The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal. "The most worrying leitmotif is the increasing attention to On-Device Fraud (ODF)," Dutch cybersecurity company ThreatFabric  said  in a report shared with The Hacker News. "Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines." Hydra ,  FluBot  (aka Cabassous),  Cerberus ,  Octo , and  ERMAC  accounted for the most active banking trojans based on the number of samples obser...

An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations," cybersecurity firm Kaspersky  said  in a report that was presented at Black Hat Asia this month. SideWinder , also called Rattlesnake or T-APT-04, is said to have been active since at least 2012 with a  track record  of targeting military, defense, aviation, IT companies, and legal firms in Central Asian countries such as Afghanistan, Bangladesh, Nepal, and Pakistan. Kaspersky's APT trends report for Q1 2022  published  late last month revealed that the threat actor is actively expanding the geography of its targets beyond its traditional victim profil...

This is an exciting time for the  Internet of Things . According to Deloitte research, the average U.S. household now has 25 connected devices — and new products are being launched every day. This rush of demand means that many tech companies are looking for developers with IoT knowledge. And even if you don't want to specialize in this field, the  programming skills  are transferable. Featuring nine full-length video courses,  The 2022 Complete Raspberry Pi & Arduino Developer Bundle  provides a really good introduction to this world. The included training is worth a total of $1,800, but readers of The Hacker News can currently pick up the bundle for  only $39.99 .  Special Offer  —  For a limited time, you can get lifetime access to nine courses on Arduino and Raspberry Pi development  for just $39.99 . That's a massive 97% off the total price. Both the Raspberry Pi and the Arduino were specifically designed to help people lear...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Interpol on Monday announced the arrest of three suspected global scammers in Nigeria for using remote access trojans (RATs) such as Agent Tesla to facilitate malware-enabled cyber fraud. "The men are thought to have used the RAT to reroute financial transactions, stealing confidential online connection details from corporate organizations, including oil and gas companies in South East Asia, the Middle East and North Africa," the International Criminal Police Organization  said  in a statement. One of the scammers in question, named Hendrix Omorume, has been charged and convicted of three counts of financial fraud and has been sentenced to a 12-month prison term. The two other suspects are still on trial. The three Nigerian individuals, who are aged between 31 and 38, have been apprehended for being in possession of fake documents such as fraudulent invoices and forged official letters. The law enforcement said that the suspects systematically used Agent Tesla to breach...

Microsoft on Monday published guidance for a newly discovered  zero-day security flaw  in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier  CVE-2022-30190 , is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted.  "To help protect customers, we've published CVE-2022-30190 and additional guidance  here ," a Microsoft spokesperson told The Hacker News in an emailed statement. The  Follina  vulnerability, which came to light late last week, involved a real-world exploit that leveraged the shortcoming in a weaponized Word document to execute arbitrary PowerShell code by making use of the "ms-msdt:" URI scheme. The sample was uploaded to VirusTotal from Belarus. But first signs of exploitation of the flaw...

It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes.  An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecting an app they need with their Google workspace or M365 environment, etc. Simple actions that users take, from creating an email to updating a contact in the CRM, can result in several other automatic actions and notifications in the connected platforms.  As seen in the image below, the OAuth mechanism makes it incredibly easy to interconnect apps and many don't consider what the possible ramifications could be. When these apps and other add-ons for SaaS platforms ask for permissions' access, they are usually granted without a second thought, presenting more opportunities for bad actors to gain access to a company's data. This puts companies at risk for supply chain ...

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs  said  in a technical write-up published last week. "Services such as VMware Workspace ONE, Adobe ColdFusion, WordPress, PHP Scriptcase and more are being targeted as well as IoT and Android devices." First disclosed by  Securonix  in March and later by  Fortinet , Enemybot has been linked to a threat actor tracked as Keksec (aka Kek Security, Necro, and FreakOut), with early attacks targeting routers from Seowon Intech, D-Link, and iRZ. Enemybot, which is capable of carrying out  DDoS attacks , draws its origins from several other botnets like Mirai, Qbot, Zbot, Gafgyt, and LolFMe. An analysis of the latest variant...