The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Ride hailing giant Uber  disclosed  Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first  reported  the incident.  The company pointed to its tweeted statement when asked for comment on the matter. The hack is said to have forced the company to take its internal communications and engineering systems offline as it investigated the extent of the breach. The publication said the malicious intruder compromised an employee's Slack account, and leveraged it to broadcast a message that the company had "suffered a data breach," in addition to listing internal databases that's supposed to have been compromised. "It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees," the New York Times said. Uber has yet to offer additional details abou...

Gamers looking for cheats on YouTube are being targeted with links to rogue password-protected archive files designed to install crypto miners and information-stealing malware such as RedLine Stealer on compromised machines. "The videos advertise cheats and cracks and provide instructions on hacking popular games and software," Kaspersky security researcher Oleg Kupreev  said  in a new report published today. Games mentioned in the videos are APB Reloaded, CrossFire, DayZ, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Sniper Elite, and Spider-Man, among others. Downloading the self-extracting RAR archive leads to the execution of Redline Stealer, a coin miner, as well as a number of other binaries that enable the bundle's self-propagation. Specifically, this is achieved by means of an open-source C#-based password stealer that's capable of extracting cookies from browsers, which is then used by the operators to gain un...

An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere  said  in a technical write-up shared with The Hacker News. "LNK files, PowerShell, and VBScript enable initial access, while malicious binaries are deployed in the post-infection phase." Active since 2013, Gamaredon – also known as Actinium, Armageddon, Primitive Bear, Shuckworm, and Trident Ursa – has been linked to numerous attacks aimed at Ukrainian entities in the aftermath of Russia's military invasion of Ukraine in late February 2022. The targeted phishing operation, observed as recently as August 2022, also follows similar intrusions  uncovered  by Symantec last month in...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Companies are in the midst of an employee  "turnover tsunami"  with no signs of a slowdown.  According to Fortune Magazine,  40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation - creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide.  At  Davos 2022 , statistics connect the turmoil of the great resignation to the rise of new insider threats. Security teams are feeling the impact. It's even harder to keep up with your employee security. Companies need a fresh approach to close the gaps and prevent attacks. This article will examine what your security teams must do within the new organizational dynamics to quickly and effectively address unique challenges. Handling Your New Insider Threats  Implementing a successful security awareness program is more challenging than ever for your security team—the new b...

A threat actor tracked under the moniker Webworm is taking advantage of bespoke variants of already existing Windows-based remote access trojans to fly under the radar, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans (RATs), including  Trochilus RAT ,  Gh0st RAT , and  9002 RAT ," the Symantec Threat Hunter team, part of Broadcom Software,  said  in a report shared with The Hacker News. The cybersecurity firm said at least one of the indicators of compromise (IOCs) was used in an attack against an IT service provider operating in multiple Asian countries. It's worth pointing out that all the three backdoors are primarily associated with Chinese threat actors such as Stone Panda (APT10), Aurora Panda (APT17), Emissary Panda (APT27), and Judgement Panda (APT31), among others, although they have been put to use by other hacking groups. Symantec said the Webworm...

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked under the names APT35, Charming Kitten, Nemesis Kitten, Phosphorus, and TunnelVision. "This group has launched extensive campaigns against organizations and officials across the globe, particularly targeting U.S. and Middle Eastern defense, diplomatic, and government personnel, as well as private industries including media, energy, business services, and telecommunications," the Treasury  said . The Nemesis Kitten actor, which is also known as  Cobalt Mirage ,  DEV-0270 , and  UNC2448 , has come under the scanner in recent months for its pattern of ransomware attacks for ...

The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting on the network perimeter," researchers from cybersecurity firm Arctic Wolf  said  in a report published this week. "Lorenz exploited  CVE-2022-29499 , a remote code execution vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, to obtain a reverse shell and subsequently used  Chisel  as a tunneling tool to pivot into the environment." Lorenz, like many other ransomware groups, is known for double extortion by exfiltrating data prior to encrypting systems, with the actor targeting small and medium businesses (SMBs) located in the U.S., and to a lesser extent in China and Mexico, since at least February 2021. Calling it an "ever-evolvin...

A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant.  Slovak cybersecurity firm ESET, which detected the malware in the university's network, attributed the backdoor to a nation-state actor dubbed  SparklingGoblin . The unnamed university is said to have been already targeted by the group in May 2020 during the  student protests . "The group continuously targeted this organization over a long period of time, successfully compromising multiple key servers, including a print server, an email server, and a server used to manage student schedules and course registrations," ESET  said  in a report shared with The Hacker News. SparklingGoblin is the name given to a Chinese advanced persistent threat (APT) group with connections to the  Winnti umbrella  (aka APT41, Barium, Earth Baku, or Wicked Panda). It's primarily known for its attacks targ...

Based on the findings of Malwarebytes' Threat Review for 2022, 40 million Windows business computers' threats were detected in 2021. In order to combat and avoid these kinds of attacks, malware analysis is essential. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox. What is malware analysis?  Malware analysis is a process of studying a malicious sample. During the study, a researcher's goal is to understand a malicious program's type, functions, code, and potential dangers. Receive the information organization needs to respond to the intrusion. Results of analysis that you get: how malware works: if you investigate the code of the program and its algorithm, you will be able to stop it from infecting the whole system. characteristics of the program: improve detection by using data on malware like its family, type, version, etc. what is the goal of malware: trigger the sample's...