The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and public health (HPH), government, information technology, engineering, and energy sectors," the agencies said in a joint advisory. The attacks have targeted healthcare, government, information technology, engineering, and energy sectors, per the Australian Federal Police (AFP), the Australian Signals Directorate's Australian Cyber Security Centre (ACSC), the Communications Security Establishment Canada (CSE), the U.S. Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA). Another notable tactic out...

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. "This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems," French cybersecurity company Sekoia said in a report shared with The Hacker News. Variations of the ClickFix (aka ClearFake and OneDrive Pastejacking) campaign have been reported widely in recent months , with threat actors employing different lures to redirect users to bogus pages that aim to deploy malware by urging site visitors to run an encoded PowerShell code to address a supposed issue with displaying content in the web browser. These pages are known to masquerade as popular online services, including Facebook, Google Chrome, PDFSimpli, and reCAPTCHA, and now Google Meet as well as potentially Zoom - meet.googl...

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133 (CVSS score: 5.5). It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code. HM Surf "involves removing the TCC protection for the Safari browser directory and modifying a configuration file in the said directory to gain access to the user's data, including browsed pages, the device's camera, microphone, and location, without the user's consent," Jonathan Bar Or of the Microsoft Threat Intelligence team said . Microsoft said the new protections are limited to Apple's Safari browser, and that it's working with other major browser vendors to further explore the benefits of hardening local configuration file...

The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This version is loaded directly from the registry into memory and uses a loopback address to communicate with its loader," security researchers Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer, and Vitor Ventura noted . RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has engaged in multi-motivational operations such as ransomware, extortion, and targeted credential gathering since its emergence in 2022. It's been assessed that the operational tempo of their attacks has increased in recent months with an aim to set up long-term persisten...

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an advertisement, calling for new partners into its affiliate program. "Within the dashboard of the Affiliates' panel of Cicada3301 ransomware group contained sections such as Dashboard, News, Companies, Chat Companies, Chat Support, Account, an FAQ section, and Log Out," researchers Nikolay Kichatov and Sharmine Low said in a new analysis published today. Cicada3301 first came to light in June 2024, with the cybersecurity community uncovering strong source code similarities with the now-defunct BlackCat ransomware group. The RaaS scheme is estimated to have compromised no less th...

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised identities, including cloud and SaaS credentials. Given this reality, IT security leaders need practical and effective  SaaS security solutions  designed to discover and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowing the full scope of SaaS apps in use is the foundation of a modern IT governance program. Without an understanding of your entire SaaS footprint, you cannot say with confidence where your corporate IP is stored (Did someone sync their desktop to Dropbox?), you cannot make assumptions about your customer da...

An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder , which is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04. "The group may be perceived as a low-skilled actor due to the use of public exploits, malicious LNK files and scripts as infection vectors, and the use of public RATs, but their true capabilities only become apparent when you carefully examine the details of their operations," Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov said . Targets of the attacks include government and military entities, logistics, infrastructure and telecommunications companies, financial institutions, universities, and oil trading companies located in Bangladesh, Djibouti, Jordan, Malaysia, the...