The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a  high-severity flaw  in the V8 JavaScript engine tracked as  CVE-2021-38003  (CVSS score: 8.8), which was  exploited as a zero-day  and addressed by Google in October 2021. "Since V8 was not sandboxed in Dota, the exploit on its own allowed for remote code execution against other Dota players," Avast researcher Jan Vojtěšek  said  in a report published last week. Following responsible disclosure to Valve, the game publisher  shipped fixes  on January 12, 2023, by upgrading the version of V8. Game modes are essentially  custom capabilities  that can either augment an existing title or offer completely new gameplay in a manner that deviates from the standard rules. While publishing a custom game mode to th...

The recently published Security Navigator report of Orange Cyberdefense shows there has been a  rapid increase of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point.  Though the data does not indicate at this point that a lot of threat actors specifically target industrial systems – in fact, most evidence points to purely opportunistic behaviour – the tide could turn any time, once the added complexity of compromising OT environments promises to pay off. Criminals will take any chance they get to blackmail victims into extortion schemes, and halting production can cause immense damage. It is likely only a matter of time. So cybersecurity for operational technology (OT) is vitally important.  Deception is an effective option to improve threat detection and r...

The advanced persistent threat (APT) actor known as  Tonto Team  carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm  said  that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed at Group-IB, the first of which took place in March 2021. Tonto Team, also called Bronze Huntley,  Cactus Pete , Earth Akhlut, Karma Panda, and UAC-0018, is a suspected Chinese hacking group that has been linked to attacks targeting a wide range of organizations in Asia and Eastern Europe. The actor is known to be active since at least 2009 and is said to  share ties  to the Third Department ( 3PLA ) of the People's Liberation Army's Shenyang TRB ( Unit 65016 ). Attack chains involve spear-phishing lures containing malicious attachments created using the Royal Road Rich Text Format (RTF) exploitation toolkit to drop backdoo...

A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. Enterprise security company Proofpoint, which is tracking the activity cluster under the name  Screentime , said the group, dubbed  TA866 , is likely financially motivated. "TA866 is an organized actor able to perform well thought-out attacks at scale based on their availability of custom tools; ability and connections to purchase tools and services from other vendors; and increasing activity volumes," the company  assessed . Campaigns mounted by the adversary are said to have commenced around October 3, 2022, with the attacks launched via emails containing a booby-trapped attachment or URL that leads to malware. The attachments range from macro-laced Microsoft Publisher files to PDFs with URLs pointing to JavaScript files. The intrusions have also leveraged conversation hijacking to entice recipients into clicking on...

After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from  ESXiArgs ransomware attacks , the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than 128MB will have 50% of their data encrypted, making the recovery process more challenging. Another notable change is the removal of the Bitcoin address from the ransom note, with the attackers now urging victims to contact them on Tox to obtain the wallet information. The threat actors "realized that researchers were tracking their payments, and they may have even known before they released the ransomware that the encryption process in the original variant was relatively easy to circumvent," Censys  said  in a write-up. "In other words: they are watching." Statistics shared...

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar Zahravi and Peter Girnus  said  in a report this week. Enigma is said to be an altered version of Stealerium, an open source C#-based malware that acts as a stealer, clipper, and keylogger. The intricate infection journey starts with a rogue RAR archive file that's distributed via phishing or social media platforms. It contains two documents, one of which is a .TXT file that includes a set of sample interview questions related to cryptocurrency. The second file is a Microsoft Word document that, while serving as a decoy, is tasked with launching the first-stage Enigma loader, ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday  added  three flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active abuse in the wild. Included among the three is  CVE-2022-24990 , a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges. Details about the flaw were  disclosed  by Ethiopian cyber security research firm Octagon Networks in March 2022. The vulnerability, according to a  joint advisory  released by U.S. and South Korean government authorities, is said to have been weaponized by North Korean nation-state hackers to strike healthcare and critical infrastructure entities with ransomware. The second shortcoming to be added to KEV catalog is  CVE-2015-2291 , an unspecified flaw in the Intel ethernet diagnostics driver for Windows (IQVW32.sys and IQVW64.sys) that could throw an a...