#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

Oct 27, 2022
A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity  Kiss-a-dog , with its command-and-control infrastructure overlapping with those associated with other groups like  TeamTNT , which are known to  strike   misconfigured  Docker and Kubernetes instances. The intrusions, spotted in September 2022, get their name from a domain named "kiss.a-dog[.]top" that's used to trigger a shell script payload on the compromised container using a Base64-encoded Python command. "The URL used in the payload is obscured with backslashes to defeat automated decoding and regex matching to retrieve the malicious domain," CrowdStrike researcher Manoj Ahuje  said  in a technical analysis. The attack chain subsequently attempts to escape the container and move laterally into the breached n...
U.S. Charges Ukrainian Hacker Over Role in Raccoon Stealer Malware Service

U.S. Charges Ukrainian Hacker Over Role in Raccoon Stealer Malware Service

Oct 26, 2022
A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the  Raccoon Stealer  malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, in what's said to be a Porsche Cayenne, is currently being held in the Netherlands and awaits extradition to the U.S. "Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency," the U.S. Department of Justice (DoJ)  said . "These individuals used various ruses, such as email phishing, to install the malware onto the computers of unsuspecting victims." Sokolovsky is said to have gone by various online monikers like Photix, raccoonstealer, and black21jack77777 on online cybercrime forums to advertise the service for sale. Raccoon Stealer, mainly distributed under the guise of cracked software, is known to be one o...
This 9-Course Bundle Can Take Your Cybersecurity Skills to the Next Level

This 9-Course Bundle Can Take Your Cybersecurity Skills to the Next Level

Oct 26, 2022
If you regularly read The Hacker News, there's a fair chance that you know something about  cybersecurity . It's possible to turn that interest into a six-figure career. But to make the leap, you need to pick up some key skills and professional certifications. Featuring nine in-depth courses,  The 2022 Masters in Cyber Security Certification Bundle  helps you get ready for the next step. And in a special reader offer, you can get lifetime access for only $39.99. Special Offer —  This bundle contains nine courses with a total value of $1,800. But for a limited time, you can  get lifetime on-demand access for only $39.99 . That is a massive 97% off MSRP! From penetration testing to  threat analysis , there are thousands of vacant roles in the cybersecurity industry right now. What's more, this trend is set to continue, with experts predicting a  12% growth  within the industry in the remainder of this decade. The really exciting part is that a...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Find and Fix the Gaps in Your Security Tools

websitePrelude SecuritySecurity Control Validation
Connect your security tools for 14-days to find missing and misconfigured controls.
Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

Oct 26, 2022
The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy. "The FastFire malware is disguised as a Google security plugin, and the FastViewer malware disguises itself as 'Hancom Office Viewer,' [while] FastSpy is a remote access tool based on  AndroSpy ," researchers Lee Sebin and Shin Yeongjae  said . Kimsuky, also known by the names Black Banshee, Thallium, and Velvet Chollima, is believed to be tasked by the North Korean regime with a global intelligence-gathering mission, disproportionately targeting individuals and organizations in South Korea, Japan, and the U.S. This past August, Kaspersky unearthed a previously undocumented infection chain dubbed  GoldDragon  to deploy a Windows backdoor capable o...
Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military

Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military

Oct 26, 2022
The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022.  The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on compromised systems. "The initial 'Advanced IP Scanner' campaign occurred on July 23, 2022," the BlackBerry research and intelligence team  said . "Once the victim installs a Trojanized bundle, it drops RomCom RAT to the system." While previous iterations of the campaign involved the use of trojanized Advanced IP Scanner, the unidentified adversarial collective has since switched to pdfFiller as of October 20, indicating an active attempt on part of the adversary to refine tactics and thwart detection. These lookalike websites host a rogue installer package that r...
Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

Oct 26, 2022
A cybercrime group known as  Vice Society  has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using exfiltrated stolen data. "Shifting ransomware payloads over time from  BlackCat ,  Quantum Locker , and  Zeppelin , DEV-0832's latest payload is a Zeppelin variant that includes Vice Society-specific file extensions, such as .v-s0ciety, .v-society, and, most recently, .locked," the tech giant's cybersecurity division  said . Vice Society, active since June 2021, has been steadily observed encrypting and exfiltrating victim data, and threatening companies with exposure of siphoned information to pressure them into paying a ransom. "Unlike other RaaS (Ransomware-as-a-Ser...
Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities

Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities

Oct 26, 2022
Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as  CVE-2020-3153  (CVSS score: 6.5) and  CVE-2020-3433  (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges.  While CVE-2020-3153 was addressed by Cisco in February 2020, a fix for CVE-2020-3433 was shipped in August 2020. "In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild," the networking equipment maker said in an updated advisory. "Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability." The alert comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) moved to add the two flaws to i...
Expert Insights Articles Videos
Cybersecurity Resources