The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there's rarely been a more dangerous cybersecurity environment. It's a danger that affects every organization – automated attack campaigns don't discriminate between targets. The situation is driven in large part due to a relentless rise in vulnerabilities, with tens of thousands of brand-new vulnerabilities discovered every year. For tech teams that are probably already under-resourced, guarding against this rising tide of threats is an impossible task. Yet, in the battle against cybercrime, some of the most effective and most sensible mitigations are sometimes neglected. In this article, we'll outline why cybersecurity risks have escalated so dramatically – and which easy wins your organization can make for a significant difference in your cybersecurity posture, right now. Recent major cyberattacks point to the danger Cyber security has arguably never been mo...

Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. "Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release. Blockchain analytics firm Elliptic confirmed that the seizure occurred on April 5, 2022 in a series of 88 transactions totaling 543.3 BTC. The agency attributed the shutdown of Hydra to an extensive investigation operation conducted by its Central Office for Combating Cybercrime (ZIT) in partnership with U.S. law enforcement authorities that it said had been underway since August 2021. Launched in 2015, Hydra was a Russian-language darknet marketplace that opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP), primarily...

A Chinese state-backed advanced persistent threat (APT) group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "widening" of the threat actor's targeting. The widespread intrusions, which are believed to have commenced at the earliest in mid-2021 and continued as recently as February 2022, have been tied to a group tracked as Cicada , which is also known as APT10, Stone Panda, Potassium, Bronze Riverside, or MenuPass Team. "Victims in this Cicada (aka APT10) campaign include government, legal, religious, and non-governmental organizations (NGOs) in multiple countries around the world, including in Europe, Asia, and North America," researchers from the Symantec Threat Hunter Team, part of Broadcom Software,  said  in a report shared with The Hacker News. "There is a strong focus on victims in the government and NGO sectors, with some of these organizations worki...

With the growth in digital transformation, the API management market is set to grow  by more than 30%   by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. As part of strategic business planning, an API helps generate revenue by allowing customers access to the functionality of a website or computer program through custom applications. As more and more businesses are implementing APIs, the risk of API attacks increases. By 2022, Gartner predicted that API (Application Programming Interface) attacks would become the most common attack vector for enterprise web applications. Cybercriminals are targeting APIs more aggressively than ever before, and businesses must take a proactive approach to  API security  to combat this new aggression. API and The Business World With integrating APIs into modern IT environments, businesses are becoming increasingly data-driven...

Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.  The development was first  reported  by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident on March 26 when it became aware of a malicious party accessing the customer support tool. "The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised," Siobhan Smyth, Mailchimp's chief information security officer, was quoted as saying. Although Mailchimp stated it acted quickly to terminate access to the breached employee account, the siphoned credentials were used to access 319 MailChimp accounts and further export the mailing lists pertaining to 102 acc...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its  Known Exploited Vulnerabilities Catalog  based on "evidence of active exploitation." The critical severity flaw, assigned the identifier  CVE-2022-22965  (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring model–view–controller (MVC) and Spring WebFlux applications running on Java Development Kit 9 and later. "Exploitation requires an endpoint with DataBinder enabled (e.g., a POST request that decodes data from the request body automatically) and depends heavily on the servlet container for the application," Praetorian researchers Anthony Weems and Dallas Kaman noted last week. Although exact details of in-the-wild abuse remain unclear, information security company SecurityScorecard  said  "active scanning for this vulnerability has been observed coming fro...

An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name " com.remote.app " — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group known as  Turla . "When the application is run, a warning appears about the permissions granted to the application," Lab52 researchers  said . "These include screen unlock attempts, lock the screen, set the device global proxy, set screen lock password expiration, set storage encryption and disable cameras." Once the app is "activated," the malware removes its gear-shaped icon from the home screen and runs in the background, abusing its wide permissions to access the device's contacts and call logs, track its location,...