The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. "In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," cybersecurity and intelligence agencies from the Five Eyes nations, which comprises Australia, Canada, New Zealand, the U.K., and the U.S.,  said  in a joint alert. The continued weaponization of  CVE-2018-13379 , which was also one among the most exploited bugs in  2020  and  2021 , suggests a failure on the part of organizations to apply patches in a timely manner, the authorities said. "Malicious cyber actors likely prioritize developing exploits for severe and globally prevalent CVEs," according to the advisory. "While sophisticated actors also develop tools to exploit other vulnerabilities, developing exploits for...

Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users. "Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team (GCAT)  s aid  in its August 2023 Threat Horizons Report shared with The Hacker News. While versioning is not a new phenomenon, it's sneaky and hard to detect. In this method, a developer releases an initial version of an app on the Play Store that passes Google's pre-publication checks, but is later updated with a malware component. This is achieved by pushing an update from an attacker-controlled server to serve malicious code on the end user device using a method called dynamic code loading (DCL), effectively turning the app into a backdoor. Earlier this May, ESET  discovered  a screen recording app named "iRecorder - Screen Recorder" that remained innocuous for nearly a year after it was first ...

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive  Browser Security RFP Template . " This resource helps streamline the process of evaluating and procuring browser security platforms. It provides organizations with a standardized approach to enhance their security posture by protecting the key employee workspace - the browser. The Importance of a Standardized RFP Template The RFP (Request for Proposal) template offers numerous advantages for organizations seeking robust browser security solutions. By promoting standardization, the RFP template ensures a consistent structure and format for proposals, saving time and effort for both the procurement team and vendors. Moreover, it facilitates clear and specific instructions to vendors, resulting in higher-qualit...

Cybersecurity researchers have discovered a new version of malware called  Rilide  that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the  Chrome Extension Manifest V3 , and additional features such as the ability to exfiltrate stolen data to a Telegram channel or interval-based screenshot captures," Trustwave security researcher Pawel Knapczyk  said  in a report shared with The Hacker News. Rilide was  first documented  by the cybersecurity company in April 2023, uncovering two different attack chains that made use of Ekipa RAT and Aurora Stealer to deploy rogue browser extensions capable of data and crypto theft. It's sold on dark web forums by an actor named "friezer" for $5,000. The malware is equipped with a wide range of features that allow it to disable other browser add-ons, harvest browsing history and...

Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit  said  the attacks take advantage of  CVE-2023-3519 , a critical code injection vulnerability that could lead to unauthenticated remote code execution. The flaw, patched by Citrix last month, carries a CVSS score of 9.8. The  largest number  of impacted IP addresses are based in Germany, followed by France, Switzerland, Italy, Sweden, Spain, Japan, China, Austria, and Brazil. The  exploitation  of CVE-2023-3519 to deploy web shells was previously disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which  said  the attack was directed against an unnamed critical infrastructure organization in June 2023. The disclosure comes as GreyNoise  said  it detected three IP addresses  attempting  to exploit CVE-2023-24489 (CVSS scor...

The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage.  According to Cybersecurity Ventures , the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025. There is also increasing public and regulatory scrutiny over data protection. Compliance regulations (such as PCI DSS and ISO 27001), as well as the need for a better understanding of your cybersecurity risks, are driving the need to conduct regular penetration tests.  Pen testing helps to identify security flaws in your IT infrastructure before threat actors can detect and exploit them. This gives you visibility into the risks posed by potential attacks and enables you to take swift corrective action to address them. Here, we outline key factors to consider before, during, and post the penetration testing process. Pre-...

Microsoft is warning of the threat malicious cyber actors pose to stadium operations, noting that the cyber risk surface of live sporting events is "rapidly expanding." "Information on athletic performance, competitive advantage, and personal information is a lucrative target," the company said in a Cyber Signals report shared with The Hacker News. "Sports teams, major league and global sporting associations, and entertainment venues house a trove of valuable information desirable to cybercriminals." "Unfortunately, this information can be vulnerable at-scale, due to the number of connected devices and interconnected networks in these environments." The company specifically singled out hospitals delivering critical support and health services for fans and players as being targets of ransomware attacks, resulting in service disruptions. To defend against such attacks, Microsoft is recommending that - Companies disable unnecessary ports an...

A hacktivist group known as  Mysterious Team Bangladesh  has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most frequently attacks logistics, government, and financial sector organizations in India and Israel," Singapore-headquartered cybersecurity firm Group-IB said in a report shared with The Hacker News. "The group is primarily driven by religious and political motives." Some of the other targeted countries include Australia, Senegal, the Netherlands, Sweden, and Ethiopia. In addition, the threat actor is said to have gained access to web servers and administrative panels, likely by exploiting known security flaws or poorly-secured passwords. Mysterious Team Bangladesh, as the name indicates, is suspected to be of Bangladeshi origin. "We are working to protect Our Bangladesh Cyberspace," the group's Intro on Facebook  reads . The group has an active social media pre...

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as  Midnight Blizzard  (previously Nobelium). It's also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes. "In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities," the company  said . "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organization by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts." Microsoft said the campaign, observed since at least late May 2023, affected less than 40 organizations global...