The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware attacks such as  Cyclops Blink ,  HermeticWiper , and  BlackCat . These target businesses as well as government institutions and nonprofit organizations. There have been cases of several attempts to shut down online communications and IT infrastructure. The ongoing list of  significant cyber incidents  curated by the Center for Strategic and International Studies (CSIS) shows that the number of major incidents in January 2022 is 100% higher compared to the same period in the previous year. With the recent activities in cyberspace impacted by the emergence of the geopolitical...

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier  CVE-2022-22966 , has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw. "An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server," VMware  said  in an advisory. VMware Cloud Director, formerly known as vCloud Director, is used by many well-known cloud providers to operate and manage their cloud infrastructures and gain visibility into datacenters across sites and geographies. The vulnerability could, in other words, end up allowing attackers to gain access to sensitive data and take over private ...

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild. Tracked as  CVE-2022-1364 , the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022. As is typically the case with actively exploited zero-day flaws, the company acknowledged it's "aware that an exploit for CVE-2022-1364 exists in the wild." Additional details about the flaw and the identity of the threat actors have been withheld to prevent further abuse. With the latest fix, Google has patched a total of three zero-day vulnerabilities in Chrome since the start of the year. It's also the second type confusion-related bug in V8 to be squashed in less than a month - CVE-2022-0609  - Use-after-free in Animation CVE-2022-1096  - Type confusio...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore our laws for its own benefit," U.S. Attorney Damian Williams  said  in a statement. The sentencing comes more than six months after Griffith  pleaded guilty  to violating the International Emergency Economic Powers Act ( IEEPA ) by offering technical advice to the hermit kingdom with regards to the use of digital currency to bypass economic restrictions. Griffith was arrested in November 2019. North Korea is known to  rely on   cryptocurrency heists  to get around international sanctions and use it to help fund programs to build weapons of mass destructio...

Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token (NFT) marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. "By luring victims to click on a malicious NFT, an attacker can take full control of the victim's crypto wallet to steal funds," Check Point researchers Roman Zaikin, Dikla Barda, and Oded Vanunu  said  in a report shared with The Hacker News. Rarible, an NFT marketplace that enables users to create, buy, and sell digital NFT art like photographs, games, and memes, has over 2.1 million active users. "There is still a huge gap between, in terms of security, between Web2 and Web3 infrastructure," Vanunu, head of products vulnerabilities research at Check Point, said in a statement shared with The Hacker News. "Any small vulnerability can possibly allow cyber criminals to hijack crypto wallets behind the scenes. We are still in a state...

A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from  Gafgyt 's source code but has been observed to borrow several modules from  Mirai 's original source code," Fortinet FortiGuard Labs  said  in a report this week. The botnet has been attributed to an actor named Keksec (aka  Kek Security , Necro, and  FreakOut ), which has been linked to multiple botnets such as  Simps ,  Ryuk  (not to be confused with the ransomware of the same name), and  Samael , and has a history of targeting cloud infrastructure to carry out crypto mining and DDoS operations. Primarily targeting routers from Seowon Intech, D-Link, and iRZ to propagate its infections and grow in volume, an analysis of the malware specimen has highlighted En...

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet , seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money," Amy Hogan-Burney, general manager of Microsoft's Digital Crimes Unit (DCU),  said . The operation, Microsoft said, was undertaken in collaboration with ESET, Lumen's Black Lotus Labs, Palo Alto Networks Unit 42, Avast, Financial Services Information Sharing and Analysis Center (FS-ISAC), and Health Information Sharing and Analysis Center (H-ISAC). As a result of the disruption, the domains are now redirected to a sinkhole, effectively preventing the botnet's criminal operators from contacting the compromised devices....