#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

What Is Your Security Team Profile? Prevention, Detection, or Risk Management

What Is Your Security Team Profile? Prevention, Detection, or Risk Management

Sep 05, 2022
Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist! Most attacks succeed by taking advantage of common failures in their target's systems. Whether new or not, known, unknown, or even unknown, attacks leverage security gaps such as  unpatched or uncharted vulnerabilities, misconfigurations, out-of-date systems, expired certificates, human errors, etc. As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to...
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

Sep 05, 2022
A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.sys") is signed with a valid certificate, thereby making it possible to circumvent privileges and terminate services associated with endpoint protection applications. Genshin Impact is a popular action role-playing game that was developed and published by Shanghai-based developer miHoYo in September 2020. The driver used in the attack chain is said to have been built in August 2020, with the existence of the flaw in the module  discussed  after the release of the game, and leading to  exploits   demonstrating  the ability to kill any arbitrary process and escalate to kernel mode. The idea, in a nutshell, is ...
Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan

Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan

Sep 05, 2022
The notorious Android banking trojan known as  SharkBot  has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT  said  in a report. "Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats." The apps in question, Mister Phone Cleaner and Kylhavy Mobile Security, have over 60,000 installations between them and are designed to target users in Spain, Australia, Poland, Germany, the U.S., and Austria - Mister Phone Cleaner (com.mbkristine8.cleanmaster, 50,000+ downloads) Kylhavy Mobile Security (com.kylhavy.antivirus, 10,000+ downloads) The  droppers  are designed to drop a new version of SharkBot,  dubbed V2  by Dutch security firm ThreatFabric, which features an...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Find and Fix the Gaps in Your Security Tools

websitePrelude SecuritySecurity Control Validation
Connect your security tools for 14-days to find missing and misconfigured controls.
Samsung Admits Data Breach that Exposed Details of Some U.S. Customers

Samsung Admits Data Breach that Exposed Details of Some U.S. Customers

Sep 03, 2022
South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company  disclosed  in a notice. "On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected." Samsung said the infiltration enabled hackers to access certain data such as names, contact and demographic information, dates of birth, and product registration details. It stressed that the incident did not affect users' Social Security numbers or credit and debit card numbers, but noted the information leaked for each relevant customer may vary. The collected information is necessary to help the company deliver the best experience with its products and services, ...
Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

Sep 03, 2022
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier  CVE-2022-3075 , concerns a case of insufficient data validation in  Mojo , which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022. "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the internet giant  said , without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw. The latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year - CVE-2022-0609  - Use-after-free in Animation CVE-2022-1096  - Type confusion in V8 CVE...
Prynt Stealer Contains a Backdoor to Steal Victims' Data Stolen by Other Cybercriminals

Prynt Stealer Contains a Backdoor to Steal Victims' Data Stolen by Other Cybercriminals

Sep 02, 2022
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer , which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. "While this untrustworthy behavior is nothing new in the world of cybercrime, the victims' data end up in the hands of multiple threat actors, increasing the risks of one or more large scale attacks to follow," Zscaler ThreatLabz researchers Atinderpal Singh and Brett Stone-Gross  said  in a new report. Prynt Stealer, which  came to light  earlier this April, comes with capabilities to log keystrokes, steal credentials from web browsers, and siphon data from Discord and Telegram. It's sold for $100 for a one-month license and $900 for a lifetime subscription. The cybersecurity firm analysis of Prynt Stealer shows that its codebase is derived from two other open source malware families,  AsyncRAT ...
JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users

JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users

Sep 02, 2022
More details have emerged about the operators behind the  first-known phishing campaign  specifically aimed at the Python Package Index (PyPI), the official third-party software repository for the programming language. Connecting it to a threat actor tracked as  JuiceLedger , cybersecurity firm SentinelOne, along with Checkmarx, described the group as a relatively new entity that surfaced in early 2022. Initial "low-key" campaigns are said to have involved the use of rogue Python installer applications to deliver a .NET-based malware called JuiceStealer that's engineered to siphon passwords and other sensitive data from victims' web browsers. The attacks received a significant facelift last month when the JuiceLedger actors  targeted PyPi package contributors  in a phishing campaign, resulting in the compromise of three packages with malware. "The supply chain attack on PyPI package contributors appears to be an escalation of a campaign begun earlier in t...
Expert Insights Articles Videos
Cybersecurity Resources