The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore, more and more security teams are now turning to the emerging category of purpose-built  Browser Security Platform  as the answer to the browser's security challenges. However, as this security solution category is still relatively new, there is not yet an established set of browser security best practices, nor common evaluation criteria. LayerX, the User-First Browser Security Platform, is addressing security teams' need with the downable  Browser Security Checklist ,  that guides its readers through the essentials of choosing the best solution and provides them with an act...

A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy. The state-aligned threat actor is being tracked by Proofpoint under the name  TA444 , and by the larger cybersecurity community as APT38,  BlueNoroff , Copernicium, and Stardust Chollima. TA444 is "utilizing a wider variety of delivery methods and payloads alongside blockchain-related lures, fake job opportunities at prestigious firms, and salary adjustments to ensnare victims," the enterprise security firm  said  in a report shared with The Hacker News. The advanced persistent threat is something of an aberration among state-sponsored groups in that its operations are financially motivated and geared towards generating illicit revenue for the Hermit Kingdom as opposed to espionage and data theft. T...

LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information," GoTo's Paddy Srinivasan  said . Additionally, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted, although there is no evidence that the encrypted databases associated with the two services were exfiltrated. The company did not disclose how many users were impacted, but said it's directly contacting the victims to...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

VMware on Tuesday released software to remediate four security vulnerabilities affecting  vRealize Log Insight  (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway. "An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," the company  said  of the two shortcomings. A third vulnerability relates to a deserialization flaw (CVE-2022-31710, CVSS score: 7.5) that could be weaponized by an unauthenticated attacker to trigger a denial-of-service (DoS...

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation," SentinelOne  said  in an analysis published today. A striking aspect of the intrusions is the consistent use of SparkRAT to conduct a variety of activities, including stealing information, obtaining control of an infected host, or running additional PowerShell instructions. The threat actor's end goals remain unknown as yet, although espionage or cybercrime is likely to be the motive. DragonSpark's ties to China stem from the use of the  China Chopper  web shell to deploy malware – a widely used attack pathway among Chinese threat actors. Furthermore, not only do the open source tools used in the cyber assaults originate from develop...

The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from  Harmony Horizon Bridge  in June 2022. The law enforcement agency attributed the hack to the  Lazarus Group  and APT38 (aka BlueNoroff, Copernicium, and Stardust Chollima), the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber operations. The FBI further stated the Harmony intrusion leveraged an attack campaign dubbed  TraderTraitor  that was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in April 2022. The modus operandi entailed utilizing social engineering tricks to deceive employees of cryptocurrency companies into downloading rogue applications as part of a seemingly benign recruitment effort. "On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to laun...

Vulnerability analysis results in  Orange Cyberdefenses' Security Navigator  show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an Asset, and when a given finding on that Asset was reported. We can call that the finding 'Age'. If the findings first reported are not addressed, they will occur in more scans over time with increasing Age, and so we can track how the Age of reported findings changes over time. As the chart below clearly illustrates, the majority of real findings in our dataset, across all Severity levels, are between 75 and 225 days old. There is a second 'peak' at around 300 days, which we suspect has more to do with the age of the data in the dataset and can therefore be ignored. Finally, there is a fascinating ...

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially  reemerged  in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that's distributed via phishing emails. Attributed to a cybercrime group tracked as  TA542  (aka Gold Crestwood or Mummy Spider), the virus has  evolved  from a banking trojan to a malware distributor since its first appearance in 2014. The malware-as-a-service (MaaS) is also modular, capable of deploying an array of proprietary and freeware components that can exfiltrate sensitive information from compromised machines and carry out other post-exploitation activities. Two latest additions to Emotet's module arsenal comprise an  SMB spreader  that's designed to facilitate lateral...

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as  CVE-2022-42856 , is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November 30, 2022, as part of iOS 16.1.2 update, the patch was subsequently expanded to a broader set of Apple devices with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1," the iPhone maker  said  in an advisory published Monday. To that end, the latest update, iOS 12.5.7, is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Clément Lecigne of Google's Threat Anal...