The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the  Raccoon Stealer  malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, in what's said to be a Porsche Cayenne, is currently being held in the Netherlands and awaits extradition to the U.S. "Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency," the U.S. Department of Justice (DoJ)  said . "These individuals used various ruses, such as email phishing, to install the malware onto the computers of unsuspecting victims." Sokolovsky is said to have gone by various online monikers like Photix, raccoonstealer, and black21jack77777 on online cybercrime forums to advertise the service for sale. Raccoon Stealer, mainly distributed under the guise of cracked software, is known to be one o...

If you regularly read The Hacker News, there's a fair chance that you know something about  cybersecurity . It's possible to turn that interest into a six-figure career. But to make the leap, you need to pick up some key skills and professional certifications. Featuring nine in-depth courses,  The 2022 Masters in Cyber Security Certification Bundle  helps you get ready for the next step. And in a special reader offer, you can get lifetime access for only $39.99. Special Offer —  This bundle contains nine courses with a total value of $1,800. But for a limited time, you can  get lifetime on-demand access for only $39.99 . That is a massive 97% off MSRP! From penetration testing to  threat analysis , there are thousands of vacant roles in the cybersecurity industry right now. What's more, this trend is set to continue, with experts predicting a  12% growth  within the industry in the remainder of this decade. The really exciting part is that a...

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy. "The FastFire malware is disguised as a Google security plugin, and the FastViewer malware disguises itself as 'Hancom Office Viewer,' [while] FastSpy is a remote access tool based on  AndroSpy ," researchers Lee Sebin and Shin Yeongjae  said . Kimsuky, also known by the names Black Banshee, Thallium, and Velvet Chollima, is believed to be tasked by the North Korean regime with a global intelligence-gathering mission, disproportionately targeting individuals and organizations in South Korea, Japan, and the U.S. This past August, Kaspersky unearthed a previously undocumented infection chain dubbed  GoldDragon  to deploy a Windows backdoor capable o...

The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022.  The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on compromised systems. "The initial 'Advanced IP Scanner' campaign occurred on July 23, 2022," the BlackBerry research and intelligence team  said . "Once the victim installs a Trojanized bundle, it drops RomCom RAT to the system." While previous iterations of the campaign involved the use of trojanized Advanced IP Scanner, the unidentified adversarial collective has since switched to pdfFiller as of October 20, indicating an active attempt on part of the adversary to refine tactics and thwart detection. These lookalike websites host a rogue installer package that r...

A cybercrime group known as  Vice Society  has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using exfiltrated stolen data. "Shifting ransomware payloads over time from  BlackCat ,  Quantum Locker , and  Zeppelin , DEV-0832's latest payload is a Zeppelin variant that includes Vice Society-specific file extensions, such as .v-s0ciety, .v-society, and, most recently, .locked," the tech giant's cybersecurity division  said . Vice Society, active since June 2021, has been steadily observed encrypting and exfiltrating victim data, and threatening companies with exposure of siphoned information to pressure them into paying a ransom. "Unlike other RaaS (Ransomware-as-a-Ser...

Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as  CVE-2020-3153  (CVSS score: 6.5) and  CVE-2020-3433  (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges.  While CVE-2020-3153 was addressed by Cisco in February 2020, a fix for CVE-2020-3433 was shipped in August 2020. "In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild," the networking equipment maker said in an updated advisory. "Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability." The alert comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) moved to add the two flaws to i...

VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library. "Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of 'root' on the appliance," the company  said  in an advisory. In light of the severity of the flaw and its relatively low bar for exploitation, the Palo Alto-based virtualization services provider has also made available a  patch  for end-of-life products. Also addressed by VMware as part of the update is CVE-2022-31678 (CVSS score: 5.3), an XML External Entity ( XXE ) vulnerability that could be exploited to result in a denial-of-service (DoS) condition or unauthorized inf...

A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as  CVE-2022-35737  (CVSS score: 7.5), the 22-year-old issue affects SQLite versions  1.0.12  through 3.39.1, and has been addressed in  version 3.39.2  released on July 21, 2022. "CVE-2022-35737 is  exploitable  on 64-bit systems, and exploitability depends on how the program is compiled," Trail of Bits researcher Andreas Kellas  said  in a technical write-up published today. "Arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases." Programmed in C, SQLite is the most widely used database engine , included by default in Android, iOS, Windows, and macOS, as well as popul...

The  Hive  ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises signed client contracts, agreement documents, as well as other sensitive information such as emails, addresses, phone numbers, passport numbers, taxpayer data, among others. The Mumbai-based firm, which is India's largest integrated power company, is part of the Tata Group conglomerate. Tata Power had previously  disclosed  in a filing with the National Stock Exchange (NSE) of India that an intrusion on the company's IT infrastructure impacted "some of its IT systems." According to  further details  shared by security researcher Rakesh Krishnan, the leak cont...