The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called  The Real Deal  that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye , who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy. Kaye was indicted in April 2021, and subsequently consented to his extradition from Cyprus to the U.S. in September 2022. "While living overseas, this defendant allegedly operated an illegal website that made hacking tools and login credentials available for purchase, including those for U.S. government agencies,"  said  U.S. Attorney Ryan K. Buchanan. Court documents show that  The Real Deal , until its shutdown in 2016, functioned as a market for illicit items, including stolen account logins for U.S. government computers, bank accounts, and social media platforms such a...

As many as 85 command-and-control (C2) servers have been  discovered  supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit (TAU), which  studied  three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications. ShadowPad , seen as a successor to  PlugX , is a modular malware platform privately shared among multiple Chinese state-sponsored actors since 2015. Taiwanese cybersecurity firm TeamT5, earlier this May, disclosed details of another China-nexus modular implant named  Pangolin8RAT , which is believed to be the successor of the PlugX and ShadowPad malware families, linking it to a threat group dubbed Tianwu. An analysis of the three ShadowPad artifacts, which have been previously put to use by  Winnti ,  Tonto Team , and an emerging threat cluster codenamed  Space Pirates , made it possible to di...

Automobile, Energy, Media, Ransomware? When thinking about verticals, one may not instantly think of cyber-criminality. Yet, every move made by governments, clients, and private contractors screams toward normalizing those  menaces  as a new vertical. Ransomware has every trait of the classical economical vertical. A thriving ecosystem of insurers, negotiators, software providers, and managed service experts. This cybercrime branch looks at a loot stash that counts for trillions of dollars. The cybersecurity industry is too happy to provide services, software, and insurance to accommodate this new normal.  Intense insurer lobbying in France led the finance ministry to give a positive opinion about reimbursing ransoms, against the very advice of its government's cybersecurity branch. The market is so big and juicy that no one can get in the way of "the development of the cyber insurance market." In the US, Colonial pipeline is seeking tax reductions from the loss incu...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The bug, dubbed  SiriSpy , has been assigned the identifier CVE-2022-32946. "Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets," Rambo  said  in a write-up. "This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone." The vulnerability, according to Rambo, relates to a service called DoAP that's included in AirPo...

Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm  said  the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its  ahm health insurance subsidiary  and international students. Medibank, which is one of the largest Australian private health insurance providers,  serves about 3.9 million customers  across the country. "We have evidence that the criminal has removed some of this data and it is now likely that the criminal has stolen further personal and health claims data," the company further added. "As a result, we expect that the number of affected customers could grow substantially." The company also said it's continuing its probe to determine what specific data has been stolen in th...

A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity  Kiss-a-dog , with its command-and-control infrastructure overlapping with those associated with other groups like  TeamTNT , which are known to  strike   misconfigured  Docker and Kubernetes instances. The intrusions, spotted in September 2022, get their name from a domain named "kiss.a-dog[.]top" that's used to trigger a shell script payload on the compromised container using a Base64-encoded Python command. "The URL used in the payload is obscured with backslashes to defeat automated decoding and regex matching to retrieve the malicious domain," CrowdStrike researcher Manoj Ahuje  said  in a technical analysis. The attack chain subsequently attempts to escape the container and move laterally into the breached n...

A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the  Raccoon Stealer  malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, in what's said to be a Porsche Cayenne, is currently being held in the Netherlands and awaits extradition to the U.S. "Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency," the U.S. Department of Justice (DoJ)  said . "These individuals used various ruses, such as email phishing, to install the malware onto the computers of unsuspecting victims." Sokolovsky is said to have gone by various online monikers like Photix, raccoonstealer, and black21jack77777 on online cybercrime forums to advertise the service for sale. Raccoon Stealer, mainly distributed under the guise of cracked software, is known to be one o...