The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022 that combines both spyware and banking trojan characteristics. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public," ThreatFabric  said  in a report shared with The Hacker News. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions." Some of the notable institutions that are impersonated by the malware include Deutsche Bank, HSBC U.K., Kotak Mahindra Bank, and Nubank. SpyNote (aka SpyMax) is feature-rich and comes with a plethora of capabilities that allows it to install arbitrary; gather SMS messages, calls, videos, and audio recordings; track GPS locations; and even hinder efforts to uninstall the app. It also follows the modus operandi of other  banking   malware  by requesting f...

The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there are very few organizations in which these practices are truly enforced. This puts security teams in the worst position, where exposure to compromise is almost certain, but pinpointing the users who created this exposure is almost impossible.  To assist them throughout this challenging time, Browser Security solution LayerX has launched a free offering of its platform, enabling security teams to gain visibility into all browsers on which the LastPass extension is installed and mitigate the potential impacts of the LastPass breach on their environments by informing vulnerable users and requi...

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected to be shared in the coming days. "Immediately rotate any and all secrets stored in CircleCI," CircleCI's chief technology officer, Rob Zuber,  said  in a terse advisory. "These may be stored in project environment variables or in contexts." CircleCI is also recommending users to review internal logs for signs of any unauthorized access starting from December 21, 2022, to January 4, 2023, or until when the secrets are rotated. The software development service did not disclose any further specifics about the breach, but said it has also invalidated all  Project API tokens  and that they need to be replaced. The disclosure comes weeks after the company anno...

The notorious information-stealer known as  Vidar  is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. "When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated," AhnLab Security Emergency Response Center (ASEC) disclosed in a technical analysis  published  late last month. "Threat actors write identifying characters and the C2 address in parts of this page." In other words, the technique relies on actor-controlled throwaway accounts created on social media to retrieve the C2 address. An advantage to this approach is that should the C2 server be taken down or blocked, the adversary can trivially get around the restrictions by setting up a new server and editing the account pages to allow the previously distributed malware to communicate with the server. Vidar, first identified in 2018, is a  co...

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests," the company  said  in an advisory. The vulnerability, tracked as CVE-2022-39947 (CVSS score: 8.6) and internally discovered by its product security team, impacts the following versions - FortiADC version 7.0.0 through 7.0.2 FortiADC version 6.2.0 through 6.2.3 FortiADC version 6.1.0 through 6.1.6 FortiADC version 6.0.0 through 6.0.4 FortiADC version 5.4.0 through 5.4.5 Users are recommended to upgrade to FortiADC versions 6.2.4 and 7.0.2 as and when they become available. The  January 2023 patches  also address a number of command injection vulnerabilit...

The Irish Data Protection Commission (DPC) has  fined  Meta Platforms €390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines – a €210 million ($222.5 million) fine over violations of the E.U. General Data Protection Regulation ( GDPR ) related to Facebook, and a €180 million ($191 million) for similar violations in Instagram. The latest enforcement comes in the wake of concerns that the social media company used its Terms of Service to gain users' forced consent to allow targeted advertising based on their online activity. The complaints were filed on May 25, 2018, the date when GDPR came into effect in the region. It also arrives a month after the European Data Protection Board (EDPB), an independent body that oversees the consistent application of GDPR in the E.U.,  announced  that i...

Qualcomm on Tuesday  released patches  to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of flaws is as follows - CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520  (CVSS scores: 8.4) - Memory corruption in Core due to  stack-based buffer overflow CVE-2022-40518 & CVE-2022-40519  (CVSS scores: 6.8) - Information disclosure due to  buffer over-read  in Core Stack-based buffer overflow vulnerabilities can result in severe impacts, such as data corruption, system crashes, and arbitrary code execution. Buffer over-reads, on the other hand, can be weaponized to read out-of-bounds memory, leading to the exposure of secret data. Successful explo...

Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the internet's most severe security crisis. The Ransomware Landscape Ransomware has existed for more than 30 years, but it became a lucrative source of income for cyber actors and gangs in the past decade. Since 2015, ransomware gangs have been targeting organizations instead of individuals. Consequently, ransom sums have increased significantly, reaching millions of dollars. Ransomware is effective because it pressures victims in two, complementary ways. First, by threatening victims to destroy their data. Second, by threatening to publicize the attack. The s...

A new Linux malware developed using the shell script compiler ( shc ) has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center (ASEC)  said  in a report published today. shc allows shell scripts to be converted directly into binaries, offering protections against unauthorized source code modifications. It's analogous to the  BAT2EXE utility  in Windows that's used to convert any batch file to an executable. By using shc to generate ELF files, the idea is to protect the malicious shell commands from being inspected and potentially bypass detection by security software as the executables are encoded using the RC4 algorithm . In an attack chain detailed by the South Korean cybersecurity firm, a successful compromise of the SSH ser...