The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have reported an increase in  TrueBot  infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. "Post-compromise activity included data theft and the execution of Clop ransomware," security researcher Tiago Pereira  said  in a Thursday report. TrueBot is a Windows malware downloader that's attributed to a threat actor tracked by Group-IB as  Silence , a Russian-speaking crew believed to  share associations  with Evil Corp (aka DEV-0243) and  TA505 . The first-stage module functions as an entry point for subsequent post-exploitation activities, including information theft using a hitherto unknown custom data exfiltration utility dubbed Teleport, the cybe...

API attacks are on the rise. One of their major targets is eCommerce firms like yours.  APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world.  ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owing to their increased use, APIs are attractive targets for hackers, as the following numbers expose:  API attack traffic increased by  681% in 2021    77% of retail respondents experienced API security incidents in 2021– according to  Noname security If left unaddressed, API abuse can damage your reputation, harm consumers, and affect the bottom line. Hence  API security  is worthy of consideration for eCommerce stakeholders. Why do eCommerce companies need APIs? API makes it easy for retailers and eCommerce platforms to handle product listings and orders. It transformed the static website into a completely customizable headless store. Ret...

The subgroup of an Iranian nation-state group known as  Nemesis Kitten  has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling  said . "All the traffic to GitHub is encrypted, meaning defensive technologies can't see what is being passed back and forth. And because GitHub is a legitimate service, it raises fewer questions." The Iranian government-sponsored actor's malicious activities came under the radar earlier in February 2022, when it was  observed  exploiting  Log4Shell flaws  in unpatched VMware Horizon servers to deploy ransomware. Nemesis Kitten is  tracked  by the larger cybersecurity community under various monikers such as TunnelVision, Cobalt Mirage, and UNC2448. It's als...

For today's businesses data privacy is already a big headache, and with modern privacy laws expanding to more of the world's population, regulatory compliance is on track to become a more complicated, high-stakes process touching on every aspect of an organization. In fact,  Gartner predicts  that by 2024, 75% of the Global Population will have its personal data covered under privacy regulations.  Tightening data privacy regulations around the world The EU's General Data Privacy Regulation (GDPR) was not the first privacy law in the world. Still, it was undoubtedly the first significant shakeup in privacy legislation with a far-reaching impact on organizations globally. Following its implementation, several U.S. states have started implementing similar privacy laws. This legislation includes; Virginia Consumer Data Protection Act (VCDPA), effective January 1st, 2023 California Privacy Rights Act (CPRA), effective January 1st, 2023 Utah Consumer Privacy Act (UCPA), ...

The Iran-linked  MuddyWater  threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin  said  in a technical write-up. MuddyWater , also called Boggy Serpens, Cobalt Ulster, Earth Vetala, Mercury, Seedworm, Static Kitten, and TEMP.Zagros, is said to be a  subordinate element  within Iran's Ministry of Intelligence and Security (MOIS). Active since at least 2017, attacks mounted by the espionage group have typically targeted telecommunications, government, defense, and oil sectors. The current intrusion set follows MuddyWater's long-running modus operandi of using phishing lures that contain direct Dropbox links or document attachments with an embedded URL pointing to a ZIP arc...

Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as  ERMAC ,  Erbium ,  Aurora , and  Laplas , according to a  ThreatFabric report  shared with The Hacker News. "This campaign resulted in thousands of victims," the Dutch cybersecurity company said, adding, "Erbium stealer successfully exfiltrated data from more then 1,300 victims." The ERMAC infections commence with a fraudulent website that claims to offer Wi-Fi authorization software for Android and Windows that, when installed, comes with features to steal seed phrases from crypto wallets and other sensitive data. ThreatFabric said it also found a number of malicious apps that were trojanized versions of legitimate apps like Instagram, with the operators using them as droppers to deliver the obfuscated malicious payload. The rogue apps, dubb...

An unconventional data exfiltration method leverages a previously undocumented covert channel to leak sensitive information from air-gapped systems. "The information emanates from the air-gapped computer over the air to a distance of 2 m and more and can be picked up by a nearby insider or spy with a mobile phone or laptop," Dr. Mordechai Guri , the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel and the head of Offensive-Defensive Cyber Research Lab, said in a  new paper  shared with The Hacker News. The mechanism, dubbed  COVID-bit , leverages malware planted on the machine to generate electromagnetic radiation in the 0-60 kHz frequency band that's subsequently transmitted and picked up by a stealthy receiving device in close physical proximity. This, in turn, is made possible by exploiting the dynamic power consumption of modern computers and manipulating the momentary loads on CPU cores. COVID-bit is the...