The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in  LockBit ransomware attacks  across the world. The 33-year-old Ontario resident,  Mikhail Vasiliev , has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of five years in prison. Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands, according to a  criminal complaint  filed in the District of New Jersey. A search of the defendant's home in August and October 2022 by Canadian law enforcement unearthed a file stored on a device containing what's suspected to be a list of "prospective or historical" victims as well as screenshots of communications exchanged with "LockBitSupp" on the Tox messaging platform. Also found were a text file with instructions to deploy LockBit ransomware, the malware'...

It's no secret that antivirus software is as essential to your computer as a power cord. However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email.  ESET's latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are built with ESET's signature light footprint for gaming, browsing, shopping and socializing with no interruptions or slowdowns. Introducing enhanced security for Windows, Mac and Android For more than 30 years, ESET® has created industry-leading IT security software and services, protecting businesses worldwide from ever-evolving digital threats.  ESET's solutions for consumers use the same advanced technologies. By protecting your digital life, ESET delivers real-world protection against criminals trying to steal your identity, hack your bank account or lock down your com...

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored  Sandworm group . The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called  Prestige  and is said to have taken place within an hour of each other across all victims. The Microsoft Threat Intelligence Center (MSTIC) is now tracking the threat actor under its element-themed moniker Iridium (née DEV-0960), a Russia-based group that's publicly tracked by the name Sandworm (aka Iron Viking, TeleBots, and Voodoo Bear). "This attribution assessment is based on forensic artifacts, as well as overlaps in victimology, tradecraft, capabilities, and infrastructure, with known Iridium activity," MSTIC  said  in an update. The company also further assessed the group to have orchestrated comp...

Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers," Trend Micro  said  in a report published this week. Some of the targeted banks include Axis Bank, ICICI Bank, and the State Bank of India (SBI), among others. The infection chains all have a common entry point in that they rely on SMS messages containing a phishing link that urge potential victims to enter their personal details and credit card information to supposedly get a tax refund or gain credit card reward points. The smishing attacks, which deliver Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy, are just the latest in a series of similar rewards-themed malware campaigns that have been documented by  Microsoft, Cyble , and  K...

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as  CVE-2022-20465  and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's  monthly Android update  for November 2022. "The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user's device," Schütz, who was awarded $70,000 for the lock screen bypass,  said  in a write-up of the flaw. The problem, per the researcher, is rooted in the fact that lock screen protections are completely defeated when following a specific sequence of steps - Supply incorrect fingerprint three times to disable biometric authentication on the locked device Hot swap  the SIM card in the device with an attacker-controlled SIM that has a PIN code set up Enter incorre...

A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files. The package in question, named " apicolor ," was uploaded to the Python third-party repository on October 31, 2022, and described as a "Core lib for REST API," according to Israeli cybersecurity firm  Check Point . It has since been  taken down . Apicolor, like other  rogue packages  detected recently, harbors its malicious behavior in the setup script used to specify metadata associated with the package, such as its dependencies. This takes the form of a second package called "judyb" as well as a seemingly harmless PNG file ("8F4D2uF.png") hosted on Imgur, an image-sharing service. "The judyb code turned out to be a steganography module, responsible [for] hiding and revealing hidden messages inside pictures," Check Point explained. The attack chain entails using the judy...

Cybersecurity Awareness Month has been going on since 2004. This year,  Cybersecurity Awareness Month  urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways:  The public, by taking action to stay safe online. Professionals, by joining the cyber workforce. Cyber industry partners, as part of the cybersecurity solution. CISA outlined four "things you can do" to stay safe online for individuals and families, including updating their software, thinking before they click, using strong passwords, and enabling multifactor authentication on sensitive accounts. The industry has been teaching security tips to employees and the public for a long time. With so much repetitive media and education on cyber awareness in the rearview mirror, the returning October focus weighs on many. Here's a roundup of reactions to cyber month and traction from this year's themes and messaging which should tell us if there's ...

Citrix has released  security updates  to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations. CVE-2022-27510  - Unauthorized access to Gateway user capabilities CVE-2022-27513  - Remote desktop takeover via phishing CVE-2022-27516  - User login brute-force protection functionality bypass The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws - Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47  Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12  Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 Citrix ADC 12.1-FIPS before 12.1-55.289 Citrix ADC 12.1-NDcPP befor...