The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A new Go-based malware loader called  JinxLoader  is being used by threat actors to deliver next-stage payloads such as  Formbook and its successor XLoader . The  disclosure  comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks. "The malware pays homage to League of Legends character  Jinx , featuring the character on its ad poster and [command-and-control] login panel," Symantec  said . "JinxLoader's primary function is straightforward – loading malware." Unit 42  revealed  in late November 2023 that the malware service was  first advertised  on hackforums[.]net on April 30, 2023, for $60 a month, $120 a year, or for a lifetime fee of $200. The attacks begin with phishing emails impersonating Abu Dhabi National Oil Company (ADNOC), urging recipients to open password-protected RAR archive a...

Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu, Dikla Barda, and Roman Zaikin  said . A prominent contributor to this troubling trend is a notorious phishing group called Angel Drainer, which advertises a "scam-as-a-service" offering by charging a percentage of the stolen amount,  typically 20% or 30% , from its collaborators in return for providing wallet-draining scripts and other services. In late November 2023, a similar wallet-draining service known as Inferno Drainer announced that it was  shutting down its operations  for good after helping scammers plunder over $70 million worth of crypto from 103,676 victims sinc...

The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country's National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. "These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure," AKCESK  said . One Albania, which has nearly 1.5 million subscribers, said in a  Facebook post  on December 25 that it had handled the security incident without any issues and that its services, including mobile, landline, and IPTV, remained unaffected. AKCESK further  noted  that the intrusions did not originate from Albanian IP addresses, adding it managed to "identify potential cases in real-time." The agency also said that it has been focusing its efforts on identifying the source of the attacks, recovering compromised systems, and implementing security measures to prevent such incidents from happening...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the  Russia-linked APT28 group  to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was  detected  by the agency between December 15 and 25, 2023, targeted Ukrainian government entities and Polish organizations with email messages urging recipients to click on a link to view a document. However, to the contrary, the links redirect to malicious web resources that abuse JavaScript and the  "search-ms:" URI protocol handler  to drop a Windows shortcut file (LNK) that launches PowerShell commands to activate an infection chain for a new malware known as MASEPIE. MASEPIE is a Python-based tool to download/upload files and execute commands, with communications with the command-and-control (C2) server taking place over an encrypted channel using the TCP pr...

Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as  Kimsuky . "A notable point about attacks that use AppleSeed is that similar methods of attack have been used for many years with no significant changes to the malware that are used together," the AhnLab Security Emergency Response Center (ASEC)  said  in an analysis published Thursday. Kimsuky , active for over a decade, is known for its targeting of a wide range of entities in South Korea, before expanding its focus to include other geographies in 2017. It was  sanctioned  by the U.S. government late last month for amassing intelligence to support North Korea's strategic objectives. The threat actor's espionage c...

Microsoft on Thursday said it's once again disabling the  ms-appinstaller protocol handler  by default following its abuse by multiple threat actors to distribute malware. "The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution," the Microsoft Threat Intelligence team  said . It further noted that several cybercriminals are offering a malware kit for sale as a service that leverages the MSIX file format and ms-appinstaller protocol handler. The  changes  have gone into effect in App Installer version 1.21.3421.0 or higher. The attacks take the form of signed malicious MSIX application packages that are distributed via Microsoft Teams or malicious advertisements for legitimate popular software on search engines like Google. At least four different financially motivated hacking groups have been observed taking advantage of the App I...

Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the  Fluent Bit  logging container could combine that access with high privileges required by  Anthos Service Mesh  (on clusters that have enabled it) to escalate privileges in the cluster," the company  said  as part of an advisory released on December 14, 2023. Palo Alto Networks Unit 42, which discovered and reported the shortcoming, said adversaries could weaponize it to carry out "data theft, deploy malicious pods, and disrupt the cluster's operations." There is no evidence that the issue has been exploited in the wild. It has been addressed in the following versions of Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM) - 1.25.16-gke.1020000 1.26.10-gke.1235000 1.27.7-gke.1293000 1.28.4-gke.1083000 1.17.8-asm.8 ...

The  Operation Triangulation  spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which  discovered  the  campaign  at the beginning of 2023 after becoming one of the targets,  described  it as the "most sophisticated attack chain" it has ever observed to date. The campaign is believed to have been active since 2019. Operation Triangulation gets its name from the use of a fingerprinting technique called canvas fingerprinting to draw a yellow triangle on a pink background with Web Graphics Library ( WebGL ) in the device's memory. The exploitation activity involved the use of four zero-day flaws that were fashioned into a chain to obtain an unprecedented level of access and backdoor target devices running iOS versions up to iOS 16.2 with the ultimate goal of gathering ...

A new malware loader is being used by threat actors to deliver a wide range of  information stealers  such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and  Rescoms . Cybersecurity firm ESET is tracking the trojan under the name  Win/TrojanDownloader.Rugmi . "This malware is a loader with three types of components: a downloader that downloads an encrypted payload, a loader that runs the payload from internal resources, and another loader that runs the payload from an external file on the disk," the company  said  in its Threat Report H2 2023. Telemetry data gathered by the company shows that detections for the Rugmi loader spiked in October and November 2023, surging from single digit daily numbers to hundreds per day. Stealer malware is typically sold under a malware-as-a-service (MaaS) model to other threat actors on a subscription basis. Lumma Stealer, for instance, is advertised in underground forums for $250 a mo...