The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Ransomware has emerged as the only cryptocurrency-based crime to grow in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis. "Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June," the blockchain analytics firm  said  in a midyear crypto crime report shared with The Hacker News. "If this pace continues, ransomware attackers will extort $898.6 million from victims in 2023, trailing only 2021's $939.9 million." In contrast, crypto scams have pulled in 77% less revenue than they did through June of 2022, largely driven by the abrupt exit of  VidiLook , which paid users VDL tokens in return for watching digital ads that could then be exchanged for large rewards. So have the inflows to illicit addresses associated with malware, darknet markets, child abuse material, and fraud shops. The development, following a  declin...

Artificial intelligence (AI) holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI implementation and discuss measures to minimize damages. Additionally, we will examine regulatory initiatives by countries and ethical frameworks adopted by companies to regulate AI. Security risks  AI phishing attacks Cybercriminals can leverage AI in various ways to enhance their phishing attacks and increase their chances of success. Here are some ways AI can be exploited for phishing: -  Automated Phishing Campaigns:  AI-powered tools can automate the creation and dissemination of phishing emails on a large scale. These tools can generate convincing email content, craft personalized messages, and mimic the writing style of a specific individual, making phishing attempts app...

Microsoft on Tuesday  revealed  that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations, some of which include government agencies, in a cyber espionage campaign designed to acquire confidential data. The attacks, which commenced on May 15, 2023, entailed access to email accounts affecting approximately 25 entities and a small number of related individual consumer accounts. The tech giant attributed the campaign to Storm-0558, describing it as a nation-state activity group based out of China that primarily singles out government agencies in Western Europe. "They focus on espionage, data theft, and credential access," Microsoft  said . "They are also known to use custom malware that Microsoft tracks as Cigril and Bling, for credential access." The breach is said to have been detected a month later on June 16, 2023, after an unidentified customer reported the anomalous email activity to the company. Microsoft sai...

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the  FiveSys rootkit , which came to light in October 2021. "This malicious actor originates from China and their main victims are the gaming sector in China," Trend Micro's Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy  said . "Their malware seems to have passed through the Windows Hardware Quality Labs (WHQL) process for getting a valid signature." Multiple variants of the rootkit spanning eight different clusters have been discovered, with 75 such drivers signed using Microsoft's WHQL program in 2022 and 2023. Trend Micro's analysis of some of the samples has revealed the presence of debug messages in the source code, indicating that the operation is still in the development and te...

A new fileless attack dubbed  PyLoose  has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. "The attack consists of Python code that loads an XMRig Miner directly into memory using  memfd , a known Linux fileless technique," security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad  said . "This is the first publicly documented Python-based fileless attack targeting cloud workloads in the wild." The cloud security firm said it found nearly 200 instances where the attack method was employed for cryptocurrency mining. No other details about the threat actor are currently known other than the fact that they possess sophisticated capabilities. In the infection chain documented by Wiz, initial access is achieved through the exploitation of a publicly accessible Jupyter Notebook service that allowed for the execution of system commands using Python modules. PyLoose , first detected on...

Microsoft on Tuesday released updates to address a total  of 132 new security flaws  spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 132 vulnerabilities, nine are rated Critical, 122 are rated Important in severity, and one has been assigned a severity rating of "None." This is in addition to  eight flaws  the tech giant patched in its Chromium-based Edge browser towards the end of last month. The list of issues that have come under active exploitation is as follows - CVE-2023-32046  (CVSS score: 7.8) - Windows MSHTML Platform Elevation of Privilege Vulnerability CVE-2023-32049  (CVSS score: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2023-35311  (CVSS score: 8.8) - Microsoft Outlook Security Feature Bypass Vulnerability CVE-2023-36874  (CVSS score: 7.8) - Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2023-36884  (CVS...

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an  exhaustive two-part report  shared with The Hacker News. "This is a major threat, as access to the kernel provides complete access to a system, and therefore total compromise." Following responsible disclosure, Microsoft  said  it has taken steps to block all certificates to mitigate the threat. It further stated that its investigation found "the activity was limited to the abuse of several developer program accounts and that no Microsoft account compromise has been identified." The tech giant, besides suspending developer program accounts involved in the incident, emphasized that the threat a...

Discover all the ways MITRE ATT&CK can help you defend your organization. Build your security strategy and policies by making the most of this important framework. What is the MITRE ATT&CK Framework? MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the  tactics, techniques, and procedures (TTPs) used in cyberattacks . Created by the nonprofit organization MITRE, this framework provides security professionals with insights and context that can help them comprehend, identify, and mitigate cyber threats effectively. The techniques and tactics in the framework are organized in a dynamic matrix. This makes navigation easy and also provides a holistic view of the entire spectrum of adversary behaviors. As a result, the framework is more actionable and usable than if it were a static list. The MITRE ATT&CK Framework can be found here:  https://attack.mitre.org/ Loo...

Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate. "Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture," Sysdig security researcher Alessandro Brucato said in a new report shared with The Hacker News. SCARLETEEL was  first exposed  by the cybersecurity company in February 2023, detailing a sophisticated attack chain that culminated in the theft of proprietary data from AWS infrastructure and the deployment of cryptocurrency miners to profit off the compromised systems' resources illegally. A follow-up analysis by Cado Security  uncovered  potential links to a prolific cryptojacking group known as  TeamTNT , although Sysdig told The Hacker News that it "could be...