The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with ransomware. The bogus packages — named " noblox.js-proxy " and " noblox.js-proxies " — were found to impersonate a library called " noblox.js ," a Roblox game API wrapper available on NPM and boasts of nearly 20,000 weekly downloads, with each of the poisoned libraries, downloaded a total of 281 and 106 times respectively. According to Sonatype researcher Juan Aguirre, who  discovered  the malicious NPM packages, the author of noblox.js-proxy first published a benign version that was later tampered with the obfuscated text, in reality, a Batch (.bat) script, in the post-installation JavaScript file. This Batch script, in turn, downloads malicious executables

A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. "These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of the most common threats regularly observed targeting organizations around the world,"  said  researchers with Cisco Talos in a technical write-up. The malspam campaign is believed to have commenced in mid-September 2021 via laced Microsoft Office documents that, when opened, triggers an infection chain that leads to the machines getting infected with a malware dubbed SQUIRRELWAFFLE . Mirroring a technique that's consistent with other phishing attacks of this kind, the latest operation leverages stolen email threads to give it a veil of legitimacy and trick unsuspecting users into opening the attachments. What's more, t

One of the side effects of today's cyber security landscape is the overwhelming volume of data security teams must aggregate and parse. Lean security teams don't have it any easier, and the problem is compounded if they must do it manually. Data and log management are essential for organizations to gain real-time transparency and visibility into security events.  XDR provider Cynet has offered up a new guide ( read it here ) that helps lean organizations understand the importance of centralized log management (CLM). The truth is that even the most well-stocked and staffed teams would have trouble manually handling their log management needs, which is why organizations are increasingly going the automated route.  On top of the efficiency of automation, CLM gives organizations much greater visibility into their environment and security events that impact them. However, the benefits of deploying CLM tools and reducing the level of human intervention in log management and analysis are m

Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs are essentially units of measurement used to quantify the time and effort professionals spend on maintaining and enhancing skills and knowledge in the field of cybersecurity, and they act as points that demonstrate a commitment to staying current. CPEs are best understood in terms of other professions: just like medical, legal and even CPA certifications require continuing education to stay up-to-date on advancements and industry changes, cybersecurity professionals need CPEs to stay informed about the latest hacking tactics and defense strategies. CPE credits are crucial for maintaining certifications issued by various cybersecurity credentialing organizations, such as (ISC)², ISACA, and C

A cyber attack  in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline. Posts and  videos   circulated  on social media showed messages that said, "Khamenei! Where is our gas?" — a reference to the country's supreme leader Ayatollah Ali Khamenei. Other signs read, "Free gas in Jamaran gas station," with gas pumps showing the words "cyberattack 64411" when attempting to purchase fuel, semi-official Iranian Students' News Agency (ISNA) news agency  reported . Abolhassan Firouzabadi, the head of Iran's Supreme Cyberspace Council,  said  the attacks were "probably" state-sponsored but added it was too early to determine which country carried out the intrusions. Although no country or group has so far claimed responsibility for the incident, the attacks mark the second time digital billboards have

Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed  BLINDINGCAN  and  COPPERHEDGE  to attack the defense industry, an IT asset monitoring solution vendor based in Latvia, and a think tank located in South Korea, according to a new  Q3 2021 APT Trends report  published by Kaspersky. In one instance, the supply-chain attack originated from an infection chain that stemmed from legitimate South Korean security software running a malicious payload, leading to the deployment of the BLINDINGCAN and COPPERHEDGE malware on the think tank's network in June 2021. The other attack on the Latvian company in May is an "atypical victim" for Lazarus, the

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The  premium SMS scam  campaign — dubbed " UltimaSMS " — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with most of the fraudulent apps downloaded by users in Egypt, Saudi Arabia, Pakistan, the U.A.E., Turkey, Oman, Qatar, Kuwait, the U.S., and Poland. Although a significant  chunk of the apps  in question has since been removed from the Google Play Store, 82 of them have continued to remain available in the online marketplace as of October 19, 2021. It all starts with the apps prompting users to enter their phone numbers and email addresses to gain access to the advertised features, only to subscribe the victims to premium SM

Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content," Mozilla's Rachel Tublitz and Stuart Colville  said . Because Proxy API can be  used  to proxy web requests, an abuse of the API could enable a bad actor to control the manner Firefox browser connects to the internet effectively. In addition to blocking the extensions to prevent installation by other users, Mozilla said it's pausing on approvals for new add-ons that use the proxy API until the fixes are broadly available. What's more, the California-based non-profit said it'd deployed a system add-on named " Proxy Failover " that ships