The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A new information malware strain called  Statc Stealer  has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar  said  in a technical report published this week. "It can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. Additionally, it targets cryptocurrency wallets, credentials, passwords, and even data from messaging apps like Telegram." Written in C++, the malicious stealer finds its way into victim systems when potential victims are tricked into clicking on seemingly innocuous ads, with the stealer imitating an MP4 video file format on web browsers like Google Chrome. The first-stage payload, while dropping and executing a decoy PDF installer, also stealthily deploys a downloader...

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method , an app that has over 455 million monthly active users across Windows, Android, and iOS. The vulnerabilities are rooted in EncryptWall, the service's custom encryption system, allowing network eavesdroppers to extract the textual content and access sensitive data. "The Windows and Android versions of Sogou Input Method contain vulnerabilities in this encryption system, including a vulnerability to a CBC  padding oracle attack , which allow network eavesdroppers to recover the plaintext of encrypted network transmissions, revealing sensitive information including what users have typed," the researchers  said . CBC, s...

Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been documented using native functionality like the creation of Federated Trusts  [1]  to enable persistent access to a Microsoft tenant. This article demonstrates an additional native functionality that when leveraged by an attacker enables persistent access to a Microsoft cloud tenant and lateral movement capabilities to another tenant. This attack vector enables an attacker operating in a compromised tenant to abuse a misconfigured Cross-Tenant Synchronization (CTS) configuration and gain access to other connected tenants or deploy a rogue CTS configuration to maintain persistence with...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations worldwide between March and June 2023. Nearly 39% of the hundreds of compromised users are said to be C-level executives, including CEOs (9%) and CFOs (17%). The attacks have also singled out personnel with access to financial assets or sensitive information. At least 35% of all compromised users had additional account protections enabled. The campaigns are seen as a response to the increased adoption of multi-factor authentication (MFA) in enterprises, prompting threat actors to evolve their tactics to bypass new security layers by incorporating adversary-in-the-middle ( AitM ) phishing kits to ...

Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale, ultimately facilitating the theft of credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, and Cash App, among others. "Victims typically receive an email with a pdf file or link that redirects to a site requesting the victims' credit card or other personally identifiable information," Interpol  said . "This information is then stolen and used to extract money from the victims." No less than 70,000 users across 43 countries are estimated to have been compromised via services offered on 16Shop. The law enforcement operation has also led to the arrest of the site's administrator, a 21-year-old Indonesian...

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called  Collide+Power  ( CVE-2023-20583 ),  Downfall  ( CVE-2022-40982 ), and  Inception  ( CVE-2023-20569 ), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as  Zenbleed  (CVE-2023-20593). "Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers,"  Daniel Moghimi , senior research scientist at Google,  said . "This vulnerability [...] enables a user to access and steal data from other users who share the same computer." In a hypothetical attack scenario, a malicious app installed on a device could weaponize the method to steal sensitive information like passwords and encryption keys, effectively undermining Intel's Software G...

Hackers associated with China's Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023. Cybersecurity firm Recorded Future attributed the intrusion set to a nation-state group it tracks under the name  RedHotel  (previously Threat Activity Group-22 or TAG-22), which overlaps with a cluster of activity broadly monitored as  Aquatic Panda ,  Bronze University , Charcoal Typhoon,  Earth Lusca , and  Red Scylla  (or Red Dev 10). Active since 2019, some of the prominent sectors targeted by the prolific actor encompass academia, aerospace, government, media, telecommunications, and research. A majority of the victims during the period were government organizations. "RedHotel has a dual mission of intelligence gathering and economic espionage," the cybersecurity company  said , calling out its persistence, operational intensity, and global reach. "It targets both gov...

Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center (SOC), it's a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their side, and a host of tactics, techniques, and procedures (TTPs) that have evolved. These external threat actors have now been further emboldened in the era of AI with open-source tools like ChatGPT. With the potential of an attack leading to a breach within minutes, CISOs now are looking to prepare all systems and assets for cyber resilience and rapid response when needed. With tools and capabilities to validate security continuously – including penetration testing as a service – DevSecOps teams can remediate critical vulnerabilities fast due to the easy access to tactical support to the teams that need it the most. This gives the SOC and DevOps teams tools to that remove false po...

Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. The search giant said it's introducing a second user setting to turn off support, at the model level, for  null-ciphered cellular connections . "The Android Security Model assumes that all networks are hostile to keep users safe from network packet injection, tampering, or eavesdropping on user traffic," Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle  said . "Android does not rely on link-layer encryption to address this threat model. Instead, Android establishes that all network traffic should be end-to-end encrypted (E2EE)." 2G networks, in particular, employ weak encryption and lack mutual authentication,  rendering  them  susceptible  to over-the-air interception and traffic decryption attacks by impersonating a real 2G tower. The  threat posed by rogue cellular base stations...