The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cryptocurrency trading platform BitMart has disclosed a "large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. The breach is said to have impacted two of its hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC). The company  noted  that the wallets carried only a "small percentage" of the assets." Hot wallets, as opposed to their cold counterparts, are connected to the internet and allow cryptocurrency owners to receive and send tokens. Blockchain security and data analytics company PeckShield  estimated  the total loss to be around $200 million, calling the whole chain of events as "Pretty straightforward: transfer-out, swap, and wash." "This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised," BitMart's chief executive Sheldon Xia  said  in a series of tweets sent...

Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious website to harvest personal data from its visitors as they interact with other websites in the background without the targets' knowledge. The  findings  are the result of a comprehensive study of cross-site attacks undertaken by a group of academics from Ruhr-Universität Bochum (RUB) and Niederrhein University. "XS-Leaks bypass the so-called  same-origin policy , one of a browser's main defences against various types of attacks," the researchers  said  in a statement. "The purpose of the same-origin policy is to prevent information from being stolen from a trusted website. In the case of XS-Leaks, attackers can nevertheless recognize individual, small details...

Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from  Reuters  and  The Washington Post . At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have  singled out  using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet. The attacks, which were carried out in the last several months, mark the first known time the sophisticated surveillance software has been put to use against U.S. government employees. NSO Group is the maker of Pegasus , military-grade spyware that allows its government clients to stealthily plunder files and photos, eavesdrop on conversations,...

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier  CVE-2021-44515 , is an authentication bypass vulnerability that could permit an adversary to circumvent authentication protections and execute arbitrary code in the Desktop Central MSP server. "If exploited, the attackers can gain unauthorized access to the product by sending a specially crafted request leading to remote code execution," Zoho  cautioned  in an  advisory . "As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible." The company has also made available an  Exploit Detection Tool  that will help customers ide...

A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as  SideCopy , which is so-called because of its attempts to mimic the infection chains associated with another group tracked as  SideWinder  and mislead attribution. "The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications," Malwarebytes researcher Hossein Jazi  said , adding the embedded files are tailored to target government and military officials based in Afghanistan and India. The revelation comes close on the heels of  disclosures  that Meta took steps to block malicious activities carr...

A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access. Cisco Talos attributed the malware payloads to an unknown actor that goes by the alias " magnat ," noting that "these two families have been subject to constant development and improvement by their authors." The attacks are believed to have commenced in late 2018, with intermittent activity observed towards the end of 2019 and through early 2020, followed by fresh spikes since April 2021, while mainly singling out users in Canada, followed by the U.S., Australia, Italy, Spain, and Norway. A noteworthy aspect of the intrusions is the use of malvertising as a means to strike individua...

Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the instance of the latest CISA directive, that would be making a mistake. In this article, we explain why, even if you're in the private or non-government sector, you should nonetheless take a close look at CISA Binding Operational Directive 22-01. We outline why CISA was forced to issue this directive, and why that firm action has implications for all organizations – inside and outside of government. Acting on cybersecurity issues isn't as simple as flicking a switch, of course, so keep reading to find out how you can address the core issue behind the CISA directive. Okay, so what exactly is a CISA directive? Let's take a step back to gain some context. Just like any organ...