The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A new phishing-as-a-service (PhaaS or PaaS) platform named  Greatness  has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates highly convincing decoy and login pages," Cisco Talos researcher Tiago Pereira  said . "It contains features such as having the victim's email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization's real Microsoft 365 login page." Campaigns involving Greatness have mainly manufacturing, health care, and technology entities located in the U.S., the U.K., Australia, South Africa, and Canada, with a spike in activity detected in December 2022 and March 2023. Phishing kits like Greatness offer t...

Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the  XWorm malware  on targeted systems. Securonix, which is tracking the activity cluster under the name  MEME#4CHAN , said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany. "The attack campaign has been leveraging rather unusual meme-filled PowerShell code, followed by a heavily obfuscated XWorm payload to infect its victims," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new analysis shared with The Hacker News. The report builds on  recent findings  from Elastic Security Labs, which revealed the threat actor's reservation-themed lures to deceive victims into opening malicious documents capable of delivering XWorm and Agent Tesla payloads. The attacks begin with phishing attacks to distribute decoy Microsoft Word documents that, instead of using macr...

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. "Successful exploits could allow attackers to monitor users' internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into network traffic," Claroty security researcher Uri Katz  said  in a report. Additionally, a network-adjacent threat actor could also weaponize the flaws to access and control networked smart devices like security cameras, thermostats, smart locks; tamper with router settings, and even use a compromised network to launch attacks against other devices or networks. The list of flaws, which were  demonstrated  at the Pwn2Own hacking competition held at Toronto in December 2022, is as follows - CVE-2023-27357 (CVSS score: 6.5) - Missing Authentication Information Disclosure Vulnerability CVE-2023-27368 (CVSS score: 8.8) - Stack-based B...

A previously undocumented and mostly undetected variant of a Linux backdoor called  BPFDoor  has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. " BPFDoor  retains its reputation as an extremely stealthy and difficult-to-detect malware with this latest iteration," security researchers Shaul Vilkomir-Preisman and Eliran Nissan said . BPFDoor (aka JustForFun), first documented by  PwC  and  Elastic Security Labs  in May 2022, is a passive Linux backdoor associated with a Chinese threat actor called  Red Menshen (aka  DecisiveArchitect  or Red Dev 18), which is known to single out telecom providers across the Middle East and Asia since at least 2021. The malware is specifically geared towards  establishing persistent remote access  to compromised target environments for extended periods of time, with evidence pointing to the hacking crew operating the backdoor undetec...

In today's interconnected world, where organisations regularly exchange sensitive information with customers, partners and employees, secure collaboration has become increasingly vital. However, collaboration can pose a security risk if not managed properly. To ensure that collaboration remains secure, organisations need to take steps to protect their data. Since collaborating is essential for almost any team to succeed, shouldn't you be able to do it securely? Whether you're sharing a Wi-Fi password, a social media account, or the passwords to a financial account, you deserve peace of mind. The risks of not protecting your sensitive data can be disastrous, from data breaches and reputational damage to legal ramifications and financial loss. But let's face it: Secure collaboration can be a real nightmare. Challenges of Secure Collaboration and Password Sharing It's another day in the office, and your team needs to share a ridiculous amount of sensitive informati...

U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the  Bl00dy Ransomware Gang  that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) said in a joint cybersecurity advisory issued Thursday. "The Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to  CVE-2023-27350  were exposed to the internet," the agencies  said . "Ultimately, some of these operations led to data exfiltration and encryption of victim systems. The Bl00dy Ransomware Gang left ransom notes on victim systems demanding payment in exchange for decryption of encrypted files." Additionally, the Bl00dy actors are said to have used TOR and other proxies from within vic...

A security vulnerability has been disclosed in the popular WordPress plugin  Essential Addons for Elementor  that could be potentially exploited to achieve elevated privileges on affected sites. The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that was shipped on May 11, 2023. Essential Addons for Elementor has over one million active installations. "This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site," Patchstack researcher Rafie Muhammad  said . Successful exploitation of the flaw could permit a threat actor to reset the password of any arbitrary user as long as the malicious party is aware of their username. The shortcoming is believed to have existed since version 5.4.0. This can have serious ramifications as the flaw could be weaponized to reset the password associated with an admi...

A previously undetected advanced persistent threat (APT) actor dubbed  Red Stinger  has been linked to attacks targeting Eastern Europe since 2020. "Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the  September East Ukraine referendums ," Malwarebytes disclosed in a  report  published today. "Depending on the campaign, attackers managed to exfiltrate snapshots, USB drives, keyboard strokes, and microphone recordings." Red Stinger overlaps with a threat cluster Kaspersky revealed under the name  Bad Magic  last month as having targeted government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea last year. While there were indications that the APT group may have been active since at least September 2021, the latest findings from Malwarebytes push the group's origins back by nearly a year, with the first operation taking place in Decemb...

According to Forrester, External Attack Surface Management (EASM) emerged as a market category in 2021 and gained popularity in 2022. In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include  Attack Surface Management (ASM)  for a suite of comprehensive offensive security solutions. Recognition from global analysts has officially put ASM on the map, evolving the way security leaders approach their cybersecurity.  Why Now is the Right Time for Attack Surface Management  Businesses today rely more on digital assets than ever before. Shifts over time include more use of the cloud, an increase in remote workforces, and greater expansion of digital assets in part because of mergers and acquisitions. This resulted in an expansion of both known and unknown attack surfaces that businesses manage, presenting a greater number of pathways for malicious actors to gain entry to an environment.  Consider thi...