The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the  Arid Viper hacking group  using a Delphi-based implant called Micropsia dating all the way back to  June 2017 . The threat actor's  activities , also tracked under the monikers Desert Falcon and the APT-C-23, were first documented in  February 2015  by Kasperksy and subsequently in 2017, when Qihoo 360 disclosed details of  cross-platform   backdoors  developed by the group to strike Palestinian institutions. The Russian cybersecurity company-branded Arid Viper the "first exclusively Arabic APT group." Then in April 2021, Meta (formerly Facebook), which pointed out the group's affiliations ...

The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years. According to cybersecurity firm CrowdStrike, which  detailed the novel tactics  adopted by the Nobelium hacking group last week, two sophisticated malware families were placed on victim systems — a Linux variant of GoldMax and a new implant dubbed TrailBlazer — long before the scale of the attacks came to light. Nobelium, the Microsoft-assigned moniker for the  SolarWinds intrusion  in December 2020, is also tracked by the wider cybersecurity community under the names UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (CrowdStrike), Dark Halo (Volexity), and Iron Ritual (Secureworks). The  malicious activities  have since been attributed to...

We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM's Cost of a Data Breach Report that has been tracking this statistic for years. In the 2021 report, IBM found that, on average, it takes an average of 212 days to identify a breach and then another 75 days to contain the breach, for a total of 287 days. A new  solution overview document  provides insights on how XDR provider Cynet tackles the difficult problem of greatly improving threat visibility. Cynet takes a modern approach that includes a greater level of native technology integration and advanced automation purposely designed for organizations with smaller security teams than Fortune 500 organizations. A live webinar will discuss the same topic ( Register here ) Cynet's Keys for Threat Visibility Einstein said that the definition...

As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface ( UEFI ) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company  Binarly , with a majority of the anomalies diagnosed in the System Management Mode ( SMM ). UEFI is a software specification that provides a standard programming interface connecting a computer's firmware to its operating system during the booting process. In x86 systems, the UEFI firmware is usually stored in the flash memory chip of the motherboard. "By exploiting these vulnerabilities, attackers can successfully install malware that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV),  Secure Boot , and Virtualization-Based Securit...

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar. Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware " StrifeWater ." "The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst,  said  in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions." Moses Staff came to light towards the end of last year when Check Point Research  unmasked  a series of attacks aimed at Israeli or...

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is  Essential Addons for Elementor , which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts. "This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack  said  in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed." That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web ...

In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021. Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set,  reported in April , took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines. Then in August, the malware was  observed  targeting healthcare and education sectors with the goal of gathering credentials and sensitive in...