The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel , a sub-cluster within the infamous Lazarus Group. The similarities stem from the North Korean adversary's prior use of the ERP solution to distribute malware like HotCroissant – which is identical to Rifdoor – in 2017 by inserting a malicious routine into a software update program. In the recent incident analyzed by ASEC, the same executable is said to have been tampered with to execute a DLL file from a specific path using the regsvr32.exe process as opposed to launching a downloader. The DLL file, Xctdoor, is capable of stealing system information, including keystrokes, screenshots, and clipboard conte...

The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from $400,000 in 2023. Separately, RISK & INSURANCE, a leading media source for the insurance industry reported recently that in 2023 the median ransom demand soared to $20 million in 2023 from $1.4 million in 2022, and payment skyrocketed to $6.5 million in 2023 from $335,000 in 2022, much more than 500%. This shocking surge is a testament to the increasing sophistication of cyberattacks and the significant vulnerabilities inherent in outdated security methods. The most significant factor contributing to this trend is a broad reliance on twenty-year-old, legacy Multi-Factor Authentic...

Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be exploited to leak sensitive information from the processors. The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, leverages shortcomings identified in Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to bypass existing defenses and compromise the security of the CPUs. "The Indirect Branch Predictor (IBP) is a hardware component in modern CPUs that predicts the target addresses of indirect branches," the researchers noted . "Indirect branches are control flow instructions whose target address is computed at runtime, making them challenging to predict accurately. The IBP uses a combination of global history and branch address to predict the target address of indirect branches." The idea, at its core, is to identify vulnerabilities in IBP to launch precise Branch T...

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the company's "pay or consent" advertising model is in contravention of the Digital Markets Act ( DMA ). "This binary choice forces users to consent to the combination of their personal data and fails to provide them a less personalized but equivalent version of Meta's social networks," the Commission said . It also noted that companies in gatekeeper roles must seek users' permission to combine their personal data between designated core platform services and other services (e.g., advertising), and that users who refuse to opt in should have access to a less personalized but equivalent alternative. On top of that, Meta's approach does not allow us...

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability , tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. "By exploiting this vulnerability, Velvet Ant successfully executed a previously unknown custom malware that allowed the threat group to remotely connect to compromised Cisco Nexus devices, upload additional files, and execute code on the devices," cybersecurity firm Sygnia said in a statement shared with The Hacker News. Cisco said the issue stems from insufficient validation of arguments that are passed to specific configuration CLI commands, which could be exploited by an adversary by including crafted input as the argument of an affected configuration CLI command. W...

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them," the Australian Federal Police (AFP) said in a press release last week. The agency said the suspect was charged in May 2024 after it launched an investigation a month earlier following a report from an airline about a suspicious Wi-Fi network identified by its employees during a domestic flight. A subsequent search of his baggage on April 19 led to the seizure of a portable wireless access device, a laptop, and a mobile phone. He was arrested on May 8 after a search warrant was executed at his home. The individual is said to have staged what's called an evil twin Wi-Fi attack across various locations, including domestic flig...

A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and macOS applications," E.V.A Information Security researchers Reef Spektor and Eran Vaknin said in a report published today. The Israeli application security firm said the three issues have since been patched by CocoaPods as of October 2023. The project maintainers also reset all user sessions at the time in response to the disclosures. One of the vulnerabilities is CVE-2024-38368 (CVSS score: 9.3), which makes it possible for an attacker to abuse the " Claim Your Pods " process and take control of a package, effectively allowing them to tamper with the source code and int...