by Cleafy, the malware is designed to strike a total of 27 targets — counting 22 unnamed international banks in Italy and the U.K. as well as five cryptocurrency apps in the U.S. — at least since late October 2021 and is believed to be in its early stages of development, with no overlaps found to that of any known families. "The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms (e.g., SCA)," the researchers said in a report. "Once SharkBot is successfully installed in the victim's device, attackers can obtain sensitive banking information through the abuse of Accessibility S...