The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called  BrasDex  that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, as well as a highly capable Automated Transfer System ( ATS ) engine," ThreatFabric  said  in a report published last week. The Dutch security firm said that the command-and-control (C2) infrastructure used in conjunction with BrasDex is also being used to control  Casbaneiro , which is known to strike banks and cryptocurrency services in Brazil and Mexico. The  hybrid Android and Windows malware campaign  is estimated to have resulted in thousands of infections to date. BrasDex, which masquerades as a banking app for Banco Santander, is also emblemati...

The Russia-linked Gamaredon group attempted to unsuccessfully break into a large petroleum refining company within a NATO member state earlier this year amid the ongoing Russo-Ukrainian war. The attack, which took place on August 30, 2022, is just one of multiple intrusions orchestrated by the advanced persistent threat (APT) that's attributed to Russia's Federal Security Service ( FSB ). Gamaredon , also known by the monikers Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder, has a history of primarily going after Ukrainian entities and, to a lesser extent, NATO allies to harvest sensitive data. "As the conflict has continued on the ground and in cyberspace, Trident Ursa has been operating as a dedicated access creator and intelligence gatherer," Palo Alto Networks Unit 42  said  in a report shared with The Hacker News. "Trident Ursa remains one of the most pervasive, intrusive, continuously active and focused AP...

It's no secret that keeping software up to date is one of the key best practices in cybersecurity. Software vulnerabilities are being discovered almost weekly these days. The longer it takes IT teams to apply updates issued by developers to patch these security flaws, the more time attackers have to exploit the underlying vulnerability. Once threat actors gain access to corporate IT ecosystems, they can steal or encrypt sensitive data, deploy ransomware, damage systems, and more. When there's a known exploit for a critical vulnerability, the need to deploy patches becomes critical. At the same time, while IT teams race to keep their operating systems, business applications, and web browsers up to date and fully patched, they have to exercise caution, since applying patches without proper testing can introduce more problems than it solves. The reality is, many organizations are struggling to maintain the upper hand against threats. According to Action1's  2021 Remote IT ...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

An ongoing analysis of the  KmsdBot  botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included  FiveM  and  RedM , which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as luxury brands and security firms. KmsdBot is a  Go-based malware  that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service (DDoS) attacks. However, a lack of an error-checking mechanism in the malware source code caused the criminal operators to inadvertently  crash their own botnet  last month. "Based on observed IPs and domains, the majority of the victims are located in Asia, North America, and Europe," Akamai researchers Larry W. Cas...

Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that the  Fortnite  creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for breaching the Children's Online Privacy Protection Act ( COPPA ) by collecting the personal information of Fortnite players under the age of 13 without seeking permission from their parents. It will also pay $245 million to reimburse customers who were deceived by its  dark pattern  tricks to make accidental purchases as well as for allowing children to rack up unauthorized charges through in-game content purchases without requiring any parental or card holder action or consent. "Epic Games possessed actual knowledge that it collected personal information from children, including their names, email addresses, and identifiers used to keep tr...

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed  Achilles  ( CVE-2022-42821 , CVSS score: 5.5), was addressed by the iPhone maker in  macOS Ventura 13 ,  Monterey 12.6.2 , and  Big Sur 11.7.2 , describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks. "Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS," Jonathan Bar Or of the Microsoft 365 Defender Research Team  said . Gatekeeper is a  security mechanism  designed to ensure that only trusted apps run on the operating system. This is  enforced  by means of an extended attribute called "com.apple.quarantine" that's...

Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed  SentinelSneak . The package, named  SentinelOne  and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen versions pushed in quick succession over a period of two days. It claims to offer an easier method to access the  company's APIs , but harbors a malicious backdoor that's engineered to amass sensitive information from development systems, including access credentials, SSH keys, and configuration data. What's more, the threat actor has also been observed releasing two more packages with similar naming variations –  SentinelOne-sdk  and  SentinelOneSDK  – underscoring the  continued threats  lurking in open source repositories. "The SentinelOne ...