The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Romanian law enforcement authorities have  announced  the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history. The suspects are believed to have  orchestrated  more than 5,000 ransomware attacks and extorted close to $600,000 from victims, according to Europol. The arrests, which happened on November 4, are part of a coordinated operation called GoldDust , which has resulted in the arrest of three other REvil affiliates and two suspects connected to GandCrab in Kuwait and South Korea since February 2021. This also includes a 22-year-old Ukrainian national, Yaroslav Vasinskyi, who was arrested in early October and has been accused of perpetrating the  devastating attack  on Florida-based software firm Kaseya in July 2021, affecting up to 1,500 downstream businesses. In all, the seven suspects linked to the two ransomware families are said to ...

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a  recently patched critical vulnerability  in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor. "The actor heavily relies on the Godzilla web shell, uploading several variations of the open-source web shell to the compromised server over the course of the operation," researchers from Palo Alto Networks' Unit 42 threat intelligence team  said  in a report. "Several other tools have novel characteristics or ha...

A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns. BlackBerry's research and intelligence team dubbed the entity " Zebra2104 ," with the group responsible for offering a means of a digital approach to ransomware syndicates such as MountLocker and Phobos, as well as the advanced persistent threat (APT) tracked under the moniker  StrongPity  (aka Promethium). The threat landscape as we know it has been increasingly dominated by a category of players known as the initial access brokers ( IABs ), who are known to provide other cyber-criminal groups, including ransomware affiliates, with a  foothold to an infinite pool of potential organizations  belonging to diverse geographies and sectors via persistent backdoors into the victim networks, effectively building a pricing model for remote access...

If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your security objectives. What is penetration testing? Penetration testing, commonly referred to as "pen testing," is a technique that simulates real-life attacks on your IT systems to find weaknesses that could be exploited by hackers. Whether to comply with security regulations such as ISO 27001, gain customer and 3rd party trust, or achieve your own peace of mind, penetration testing is an effective method used by modern organizations to strengthen their cyber security posture and prevent data breaches.  Read about the different types of penetration testing to find out which type you can benefit from the most: Network penetration testing As the name suggests, a network penetra...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive personal data from patient databases. "Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted from Tasy's database, give unauthorized access, or create a denial-of-service condition," CISA  said  in a medical bulletin issued on November 4. Used by over 950 healthcare institutions primarily in Latin America, Philips Tasy EMR is designed as an  integrated healthcare informatics  solution that enables centralized management of clinical, organizational and administrative processes, including incorporating analytics, billing, and inventory and supply management for medical prescriptions. The  SQL injection  flaws — CVE-2021-39375 and CVE-2021-39376 — affect Tas...

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts. The two libraries in question are " coa ," a parser for command-line options, and " rc ," a configuration loader, both of which were  tampered  by an  unidentified threat actor  to include "identical" password-stealing malware. All versions of coa starting with 2.0.3 and above — 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1, and 3.1.3 — are impacted, and users of the affected versions are advised to downgrade to 2.0.2 as soon as possible and check their systems for suspicious activity, according to a GitHub advisory  published  on November 4. In a similar vein, versions 1.2.9, 1.3.9, and 2.3.9 of rc have been found laced with malware, with an  independent alert  ...

Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in digital intrusions attributed to a cyber-espionage group named Gamaredon , linking the members to Russia's Federal Security Service (FSB). Calling the hacker group "an FSB special project, which specifically targeted Ukraine," the Security Service of Ukraine (SSU)  said  the perpetrators "are officers of the 'Crimean' FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014." The names of the five individuals the SSU alleges are part of the covert operation are Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych, and Sushchenko Oleh Oleksandrovych. Since its inception in 2013, the Russia-linked  Gamaredon  group (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) has been re...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  published  a  catalog  of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "aggressive" timeframes. "These vulnerabilities pose significant risk to agencies and the federal enterprise," the agency  said  in a binding operational directive (BOD) issued Wednesday. "It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents." About 176 vulnerabilities identified between 2017 and 2020, and 100 flaws from 2021 have made their way to the initial list, which is expected to be updated with additional actively exploited vulnerabilities as and when they become known provided they have been assigned Common Vu...

The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands. On top of that, the State Department is offering bounties of up to $5 million for intel and tip-offs that could result in the arrest and/or conviction in any country of individuals who are conspiring or attempting to participate in intrusions affiliated with the transnational organized crime syndicate. "In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals," the State Department  said  in a statement. "The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware." The development comes in response to DarkSide's high-pr...