#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

ChatGPT is Back in Italy After Addressing Data Privacy Concerns

ChatGPT is Back in Italy After Addressing Data Privacy Concerns

Apr 29, 2023 Data Safety / Privacy / AI
OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the  data protection authority's demands  ahead of April 30, 2023, deadline. The development was  first reported  by the Associated Press. OpenAI's CEO, Sam Altman,  tweeted , "we're excited ChatGPT is available in [Italy] again!" The reinstatement comes following Garante's decision to  temporarily block  access to the popular AI chatbot service in Italy on March 31, 2023, over concerns that its practices are in violation of data protection laws in the region. Generative AI systems like ChatGPT and Google Bard primarily rely on huge amounts of information freely available on the internet as well as the data its users provide over the course of their interactions. OpenAI, which published a  new FAQ , said it filters and removes information such as hate speech, adult content, sites that primarily aggregate personal information, and spam. It also em...
New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Apr 28, 2023 Endpoint Security / Cryptocurrency
Threat actors are advertising a new information stealer for the Apple macOS operating system called  Atomic macOS Stealer  (or AMOS) on Telegram for $1,000 per month, joining the likes of  MacStealer . "The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password," Cyble researchers  said  in a technical report. Among other features include its ability to extract data from web browsers and cryptocurrency wallets like Atomic, Binance, Coinomi, Electrum, and Exodus. Threat actors who purchase the stealer from its developers are also provided a ready-to-use web panel for managing the victims. The malware takes the form of an unsigned disk image file (Setup.dmg) that, when executed, urges the victim to enter their system password on a bogus prompt to escalate privileges and carry out its malicious acti...
Why Your Detection-First Security Approach Isn't Working

Why Your Detection-First Security Approach Isn't Working

Apr 28, 2023 Endpoint Detection and Response
Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why  attacks increased dramatically in the past year  yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly than organizations can update their protections.  Relying on malware signatures and blocklists against these rapidly changing attacks has become futile. As a result, the SOC toolkit now largely revolves around threat detection and investigation. If an attacker can bypass your initial blocks, you expect your tools to pick them up at some point in the attack chain. Every organization's digital architecture is now seeded with security controls that log anything potentially malicious. Security analysts pore through these logs and determine what to investigate further. Does this wor...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Find and Fix the Gaps in Your Security Tools

websitePrelude SecuritySecurity Control Validation
Connect your security tools for 14-days to find missing and misconfigured controls.
Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now

Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now

Apr 28, 2023 Network Security / Vulnerability
Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as  CVE-2023-28771 , is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security have been credited with reporting the flaw. "Improper error message handling in some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device," Zyxel  said  in an advisory on April 25, 2023. Products impacted by the flaw are - ATP (versions ZLD V4.60 to V5.35, patched in ZLD V5.36) USG FLEX (versions ZLD V4.60 to V5.35, patched in ZLD V5.36) VPN (versions ZLD V4.60 to V5.35, patched in ZLD V5.36), and ZyWALL/USG (versions ZLD V4.60 to V4.73, patched in ZLD V4.73 Patch 1) Zyxel has also  addressed  a high-severity post-authentication command injection vulnerability affecting...
ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

Apr 28, 2023 Data Security / Malware
A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called  ViperSoftX . ViperSoftX was first documented by Fortinet in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that  leveraged  the malware to distribute a malicious Google Chrome extension capable of siphoning cryptocurrencies from wallet applications. Now a  new analysis  from Trend Micro has revealed the malware's adoption of "more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking." The arrival vector of ViperSoftX is typically a software crack or a key generator (keygen), while also employing actual non-malicious software like multimedia editors and system cleaner apps as "carriers." One of the key steps performed by the malware before downloading a first-stage Po...
Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!

Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!

Apr 28, 2023 Online Security / Website Hacking
An ongoing  Magecart  campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at Malwarebytes,  said . "The remarkable thing here is that the skimmer looks more authentic than the original payment page." The term  Magecart  is a catch-all that refers to several cybercrime groups which employ online skimming techniques to steal personal data from websites – most commonly, customer details and payment information on e-commerce websites. The name originates from the groups' initial targeting of the Magento platform. According to  data  shared by Sansec, the first Magecart-like attacks were observed as early as 2010. As of 2022, more than ...
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions

Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions

Apr 28, 2023 Malware / Cyber Threat
South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the  Tonto Team . "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center (ASEC)  said  in a report published this week. Tonto Team, active since at least 2009, has a track record of targeting various sectors across Asia and Eastern Europe. Earlier this year, the group was  attributed  to an unsuccessful phishing attack on cybersecurity company Group-IB. The attack sequence discovered by ASEC starts with a Microsoft Compiled HTML Help (.CHM) file that executes a binary file to side-load a malicious DLL file (slc.dll) and launch  ReVBShell , an open source VBScript backdoor also put to use by another Chinese threat actor called  Tick . ReVBShell is subs...
Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Apr 27, 2023 Botnet / Cyber Crime
Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called  CryptBot  and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau  said  the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers in 2022 with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was  first discovered  in the wild in December 2019. The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as...
Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan

Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan

Apr 27, 2023 Cyber Espionage
A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed  Paperbug  by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as  Nomadic Octopus  (aka DustSquad). "The types of compromised machines range from individuals' computers to [operational technology] devices," PRODAFT said in a deep dive technical report shared with The Hacker News. "These targets make operation 'Paperbug' intelligence-driven." The ultimate motive behind the attacks is unclear at this stage, but the cybersecurity firm has raised the possibility that it could be the work of opposition forces within the country or, alternatively, an intelligence-gathering mission carried out by Russia or China. Nomadic Octopus first came to light in October 2018 w...
Expert Insights Articles Videos
Cybersecurity Resources