The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed  RedZei  (aka RedThief). "The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation," cybersecurity researcher Will Thomas (@BushidoToken)  said  in a write-up published last week. The most notable aspect about the operation is the steps taken by the threat actors to bypass steps taken by users to prevent scam calls, using a new pay-as-you-go U.K. phone number for each wave so as to render phone number-based blocking ineffective. Thomas, pointing out the meticulous tradecraft employed by the scammers, said the threat actor alternates between SIMs from several mobile carriers such as Three, O2, EE, Tesco Mobile, and Telia. Indications are that the lucrative RedZei campaign may have started as far back as August 2019, with a report ...

The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a  dependency confusion attack . "PyTorch-nightly Linux packages installed via pip during that time installed a dependency,  torchtriton , which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary," the PyTorch team  said  in an alert over the weekend. PyTorch, analogous to Keras and TensorFlow, is an open source Python-based machine learning framework that was originally developed by Meta Platforms. The PyTorch team said that it became aware of the malicious dependency on December 30, 4:40 p.m. GMT. The supply chain attack entailed uploading the malware-laced copy of a legitimate dependency named torchtriton to the Python Package Index (PyPI) code repository. Since package managers like pip check public cod...

WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web  said  in a report published last week. "As a result, when users click on any area of an attacked page, they are redirected to other sites." The attacks involve weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on a WordPress site, using it to deploy an implant that can target a specific website to further expand the network. It's also capable of injecting JavaScript code retrieved from a remote server in order to redirect the site visitors to an arbitrary website of the attacker's choice. Doctor Web said it identified a second version of the backdoor...

Google has agreed to pay a total of $29.5 million to settle two different lawsuits brought by Indiana and Washington, D.C., over its "deceptive" location tracking practices. The search and advertising giant is required to pay  $9.5 million to D.C.  and  $20 million to Indiana  after the states sued the company for charges that the company tracked users' locations without their express consent. The settlement adds to the  $391.5 million  Google agreed to pay to 40 states over similar allegations two months ago. The company is still facing two more location-tracking lawsuits in  Texas  and  Washington . The lawsuits came in response to revelations in 2018 that the internet company continued to track users' whereabouts on Android and iOS through a setting called  Web & App Activity  despite turning  Location History  options off. Google was also accused of employing  dark patterns , which refer to design choice...

A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The flaws "allowed an attacker within wireless proximity to install a 'backdoor' account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim's LAN," the researcher, who goes by the name Matt Kunze,  disclosed  in a technical write-up published this week. In making such malicious requests, not only could the Wi-Fi password get exposed, but also provide the adversary direct access to other devices connected to the same network. Following responsible disclosure on January 8, 2021, the issues were remediated by Google in April 2021. The problem, in a nutshell, has to do with how the Google Home software architecture can be leveraged to add a rogue Google us...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  two years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The flaws, tracked as  CVE-2018-5430  (CVSS score: 7.7) and  CVE-2018-18809  (CVSS score: 9.9), were addressed by TIBCO in April 2018 and March 2019, respectively. TIBCO  JasperReports  is a Java-based reporting and data analytics platform for creating, distributing, and managing reports and dashboards. The first of the two issues, CVE-2018-5430, relates to an  information disclosure bug  in the server component that could enable an authenticated user to gain read-only access to arbitrary files, including key configurations. "The impact includes the possible read-only access by authenticated users to web application configuration files that contain the credentials used by the server,"...

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are  CVE-2022-27510  and  CVE-2022-27518  (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively. While CVE-2022-27510 relates to an  authentication bypass  that could be exploited to gain unauthorized access to Gateway user capabilities, CVE-2022-27518 concerns a remote code execution bug that could enable the takeover of affected systems. Citrix and the U.S. National Security Agency (NSA), earlier this month,  warned  that CVE-2022-27518 is being actively exploited in the wild by threat actors, including the China-linked APT5 state-sponsored group. Now, according to a  new analysis  from NCC Group's Fox-IT research team, thousands of internet-facing Citri...

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific keywords. The ultimate objective of such attacks is to  trick   unsuspecting   users  into downloading malevolent programs or potentially unwanted applications. In one campaign disclosed by Guardio Labs, threat actors have been observed creating a network of benign sites that are promoted on the search engine, which when clicked, redirect the visitors to a phishing page containing a trojanized ZIP archive hosted on Dropbox or OneDrive. "The moment those 'disguised' sites are being visited by targeted visitors (those who actually click on the promoted search result) the serve...

Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyber attack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies. "With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," BitKeep CEO Kevin Como  said , describing it as a "large-scale hacking incident." According to blockchain security company  PeckShield  and multi-chain blockchain explorer  OKLink , an estimated  $9.9 million  worth of assets have been plundered so far. "Funds stolen are on BNB Chain, Ethereum, TRON and Polygon," BitKeep further  noted  in a series of tweets. "More than 200 addresses on the other three chains were used in the heist, and all funds were transferred to two main addresses in the end." The incident is said to have taken place on December 26, 2022, with the threat actor exploiting ...