The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox . "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens  said  in a technical write-up. Akuvox E11 is described by the company on its website as a " SIP  [Session Initiation Protocol] video doorphone specially designed for villas, houses, and apartments." The  product listing , however, has been taken down from the website, displaying an error message: "Page does not exist." A  snapshot  captured by Google shows that the page was live as recently as March 12, 2023, 05:59:51 GMT. The attacks can manifest either through remote code execution within the local area network (LAN) or remote activation of the E11's camera and microphone, allowing the adversary to c...

The  Dark Pink  advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was extensively profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate sensitive information. The threat actor is suspected to be of Asia-Pacific origin and has been active since at least mid-2021, with an increased tempo observed in 2022. "The latest attacks, which took place in February 2023, were almost identical to previous attacks," Dutch cybersecurity company EclecticIQ  disclosed  in a new report published last week. "The main difference in the February campaign is that the malware's obfuscation routine has improved to better evade anti-malware measures." The attacks play out in the form of social engineering lures that ...

The malware downloader known as BATLOADER has been observed  abusing Google Ads  to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company  eSentire , the malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER , as the name suggests, is a loader that's responsible for distributing next-stage malware such as information stealers, banking malware, Cobalt Strike, and even ransomware. One of the key traits of the BATLOADER operations is the use of software impersonation tactics for malware delivery. This is achieved by setting up lookalike websites that host Windows installer files masquerading as legitimate apps to trigger the infection sequence when a user searching for the software clicks a rogue ad on the Google search results page. These MSI installer files, when launched, execute Python scripts that contain the BATLOADER payload to ...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

An updated version of a botnet malware called  Prometei  has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation methods, some of which also include the  exploitation  of ProxyLogon Microsoft Exchange Server flaws. It's also notable for avoiding striking Russia, suggesting that the threat actors behind the operation are likely based in the country. The cross-platform botnet's motivations are financial, primarily leveraging its pool of infected hosts to mine cryptocurrency and harvest credentials. The latest variant of Prometei (called v3) improves upon its existing features to challenge forensic analysis and further burrow its access on victim machines, Cisco Talos  said ...

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall  Secure Mobile Access (SMA) 100 appliances  to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant  said  in a technical report published this week. The Google-owned incident response and threat intelligence firm is tracking the activity under its uncategorized moniker  UNC4540 . The malware – a collection of bash scripts and a single ELF binary identified as a TinyShell backdoor – is engineered to grant the attacker privileged access to SonicWall devices. The overall objective behind the custom toolset appears to be credential theft, with the malware permitting the adversary to siphon cryptographically hashed credentials from all logged-in users. It further provides shell access to the compromised device. Mandiant also...

A coordinated international law enforcement exercise has taken down the online infrastructure associated with a cross-platform remote access trojan (RAT) known as NetWire . Coinciding with the seizure of the sales website www.worldwiredlabs[.]com, a Croatian national who is suspected to be the website's administrator has been arrested. While the suspect's name was not released, investigative journalist Brian Krebs  identified  Mario Zanko as the owner of the domain. "NetWire is a licensed commodity RAT offered in underground forums to non-technical users to carry out their own criminal activities," Europol's European Cybercrime Center (EC3)  said  in a tweet. Advertised  since   at least 2012 , the malware is typically distributed via  malspam campaigns  and gives a remote attacker complete control over a Windows, macOS, or Linux system. It also comes with password-stealing and keylogging capabilities. The U.S. Department of Justice (DoJ)...

Multi-factor Authentication (MFA) has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be less known are the inherent coverage limitations of traditional MFA solutions. While compatible with RDP connection and local desktop logins,  they offer no protection to remote command line access tools like PsExec, Remote PowerShell and their likes. In practice, it means that workstations and servers remain as vulnerable to lateral movement, ransomware spread and other identity threats despite having a fully functioning MFA solution on. For the adversary it's just a matter of taking the command line path instead of the RDP to log in as if there was not protection installed at all. In this article we'll explore this blind spot, understand its root cause and implications, and view ...