The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Amadey malware is being used to deploy  LockBit 3.0 ransomware  on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC)  said  in a new report published today. Amadey, first discovered in 2018, is a "criminal-to-criminal (C2C) botnet infostealer project," as  described  by the BlackBerry Research and Intelligence Team, and is offered for purchase on the criminal underground for as much as $600. While its primary function is to harvest sensitive information from the infected hosts, it further doubles up as a channel to deliver next-stage artifacts. Earlier this July, it was  spread using SmokeLoader , a malware with not-so-different features like itself. Just last month, ASEC also...

Cryptocurrency users are being targeted with a new clipper malware strain dubbed  Laplas  by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other  commodity trojans  like  SystemBC  and  Raccoon Stealer 2.0 , according to an  analysis  from Cyble. Observed in the wild since circa 2013,  SmokeLoader  functions as a generic loader capable of distributing additional payloads onto compromised systems, such as information-stealing malware and other implants. In July 2022, it was found to deploy a backdoor called  Amadey . Cyble said it discovered over 180 samples of the Laplas since October 24, 2022, suggesting a wide deployment. Clippers, also called ClipBankers, fall under a category of malware that Microsoft calls  cryware , which are designed to steal crypto by keeping close tabs on a vic...

The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion. Additionally recovered were $661,900 in cash, 25 Casascius coins with an approximate value of 174 Bitcoin, and gold- and silver-colored bars. It's also one of the largest cryptocurrency seizures to date, followed by the confiscation of $3.6 billion worth of bitcoin  earlier this February  tied to the 2016 breach of the Bitfinex crypto exchange. The Justice Department said it conducted the seizure on November 9, 2021, pursuant to a search warrant issued to James Zhong's house located in the U.S. state of Georgia. It also said the keys to the tokens were found in an underground floor safe and on a "single-board computer that was submerged under blankets in a popcorn t...

The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing.  A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending heading into 2023, while Gartner recently projected that 2022 IT spending will only grow by 3%, down from a 10% growth rate the year before. We're already seeing businesses making cuts and freezing budgets. And smaller organizations that already have limited budgets are more vulnerable than ever. While we are still dealing with the unknown, one thing  is  clear: even as the economy slows down, security threats don't. But there's hope.  A  new eBook  illuminates how one solution can not only help increase security operations efficiency but also provide economic safeguards for security teams that are already strapped for cash.  What is the solution? C...

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The  attack , according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not before the attackers exfiltrated the data. "This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers," the Melbourne-based firm  noted . Compromised details include names, dates of birth, addresses, phone numbers, and email addresses, as well as Medicare numbers (but not expiry dates) for ahm customers, and passport numbers (but not expiry dates) and visa details for international student customers. It further said the incident resulted in the theft of health claims data for about 16...

Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the  tool , which is buried inside a  Help Center page  about " Friending ," was first reported by  Business Insider  last week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws." An Internet Archive search via the Wayback Machine  shows  that the option has been available since at least May 29, 2022. When users  sync the contact lists  on their devices with Facebook (or any other service), it's worth pointing out the  privacy violation , which stems from the fact that those contacts didn't explicitly consent to the upload. "Someone may have uploaded their address book to Facebook, Messenger, or Instagram with your contact information in it," Facebook notes in the page. "You can ask us to confirm whether...

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein,  said  in a report published on November 2, 2022. The Berlin-based cybersecurity firm said it started an investigation in the aftermath of a  notification  sent by GitHub in February 2022 to an unknown number of users about sharing their usernames and private repository names (i.e.,  GitHub Pages URLs ) to urlscan.io for metadata analysis as part of an automated process. Urlscan.io, which has been described as a  sandbox for the web , is  integrated  into several security solutions  via its API . "With the type of integration of this API (for example via a security tool that scans every incoming email ...