The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a  malware sample  uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "designed to avoid detection by endpoint detection and response (EDR) and antivirus (AV) capabilities." Authored by an Indian security researcher named  Chetan Nayak , Brute Ratel (BRc4) is analogous to Cobalt Strike and is  described  as a "customized command-and-control center for red team and adversary simulation." The commercial software was first released in late 2020 and has since gained over 480 licenses across 350 customers. Each license is offered at $2,500 per user for a year, after which it can be renewed for the same duration at the cost of $2,250. BRc4 is equipped with a wide variety of featur...

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free  Community Edition  that processes over 100,000 daily security scans of web and mobile apps.  Today, ImmuniWeb announced that its new product –  Neuron  – is publicly available. This would be another boring press release by a software vendor, but the folks from ImmuniWeb managed to add a secret sauce that you will unlikely be able to resist tasting. The DAST scanning service is flexibly available as a SaaS, and unsurprisingly contains all fashionable features commonly advertised by competitors on the rapidly growing global market, spanning from native CI/CD integrations to advanced configuration of security scanning, pre-programmed or authenticated testing.  But the groundbrea...

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans," cybersecurity firm SECUINFRA  said  in a new write-up published on July 5. The findings from the Berlin-headquartered company build on a  previous report  from Cisco Talos in May, which disclosed the group's expansion in targeting to strike Bangladeshi government organizations with a backdoor called  ZxxZ . Bitter, also tracked under the codenames APT-C-08 and T-APT-17, is said to be active  since at least late 2013  and has a track record of targeting China, Pakistan, and Saudi Arabia using different tools such as BitterRAT and ArtraDownloader. The latest attack chain detailed by SECUINFRA is believed to have been conducted in mid-May 2022, originating with...

The operators of the Hive ransomware-as-a-service (RaaS) scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," Microsoft Threat Intelligence Center (MSTIC)  said  in a report on Tuesday. Hive , which was first observed in June 2021, has emerged as one of the most prolific RaaS groups,  accounting  for 17 attacks in the month of May 2022 alone, alongside  Black Basta and Conti . The shift from GoLang to Rust makes Hive the second ransomware strain after  BlackCat  to be written in the programming language, enabling the malware to gain additional benefits such as memory safety and deeper control over low-level resources as well as make use of a wide range of cryptographic libraries. What...

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest sensitive data from forms in embedded downstream mobile applications and websites. "These clearly malicious attacks relied on typo-squatting, a technique in which attackers offer up packages via public repositories with names that are similar to — or common misspellings of — legitimate packages," security researcher Karlo Zanki  said  in a Tuesday report. "Attackers impersonated high-traffic NPM modules like umbrellajs and packages published by ionic.io." The packages in question, most of which were published in the last months, have been collectively downloaded more than 27,00...

A pro-China  influence campaign  singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China's benefit. Targeted firms included Australia's Lynas Rare Earths Ltd, Canada's Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a report last week, calling the digital campaign  Dragonbridge . "It targeted an industry of strategic significance to the PRC, including specifically three commercial entities challenging the  PRC's global market dominance  in that industry," Mandiant  noted . The goal, the company noted, was to instigate environmental protests against the companies and propagate counter-narratives in response to potential or planned rare earths production activities involving the targets. This comprised a network of thousands of inauthentic accounts across numerous social m...

Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil  ransomware  gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia. The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In this apprehension, the 14 members of the gang were found in possession of 426 million roubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars were brought to justice. REvil Ransomware Gang- The Context The financially-motivated cybercriminal threat group Gold Southfield controlled ransomware group known as REvil emerged in 2019 and spread like wildfire after extorting $11 million from the meat-processor JBS. REvil would incentivize its affiliates to carry out cyberattacks for them by giving a percentage of the ransom pay-outs to those who help with infiltration ...