The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cloud Security Posture Management (CSPM) and  SaaS Security Posture Management (SSPM)  are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion is understandable. This confusion, though, is dangerous to organizations that need to secure data that exists within cloud infrastructures like AWS, Google Cloud, and Microsoft Azure, as well as data within SaaS applications like Salesforce, Microsoft 365, Google Workspace, Jira, Zoom, Slack and more. Assuming that either your CSPM or SSPM will secure your company resources that live off-premises is misplaced trust in a security tool that was only designed to secure either your cloud or your SaaS stack.  It's absolutely vital for decision makers to understand the difference between CSPM and SSPM, the value derived from each solution, and that both complement each other....

A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control ( GC2 ) amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the  geological  and  geographical-themed  moniker  HOODOO , which is also known by the names  APT41 , Barium, Bronze Atlas, Wicked Panda, and  Winnti . The starting point of the attack is a phishing email that contains links to a password-protected file hosted on Google Drive, which, in turn, incorporates the Go-based GC2 tool to read commands from Google Sheets and exfiltrate data using the cloud storage service. "After installation on the victim machine, the malware queries Google Sheets to obtain attacker commands," Google's cloud division  said  in its sixth Threat Horizons Report. "In addition to exfiltr...

The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes. But did you know that the underground also offers a goldmine of threat intelligence and information that can be harnessed to bolster your cyber defense strategies? The challenge lies in continuously monitoring the right dark web sources and gathering actionable intelligence through manual methods, which can lead to analyst fatigue and delayed action. Traditional methods of unearthing dark web intelligence can be time-consuming, exhausting, and often fruitless. Discover how to pierce the veil of darkness and illuminate the path to a more secure cyber landscape in our exclusive, high-impact webinar. Register now to secure your spot ! In this enlightening session, you will: Gain practical insights on how to access the dark web Uncover the various types of underground sources that threat actors use Learn how ...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in  data exfiltration   methods  like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by security software and/or human-based security detection mechanisms," Palo Alto Networks Unit 42 researcher Ryan Chapman  said . "These methods can also hide within the general operating environment, providing subversion to the threat actor." Vice Society , tracked by Microsoft under the name DEV-0832, is an extortion-focused hacking group that emerged on the scene in May 2021. It's known to rely on ransomware binaries sold on the criminal underground to meet its goals. In December 2022, SentinelOne detailed the group's use of a ransomware variant, dubbed  PolyVi...

A novel credential-stealing malware called  Zaraza bot  is being offered for sale on Telegram while also using the  popular   messaging service  as a command-and-control (C2). "Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs  said  in a report published last week. "Once the malware infects a victim's computer, it retrieves sensitive data and sends it to a Telegram server where the attackers can access it immediately." A 64-bit binary file compiled using C#, Zaraza bot is designed to target as many as 38 different web browsers, including Google Chrome, Microsoft Edge, Opera, AVG Browser, Brave, Vivaldi, and Yandex. It's also equipped to capture screenshots of the active window. It's the latest example of malware that's capable of capturing login credentials associated with online bank accounts, cryptocurrency wallets...

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as  CVE-2023-2033 , the high-severity vulnerability has been described as a  type confusion issue  in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023. "Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,"  according  to the NIST's National Vulnerability Database (NVD). The tech giant  acknowledged  that "an exploit for CVE-2023-2033 exists in the wild," but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors. CVE-2023-2033 also appears to share similarities with  CVE...

The Russia-linked  APT29  (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as  Nobelium , which is known for its high-profile  attack on SolarWinds  in 2020. Nobelium's operations have been attributed to Russia's Foreign Intelligence Service ( SVR ), an organization that's tasked with protecting "individuals, society, and the state from foreign threats." That said, the campaign represents an evolution of the Kremlin-backed hacking group's tactics, indicating  persistent attempts  at improving its cyber weaponry to infiltrate victim systems for intelligence gathering. "New tools were used at the same time and independently of eac...

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages. What's more, the unknown threat actors  attempted to sell  the data dump  comprising 400,635 Kodi users  on the now-defunct  BreachForums  cybercrime marketplace. "MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February," Kodi  said  in an advisory. The threat actors then abused the account to create database backups that were then downloaded and deleted. Also downloaded were existing nightly full backups of the database. The account in question has now been disabled. The nightly backups contained all public forum posts, team forum posts, messages sent through the user-to-user messaging system, and user information such as fo...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963  (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492  (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability "Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed," CISA  said  in an advisory for CVE-2023-20963. Google, in its monthly Android Security Bulletin for March 2023,  acknowledged  "there are indications that CVE-2023-20963 may be under limited, targeted exploitation." The development comes as tech news site Ars Technica  disclosed  late last month that Android apps digitally signed by China's e-commer...