The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out. That's according to the latest findings from Italian cybersecurity firm Cleafy, which found newer versions of the malware sporting functionality to intercept two-factor authentication (2FA) codes, steal cookies, and expand its targeting to cover Australia, Brazil, China, India, the Philippines, and the U.K. SOVA, meaning Owl in Russian, came to light in  September 2021  when it was observed striking financial and shopping apps from the U.S. and Spain for harvesting credentials through overlay attacks by taking advantage of Android's Accessibility services. In less than a year, the trojan has also acted as a foundation for another Android malware called  MaliBot  that's designed to target online banking and cryptocurrency walle...

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named " secretslib " and  downloaded 93 times  prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as "secrets matching and verification made easy." "On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters," Sonatype researcher Ax Sharma  disclosed  in a report last week. It achieves this by executing a Linux executable file retrieved from a remote server post installation, whose main task is to drop an  ELF  file (" memfd ") directly in memory that functions as a Monero cryptominer, after which it gets deleted by the "secretslib" package. "The malicious activity leaves little to n...

Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and Investigation Service (FIOD)  said  in a statement. Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block  identified  him as Alexey Pertsev, citing confirmation from his wife. "My husband didn't do anything illegal," she was quoted as saying. FIOD also alleged that "Tornado Cash has been used to conceal large-scale criminal money flows, including from (online) thefts of cryptocurrencies (so-called crypto hacks and scams)." The agency, which initiated an investigation into Tornado Cash in June 2022, further hinted it may make more arrests...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

A pair of reports from cybersecurity firms  SEKOIA  and  Trend Micro  sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell. The first victim of rshell was reported in mid-July 2021. Lucky Mouse, also called  APT27 , Bronze Union, Emissary Panda, and Iron Tiger, is known to be active since 2013 and has a history of gaining access to targeted networks in pursuit of its political and military intelligence-collection objectives aligned with China. The advanced persis...

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface ( UEFI ) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one," hardware security firm Eclypsium  said  in a report shared with The Hacker News. The following  vendor-specific boot loaders , which were signed and authenticated by Microsoft, have been found vulnerable to the bypass and have been patched as part of the tech giant's  Patch Tuesday update  released this week - Eurosoft Boot Loader ( CVE-2022-34301 ) New Horizon Data Systems Inc Boot Loader ( CVE-2022-34302 ), and Crypto Pro Boot Loader ( CVE-20220-34303 ) Secure Boot is a  security standard  designed to thwart maliciou...

Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's Trusted Execution Environment (TEE), which is used to perform mobile payment signatures A TEE refers to a  secure enclave  inside the main processor that's used to process and store sensitive information such as cryptographic keys so as to ensure confidentiality and integrity. Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant. "Therefore, an attacker can bypass security fixes made by Xiaomi or MediaTek in trusted apps ...

The U.S. State Department on Thursday  announced  a $10 million reward for information related to five individuals associated with the Conti ransomware group. The reward offer is also notable for the fact that it marks the first time the face of a Conti associate, known as "Target," has been unmasked. The four other alleged members have been referred to as "Tramp," "Dandis," "Professor," and "Reshaev." The government, besides seeking information about the five operators that could lead to their identification or location, is also calling on people to share details about Conti and its affiliated groups  TrickBot  and  Wizard Spider . Since its rebrand from Ryuk to Conti in 2020, the transnational organized crime group has been linked to hundreds of ransomware incidents over the past two years. As of January 2022, the Russia-based ransomware-as-a-service (RaaS) operation is estimated to have hit over 1,000 entities, with victim payo...