The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as  Storm Cloud , cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, as a "feature-rich, multi-platform malware family that uses public cloud hosting services (such as Google Drive) for command-and-control (C2) channels." The cybersecurity firm said it recovered the sample through memory analysis of a compromised MacBook Pro running macOS 11.6 (Big Sur) as part of an intrusion campaign that took place in late 2021. "Storm Cloud is an advanced and versatile threat actor, adapting its tool set to match different operating systems used by its targets," Volexity researchers Damien Cash, Steven Adair, and Thomas Lancaster  said  in a report. "They make use of built-in operating system utilities, open-source to...

A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions. XDR has been referred to as the next step in the evolution of Endpoint Detection and Response (EDR) solutions. Because XDR represents a new solution category, there is no single accepted definition of what capabilities and features should (and shouldn't) be included. Each provider approaches XDR with different strengths and perspectives on how what an XDR solution should include. Therefore, selecting an XDR provider is quite challenging as organizations must organize and prioritize a wide range of capabilities that can differ significantly between providers. Cynet is now addressing this need with the Definitive RFP Template for XDR solutions ( download here ), ...

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.  According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted  Glupteba botnet  as well as the infamous TrickBot malware were all distributed using the same command-and-control (C2) server. "The C2 server serves as a botnet-as-a-service controlling nearly 230,000 vulnerable MikroTik routers," Avast's senior malware researcher, Martin Hron,  said  in a write-up, potentially linking it to what's now called the Mēris botnet. The botnet is known to exploit a known vulnerability in the Winbox component of MikroTik routers ( CVE-2018-14847 ), enabling the attackers to gain unauthenticated, remote administrative access to any affected device. Parts of the Mēris botnet were  sinkholed  in late  September 2021 . ...

Microsoft on Tuesday  confirmed  that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. "No customer code or data was involved in the observed activities," Microsoft's Threat Intelligence Center (MSTIC) said, adding that the breach was facilitated by means of a single compromised account that has since been remediated to prevent further malicious activity. The Windows maker, which was already tracking the group under the moniker DEV-0537 prior to the public disclosure,  said  it "does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk." "This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact," the company's security ...

Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang. The development, which was first reported by  Vice  and  Reuters , comes after the cyber criminal group posted screenshots and source code of what it said were the companies' internal projects and systems on its Telegram channel. The leaked 37GB archive shows that the group may have accessed the repositories related to Microsoft's Bing, Bing Maps, and Cortana, with the  images  highlighting Okta's Atlassian suite and in-house Slack channels. "For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor," the hacking cartel wrote on Telegram. On top of this, the group alleged that it breached LG Electronics (LGE) for the "second time" in a year. Bill Demirkapi, an independent security researcher,  noted  ...

Back in 2018, Palo Alto Networks CTO and co-founder Nir Zuk coined a new term to describe the way that businesses needed to approach cybersecurity in the years to come. That term, of course, was extended detection and response (XDR). It described a unified cybersecurity infrastructure that brought endpoint threat detection, network analysis and visibility (NAV), access management, and more under a single roof to find and neutralize digital threats in real-time. And Zuk's vision of XDR proved prophetic. In the years since he coined the phrase, platforms leveraging the XDR model have emerged as the de-facto leaders of the business cybersecurity industry. But their scale and complexity put them in a product class that's just out of reach for some enterprises. Fortunately, the open-source community — as it often does — has filled the XDR void with an affordable product — because it's totally free. It's called  Wazuh , and it provides enterprises the tools they need to bu...

The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for  economic sanctions  imposed by the west on the country following its  military assault on Ukraine  last month. "It's part of Russia's playbook," U.S. President Joe Biden  said  in a  statement , citing "evolving intelligence that the Russian Government is exploring options." The development comes as the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned of "possible threats" to U.S. and international satellite communication (SATCOM) networks in the wake of a cyber attack targeting  Viasat KA-SAT network , used extensively by the Ukrainian military, roughly around the time when Russian armed forces invaded Ukraine on February 24. "Successful intrusions into SATCOM networks could create risk in SATCOM network providers' customer environments," the agencies  said . T...

Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's  InsydeH2O  and HP Unified Extensible Firmware Interface ( UEFI ). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2 out of 10 on the CVSS scoring system. "The active exploitation of all the discovered vulnerabilities can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement," firmware security company Binarly, which discovered the latter three flaws,  said  in a write-up. "The remote device health attestation solutions will not detect the affected systems due to the design limitations in visibility of the firmware runtime." All the flaws relate to improper input v...