The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have shed light on a new dropper-as-a-service (DaaS) for Android called  SecuriDropper  that bypasses new security restrictions imposed by Google and delivers the malware. Dropper malware on Android is designed to function as a conduit to install a payload on a compromised device, making it a lucrative business model for threat actors, who can advertise the capabilities to other criminal groups. What's more, doing so also allows adversaries to separate the development and execution of an attack from the installation of the malware. "Droppers and the actors behind them are in a constant state of evolution as they strive to outwit evolving security measures," Dutch cybersecurity firm ThreatFabric  said  in a report shared with The Hacker News. One such security measure introduced by Google with Android 13 is what's called the Restricted Settings, which prevents sideloaded applications from obtaining Accessibility and Notification Listene...

Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius, BlackShadow and Pink Sandstorm (previously Americium). "The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property," Palo Alto Networks Unit 42 said in a new report shared with The Hacker News. "Once the attackers stole the information, they deployed various wipers intended to cover the attackers' tracks and to render the infected endpoints unusable." This includes three different novel wipers such as MultiLayer, PartialWasher, and BFG Agonizer, as well as a bespoke tool to extract inf...

Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR) , employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023. "The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar," according to its developer and researcher Valerio Alessandroni, who goes by the online alias MrSaighnal. "The target will connect directly to Google." The tech giant, in its eighth Threat Horizons Report [PDF], said it has not observed the use of the tool in the wild, but noted its Mandiant threat intelligence unit has detected several threat actors sharing the PoC on underground forums. "GCR, running on a compromised machine, periodically polls the Calendar event description for new commands, executes those commands on the t...

The U.S. Department of the Treasury imposed sanctions against a 37-year-old Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the Ryuk ransomware group. Ekaterina Zhdanova, per the department, is said to have facilitated large cross border transactions to assist Russian individuals to gain access to Western financial markets and circumvent international sanctions. "Zhdanova utilizes entities that lack Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) controls, such as OFAC-designated Russian cryptocurrency exchange Garantex Europe OU (Garantex)," the treasury department  said  last week.  "Zhdanova relies on multiple methods of value transfer to move funds internationally. This includes the use of cash and leveraging connections to other international money laundering associates and organizations." It's worth noting that Garantex was  previously sanctioned ...

An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That's according to findings from Kaspersky, which has codenamed the threat  StripedFly , describing it as an "intricate modular framework that supports both Linux and Windows." The Russian cybersecurity vendor, which first detected the samples in 2017, said the miner is part of a much larger entity that employs a custom  EternalBlue SMBv1 exploit  attributed to the Equation Group in order to infiltrate publicly-accessible systems. The malicious shellcode, delivered via the exploit, has the ability to download binary files from a remote Bitbucket repository as well as execute PowerShell scripts. It also supports a collection of plugin-like expandable features to harvest sensitive data and even uninstall itself. The platform's shellcode is injected in the  wininit.exe pro...

Identity and authentication management provider Okta on Friday disclosed that the  recent support case management system breach  affected 134 of its 18,400 customers. It further noted that the unauthorized intruder gained access to its systems from September 28 to October 17, 2023, and ultimately accessed HAR files containing session tokens that could be used for session hijacking attacks. "The threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers," Okta's Chief Security Officer, David Bradbury,  said . Three of those affected include  1Password, BeyondTrust, and Cloudflare . 1Password was the first company to report suspicious activity on September 29. Two other unnamed customers were identified on October 12 and October 18. Okta formally  revealed  the  security event  on October 20, stating that the threat actor leveraged access to a stolen credential to access Okta's support case manageme...

Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety section for Android VPN apps that have undergone a Mobile Application Security Assessment ( MASA ) audit. "We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Nataliya Stanetsky of the Android Security and Privacy Team  said . MASA allows developers to have their apps independently validated against a global security standard such as the Mobile Application Security Verification Standard ( MASVS ), thereby providing more transparency and enabling users to make informed choices prior to downloading them. The efforts are part of Google's broader push to make the Data safety section a  one-stop   shop  that presents a "unified view of app safety," offering details about the kind of data that's being collected, for what purpose, and if it's be...