The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name  CoralRaider , describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia, and Vietnam. "This group focuses on stealing victims' credentials, financial data, and social media accounts, including business and advertisement accounts," security researchers Chetan Raghuprasad and Joey Chen  said . "They use RotBot, a customized variant of Quasar RAT, and XClient stealer as payloads." Other commodity malware used by the group comprises a combination of remote access trojans and information stealers such as  AsyncRAT ,  NetSupport RAT , and Rhadamanthys . The targeting of business and advertisement accounts has been of particular focus for attacke...

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan  said . The email message comes with a malicious link that leverages an open redirect flaw to take the recipients to a link hosting a supposed PDF document, but, in reality, is an image that, upon clicking, downloads a ZIP archive with the stealer payload. Written in C++,  Rhadamanthys  is designed to establish connections with a command-and-control (C2) server in order to harvest sensitive data from the compromised hosts. "This campaign appeared within days of the law enforcement takedown of the LockBit ransomware group," Duncan said. "While this could be a coincidence, Trend Micr...

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed  HTTP/2 CONTINUATION Flood  by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream," CERT/CC  said  in an advisory on April 3, 2024. "An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not be appended to the header list in memory but will still be processed and decoded by the server or will be appended to the header list, causing an out of memory (OOM) crash." Like in HTTP/1, HTTP/2 uses header fields within requests and responses. These  header fields  can comprise header lists, which in turn, are serialized and broken into  header blo...

Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows - CVE-2024-21894  (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in order to crash the service thereby causing a DoS attack. In certain conditions, this may lead to execution of arbitrary code. CVE-2024-22052  (CVSS score: 7.5) - A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in order to crash the service thereby causing a DoS attack. CVE-2024-22053  (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect ...

Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745  - An information disclosure flaw in the bootloader component CVE-2024-29748  - A privilege escalation flaw in the firmware component "There are indications that the [vulnerabilities] may be under limited, targeted exploitation," Google  said  in an advisory published April 2, 2024. While the tech giant did not reveal any other information about the nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS said they "are being actively exploited in the wild by forensic companies." "CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking," they  said  in a series of posts on X (formerly Twitter). "Forensic companies are rebooting devices in After First U...

The U.S. Cyber Safety Review Board ( CSRB ) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland Security (DHS) on Tuesday, found that the intrusion was preventable, and that it became successful due to a "cascade of Microsoft's avoidable errors." "It identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company's centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations," the DHS  said  in a statement. The CSRB also lambasted the tech titan for failing to detect the compromise on its own, instead relying on a customer to reac...

Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials ( DBSC ) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an open web standard, the tech giant's Chromium team said. "By binding authentication sessions to the device, DBSC aims to disrupt the cookie theft industry since exfiltrating these cookies will no longer have any value," the company  noted . "We think this will substantially reduce the success rate of cookie theft malware. Attackers would be forced to act locally on the device, which makes on-device detection and cleanup more effective, both for anti-virus software as well as for enterprise managed devices." The development comes on the back of reports that off-the-shelf information stealing malware are finding ways to steal cookies in a manner that al...