The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cryptocurrency users are being targeted with a new clipper malware strain dubbed  Laplas  by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other  commodity trojans  like  SystemBC  and  Raccoon Stealer 2.0 , according to an  analysis  from Cyble. Observed in the wild since circa 2013,  SmokeLoader  functions as a generic loader capable of distributing additional payloads onto compromised systems, such as information-stealing malware and other implants. In July 2022, it was found to deploy a backdoor called  Amadey . Cyble said it discovered over 180 samples of the Laplas since October 24, 2022, suggesting a wide deployment. Clippers, also called ClipBankers, fall under a category of malware that Microsoft calls  cryware , which are designed to steal crypto by keeping close tabs on a vic...

The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion. Additionally recovered were $661,900 in cash, 25 Casascius coins with an approximate value of 174 Bitcoin, and gold- and silver-colored bars. It's also one of the largest cryptocurrency seizures to date, followed by the confiscation of $3.6 billion worth of bitcoin  earlier this February  tied to the 2016 breach of the Bitfinex crypto exchange. The Justice Department said it conducted the seizure on November 9, 2021, pursuant to a search warrant issued to James Zhong's house located in the U.S. state of Georgia. It also said the keys to the tokens were found in an underground floor safe and on a "single-board computer that was submerged under blankets in a popcorn t...

The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing.  A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending heading into 2023, while Gartner recently projected that 2022 IT spending will only grow by 3%, down from a 10% growth rate the year before. We're already seeing businesses making cuts and freezing budgets. And smaller organizations that already have limited budgets are more vulnerable than ever. While we are still dealing with the unknown, one thing  is  clear: even as the economy slows down, security threats don't. But there's hope.  A  new eBook  illuminates how one solution can not only help increase security operations efficiency but also provide economic safeguards for security teams that are already strapped for cash.  What is the solution? C...

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The  attack , according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not before the attackers exfiltrated the data. "This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers," the Melbourne-based firm  noted . Compromised details include names, dates of birth, addresses, phone numbers, and email addresses, as well as Medicare numbers (but not expiry dates) for ahm customers, and passport numbers (but not expiry dates) and visa details for international student customers. It further said the incident resulted in the theft of health claims data for about 16...

Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the  tool , which is buried inside a  Help Center page  about " Friending ," was first reported by  Business Insider  last week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws." An Internet Archive search via the Wayback Machine  shows  that the option has been available since at least May 29, 2022. When users  sync the contact lists  on their devices with Facebook (or any other service), it's worth pointing out the  privacy violation , which stems from the fact that those contacts didn't explicitly consent to the upload. "Someone may have uploaded their address book to Facebook, Messenger, or Instagram with your contact information in it," Facebook notes in the page. "You can ask us to confirm whether...

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein,  said  in a report published on November 2, 2022. The Berlin-based cybersecurity firm said it started an investigation in the aftermath of a  notification  sent by GitHub in February 2022 to an unknown number of users about sharing their usernames and private repository names (i.e.,  GitHub Pages URLs ) to urlscan.io for metadata analysis as part of an automated process. Urlscan.io, which has been described as a  sandbox for the web , is  integrated  into several security solutions  via its API . "With the type of integration of this API (for example via a security tool that scans every incoming email ...

A phishing-as-a-service (PhaaS) platform known as  Robin Banks  has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a  report  from cybersecurity company IronNet. Robin Banks was  first documented  in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services. It was also found to prompt users to enter Google and Microsoft credentials on rogue landing pages, suggesting an attempt on part of the malware authors to monetize initial access to corporate networks for post-exploitation activities such as espionage and ransomware. In recent months, Cloudflare's decision to blocklist its ...