The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel  said  in a Wednesday report. These targeted campaigns "substantially increased" attacks against entities in finance, technology, legal, and insurance sectors, the company added. The actors in question include Silent Ransom, Quantum, and Roy/Zeon, all of which split from Conti after the ransomware-as-a-service (RaaS) cartel  orchestrated its shutdown  in May 2022 following its public support for Russia in the ongoing Russo-Ukrainian conflict. The advanced social engineering tactic, also called  BazaCall  (aka BazarCall), came under the spotlight in 2020/2021 when it was put to use by operator...

Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos  said  in a detailed write-up. "The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account." The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang  published a list of files  from the breach to their data leak site on August 10. The exfiltrated information, according to Talos, included the contents of a Box cloud storage folder that was associated with the compromised employee's account and is not believed to have included any valuabl...

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems. The  new findings  come from Palo Alto Networks' Unit 42 threat intelligence team, which is tracking the double extortion ransomware group under the  constellation-themed moniker   Tropical Scorpius . Cuba ransomware (aka  COLDDRAW ), which was first detected in December 2019, reemerged on the threat landscape in November 2021 and has been attributed to attacks against 60 entities in five critical infrastructure sectors, amassing at least $43.9 million in ransom payments. Of the 60 victims listed on its data leak site, 40 are located in the U.S., indicating a not as global distribution of targeted organizations as other ransomware gangs. "Cuba ransomware is distributed through Hancitor malware, a loader known for dropping or executing stealers,...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was the victim of a significant cybersecurity breach where hackers used an attack known as  credential stuffing . It resulted in fraudulent activity tied to customer accounts. Let's look at the Zola breach and why it emphasizes the need for organizations to bolster their password security and protect against various types of password attacks. What happened with the Zola attack? Instead of going after Zola's core business-critical infrastructure, hackers went after customer accounts with the May attack. Attackers used an age-old technique called  credential stuffing  to compromise several Zola customer accounts. With access to the compromised accounts, they attempted to purchase gift ...

Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform  Device42  that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an  LFI ) or obtain full access to the appliance files and database (through remote code execution)," Bitdefender  said  in a Wednesday report. Even more concerningly, an adversary with any level of access within the host network could daisy-chain three of the flaws to bypass authentication protections and achieve remote code execution with the highest privileges. The issues in question are listed below - CVE-2022-1399  - Remote Code Execution in scheduled tasks component CVE-2022-1400  - Hard-coded encryption key IV in Exago WebReportsApi.dll CVE 2022-1401  - Insufficient validati...

Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. "When a security vulnerability is reported in an action, our team of security researchers will create an advisory to document the vulnerability, which will trigger an alert to impacted repositories," GitHub's Brittany O'Shea and Kate Catlin  said . GitHub Actions  is a continuous integration and continuous delivery (CI/CD) solution that enables users to automate the software build, test, and deployment pipeline. Dependabot  is part of the Microsoft-owned subsidiary's continued efforts to secure the  software supply chain  by  notifying  users that their source code depends on a package with a security vulnerability and helping keep all the dependencies up-to-date. The latest move entails receiving alerts on GitHub Actions and vulnerabilities impacting deve...

A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg  reported  Tuesday. He faces up to 20 years in prison when sentenced. The  verdict  comes nearly three years after Abouammo, along with Ali Alzabarah and Ahmed Almutairi (Ahmed Aljbreen) were  indicted in 2019  for acting as "illegal agents" of Saudi Arabia, with the former also charged with destroying, altering, and falsifying records in a federal investigation. Prosecutors accused Abouammo and Alzabarah, both of whom joined Twitter in 2013, of being enlisted by officials of the Kingdom of Saudi Arabia for  unmasking its critics  on the social media platform. According to court documents, both individuals leveraged their access to internal systems to unauth...