The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Section four of the " Executive Order on Improving the Nation's Cybersecurity " introduced a lot of people in tech to the concept of a "Software Supply Chain" and securing it. If you make software and ever hope to sell it to one or more federal agencies, you  have  to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and learning how to secure it will pay dividends in a stronger security footing and the benefits it provides. This article will look at three ways to supercharge your  Software Supply Chain Security . What is your Software Supply Chain? It's essentially everything that goes into building a piece of software: from the IDE in which the developer writes code, to the third-party dependencies, to the build systems and scripts, to the hardware and operating system on which it runs. Instabilities and vulnerabilities can be introduced, maliciously or not, from inception to deployment and even beyond....

Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down. "These packages, upon initial use, deploy a CoinMiner executable on Linux devices," Fortinet FortiGuard Labs researcher Gabby Xiong  said , adding the activity shares overlaps with a  prior campaign  that involved the use of a package called culturestreak to deploy a crypto miner. The malicious code resides in the __init__.py file, which decodes and retrieves the first stage from a remote server, a shell script ("unmi.sh") that fetches a configuration file for the mining activity as well as the CoinMiner file  hosted on GitLab . The  ELF binary  file is then executed in the background using the  nohup command , thu...

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi  said  in a Wednesday report. "However, in their latest operational twist, the UAC-0050 group has integrated a pipe method for  interprocess communication , showcasing their advanced adaptability." UAC-0050, active since 2020, has a  history  of targeting Ukrainian and Polish entities via social engineering campaigns that impersonate legitimate organizations to trick recipients into opening malicious attachments. In February 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) attributed the adversary to a phishing campaign designed to deliver Remcos RAT. Over t...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the  account has been restored  on the social media platform. It's currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@phantomsolw" to impersonate the Phantom crypto wallet service, according to  MalwareHunterTeam  and  vx-underground . Specifically, the scam posts from the account advertised an airdrop scam that urged users to click on a bogus link and earn free tokens, with follow-up messages asking Mandiant to "change password please" and "check bookmarks when you get account back." Mandiant, a leading threat intelligence firm, was  acquired by Google  in March 2022 for $5.4 billion. It is now part of Google Cloud. "The Mandiant Twitter account takeover could have happened ...

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the  critical exploit  facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an unauthorized manner. The technique was first revealed by a threat actor named PRISMA on October 20, 2023, on their Telegram channel. It has since been  incorporated  into  various malware-as-a-service (MaaS) stealer families , such as Lumma, Rhadamanthys, Stealc, Meduza, RisePro, and WhiteSnake. The MultiLogin authentication endpoint is primarily designed for synchronizing Google accounts across services when users sign in to their accounts in the Chrome web browser (i.e.,  profiles ).  A reverse engineering of the Lumma Stealer code has revealed that the technique tar...

A new exploitation technique called Simple Mail Transfer Protocol ( SMTP ) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks," Timo Longin, a senior security consultant at SEC Consult,  said  in an analysis published last month. SMTP is a TCP/IP protocol used to send and receive email messages over a network. To relay a message from an email client (aka mail user agent), an SMTP connection is established between the client and server in order to transmit the actual content of the email. The server then relies on what's called a mail transfer agent (MTA) to check the domain of the recipient's email address, and if it's different from that of the sender, it queries the domain name system (DNS) to look up the  MX (mail exchanger) rec...

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule ( TSR ). In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures, including establishing a process for screening its customers and calling for potential illegal telemarketing. The order, which also imposes a $10 million civil penalty judgment, has been suspended due to XCast's inability to pay. "XCast provided VoIP services that transmitted billions of illegal robocalls to American consumers, including scam calls fraudulently claiming to be from government agencies," the DoJ  said  in a press release. These calls delivered prerecorded marketing messages, most of which were sent to numbers listed on the National Do Not Call Registry. To make matter...

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore, more and more security teams are now turning to the emerging category of purpose-built enterprise browsers as the answer to the browser's security challenges. However, as this security solution category is still relatively new, there is not yet an established set of browser security best practices, nor common evaluation criteria.  LayerX, the User-First Enterprise Browser Extension, is addressing security teams' need with the downable  Enterprise Browser Buyer's Guide , which guides its readers through the essentials of choosing the best solution and provides them with an actionable...

Google has agreed to settle a lawsuit  filed in June 2020  that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the "incognito" or "private" mode on web browsers. The  class-action lawsuit  sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had alleged that Google violated federal wiretap laws and  tracked users' activity  using Google Analytics to collect information when in private mode. They said this allowed the company to collect an "unaccountable trove of information" about users who assumed they had taken adequate steps to protect their privacy online. Google subsequently attempted to get the lawsuit dismissed, pointing out the message it displayed when users turned on Chrome's incognito mode, which  informs users  that their activity might still be visible to websites they visit, employer or school, or ...