The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Android banking trojan known as  SpyNote  has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure. Besides requesting invasive permissions to access call logs, camera, SMS messages, and external storage, SpyNote is known for hiding its presence from the Android home screen and the  Recents screen  in a bid to make it difficult to avoid detection. "The SpyNote malware app can be launched via an external trigger," F-Secure researcher Amit Tambe  said  in an analysis published last week. "Upon receiving the intent, the malware app launches the main activity." But most importantly, it seeks accessibility permissions, subsequently leveraging it to grant itself additional permissions to record audio and phone calls, log keystrokes, as well as capture scre...

SaaS Security's roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. " SaaS Security on Tap " is a new video series that takes place in Eliana V's bar making sure that the only thing that leaks is beer (maximum), and not SaaS data. This series takes a look at the key concepts within SaaS security and educates organizations on what new threat vectors need to be addressed. The Annual SaaS Security Survey Report: 2024 Plans and Priorities With the increase in SaaS application use, it's no surprise that incidents are up. The SaaS Security on Tap series covers this year's SaaS Security report which found that 55% of organizations have experienced a SaaS security incident within the last two years, including data leaks, data breaches, ransomware attacks, and malicious applications.  The r...

Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it  said  in a series of messages posted in X (formerly Twitter). Signal said it also checked with the U.S. government and that it found no information to suggest "this is a valid claim." It's also urging those with legitimate information to send reports to security@signal[.]org. The development comes as  reports   circulated  over the  weekend  about a zero-day vulnerability in Signal that could be exploited to gain complete access to a targeted mobile device. As a security precaution, it's been advised to turn off  link previews  in the app. The feature can be disabled by going to Signal Settings >...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting." The campaign, detected two months ago, has been codenamed  EtherHiding  by Guardio Labs. The novel twist marks the latest iteration in an ongoing malware campaign that leverages compromised WordPress sites to serve unsuspecting visitors a fake warning to update their browsers before the sites can be accessed, ultimately leading to the deployment of information stealer malware such as Amadey, Lumma, or RedLine. "While their initial method of hosting code on abused Cloudflare Worker hosts was taken down, they've quickly pivoted to take advantage of the decentralized, anonymous, and public nature of blockchain," security researchers Nati Tal and Oleg Zaytsev  said . "This campaign is up and harder than ever to detect and take down." It's no surprise that threat act...

Microsoft has announced that it  plans  to eliminate NT LAN Manager ( NTLM ) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center ( KDC ) for Kerberos." IAKerb enables clients to authenticate with Kerberos across a diverse range of network topologies. The second feature, a local Key Distribution Center (KDC) for Kerberos, extends Kerberos support to local accounts. First introduced in the 1990s, NTLM is a  suite of security protocols  intended to provide authentication, integrity, and confidentiality to users. It is a single sign-on (SSO) tool that relies on a challenge-response protocol that proves ...

European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called  PEAPOD . Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name  Void Rabisu , which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also believed to be associated with Cuba ransomware. The adversarial collective is something of an unusual group in that it conducts both financial motivated and espionage attacks, blurring the line between their modes of operation. It's also exclusively linked to the use of RomCom RAT. Attacks  involving the use of the backdoor  have singled out Ukraine and countries that support Ukraine in its war against Russia over the past year. Earlier this July, Microsoft implicated Void Rabisu to the exploitation of  CVE-2023-36884 , a remote code execution flaw in Office and Window...

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies.  This article will cover just some of those new developments in Q3-2023 as well as give predictions on quarters to come. The overall aim is to establish a recap of the major targets (both sectoral and nation and region-wise), new techniques employed with an emphasis on major incidents, new developments of concern to potential targets, as well as the shape of things to come in the future of Ransomware development. The increased weaponization of Vulnerabilities to deliver Ransomware: Cyble has observed increased instances of vulnerabilities being used as a vector to deliver ransomware and other malware in recent months, with a particular emphasis on Networking devices. This marks a shift from the previo...

The advanced persistent threat (APT) actor known as  ToddyCat  has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The  findings  come from Kaspersky, which  first shed light  on the adversary last year, linking it to attacks against high-profile entities in Europe and Asia for nearly three years. While the group's arsenal prominently features Ninja Trojan and a backdoor called Samurai, further investigation has uncovered a whole new set of malicious software developed and maintained by the actor to achieve persistence, conduct file operations, and load additional payloads at runtime. This comprises a collection of loaders that comes with capabilities to launch the Ninja Trojan as a second stage, a tool called LoFiSe to find and collect files of interest, a DropBox uploader to save stolen data to Dropbox, and Pcexter to exfiltrate archive fil...

A piece of malware known as  DarkGate  has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications ( VBA ) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware. "It's unclear how the originating accounts of the instant messaging applications were compromised, however it is hypothesized to be either through leaked credentials available through underground forums or the previous compromise of the parent organization," Trend Micro  said  in a new analysis published Thursday. DarkGate, first documented by Fortinet in November 2018, is a  commodity malware  that incorporates a wide range of features to harvest sensitive data from web browsers, conduct cryptocurrency mining, and allow its operators to remotely control the infected ...