The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the  comic creation of Sacha Baron Cohen ? RAT malware typically helps cybercriminals gain complete control of a victim's system, permitting them to access network resources, files, and power to toggle the mouse and keyboard. Borat RAT malware goes beyond the standard features and enables threat actors to deploy ransomware and  DDoS attacks . It also increases the number of threat actors who can launch attacks, sometimes appealing to the lowest common denominator. The added functionality of carrying out DDoS attacks makes it insidious and a risk to today's digital organizations. Ransomware has been the most common top attack type for over  three years . According to an IBM report, REvil was the most common ransomware strain, consisting of about  37%  of all ransomware attacks. Borat ...

Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems ( RTLS ), enabling threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location data. "The zero-days found specifically pose a security risk for workers in industrial environments," cybersecurity firm Nozomi Networks  disclosed  in a technical write-up last week. "If a threat actor exploits these vulnerabilities, they have the ability to tamper with safety zones designated by RTLS to protect workers in hazardous areas." RTLS is used to automatically identify and track the location of objects or people in real-time, usually within a confined indoor area. This is achieved by making use of tags that are attached to assets, which broadcast USB signals to fixed reference points called anchors that then determine their location. But flaws identified in RTLS solutions –  Sewio Indoor Tracking RTLS UWB Wi-Fi Kit  and  Avalue Renit...

Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user," the company  said  in an advisory last week. "This vulnerability has been present in CAS software since version 2020-12-08." It's not immediately clear how many servers were breached using this flaw and how much cryptocurrency was stolen. CAS is short for  Crypto Application Server , a self-hosted product from General Bytes that enables companies to manage Bitcoin ATM ( BATM ) machines from a central location via a web browser on a desktop or a mobile device. The zero-day flaw, which concerned a bug in the CAS admin interface, has been mitigated in two server p...

Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the  Grandoreiro  banking trojan.  "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute 'Grandoreiro,' a prolific banking trojan that has been active since at least 2016, and that specifically targets users in Latin America," Zscaler  said  in a report. The ongoing attacks, which commenced in June 2022, have been observed to target automotive, civil and industrial construction, logistics, and machinery sectors via multiple infection chains in Mexico and chemicals manufacturing industries in Spain. Attack chains entail leveraging spear-phishing emails written in Spanish to trick potential victims into clicking on an embedded link that retrieves a ZIP archi...

With more data stored in the cloud than ever before, now is a good time to  get into cybersecurity . Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white hat hacking? Enter the  All-In-One 2022 Super-Sized Ethical Hacking Bundle . This collection of 18 courses provides the perfect launchpad for your new career, and readers of The Hacker News can currently grab it at a massive discount. Reader Offer —  This collection of 18 courses is worth $3,284. But for a limited time, you can get lifetime access to all the training  for only $42.99 ! Knowledge is everything in the world of cybersecurity. The more skills you acquire, the more doors will open within the industry.  This bundle helps you fill your résumé, with 1,686 individual tutorials covering a wide range of topics. You don't need any technical background in orde...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a  critical SAP security flaw  to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. The issue in question is  CVE-2022-22536 , which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch Tuesday updates for February 2022. Described as an HTTP request smuggling vulnerability, the shortcoming impacts the following product versions - SAP Web Dispatcher (Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87) SAP Content Server (Version - 7.53) SAP NetWeaver and ABAP Platform (Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49) "An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating ...

The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold Osipov  disclosed  in a report published last week. Also known as APT-C-35 and Viceroy Tiger, the Donot Team is known for setting its sights on defense, diplomatic, government, and military entities in India, Pakistan, Sri Lanka, and Bangladesh, among others at least since 2016. Evidence unearthed by Amnesty International in October 2021  connected  the group's attack infrastructure to an Indian cybersecurity company. Spear-phishing campaigns containing malicious Microsoft Office documents are the preferred delivery pathway for malware, followed by taking advantage of macro...