The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as  Faust . Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it's being propagated by means of an infection that delivers a Microsoft Excel document (.XLAM) containing a VBA script. "The attackers utilized the Gitea service to store several files encoded in Base64, each carrying a malicious binary," security researcher Cara Lin  said  in a technical report published last week. "When these files are injected into a system's memory, they initiate a file encryption attack." Faust is the latest addition to several ransomware variants from the Phobos family, including Eking, Eight, Elbie, Devos, and 8Base. It's worth noting that Faust was  previously documented  by Cisco Talos in November 2023. The cybersecurity firm described the variant as active since 2022 and "does not target specific industries or re...

The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans' privacy are not just unethical, but illegal," Wyden  said  in a letter to the Director of National Intelligence (DNI), Avril Haines, in addition to urging the government to take steps to "ensure that U.S. intelligence agencies only purchase data on Americans that has been obtained in a lawful manner." Metadata about users' browsing habits can pose a serious privacy risk, as the information could be used to glean personal details about an individual based on the websites they frequent. This could include websites that offer resources related to mental health, assistance for survivors of sexual assault or do...

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor named "WS." "These packages incorporate Base64-encoded source code of PE or other Python scripts within their setup.py files," Fortinet FortiGuard Labs  said  in an analysis published last week. "Depending on the victim devices' operating system, the final malicious payload is dropped and executed when these Python packages are installed." While Windows systems are infected with WhiteSnake Stealer, compromised Linux hosts are served a Python script designed to harvest information. The activity, which predominantly targets Windows users, overlaps with a  prior campaign  that JFrog ...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called  AllaKore RAT . The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin America-based financially motivated threat actor. The campaign has been active since at least 2021. "Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process," the Canadian company  said  in an analysis published earlier this week. "The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud." The attacks appear to be designed to particularly single out large companies with gross revenues over $100 million. Targeted entities span retail, agriculture, publ...

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security controls.  However, the evolving cyber threat landscape can challenge even the most fortified defenses. Despite the widespread adoption of the Defense-in-Depth strategy, cyber threats persist. Fortunately, the Defense-in-Depth strategy can be augmented using Breach and Attack Simulation (BAS), an automated tool that assesses and improves every security control in each layer. Defense-in-Depth: False Sense of Security with Layers Also known as multi-layered defense, the defense-in-depth strategy has been widely adopted by organizations since the early 2000s. It's based on the assumption th...

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura  said  in a Thursday report. "Such programs give an attacker full control of a victim's machine and the ability to drop additional malware." It's worth noting that the activity, codenamed  FakeAPP , is a continuation of a  prior attack wave  that targeted Hong Kong users searching for messaging apps like WhatsApp and Telegram on search engines in late October 2023. The latest iteration of the campaign also adds messaging app LINE to the list of messaging apps, redirecting users to bogus websites hosted on Google Docs or Google Sites. The Google infrastructure is used to embed link...

Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a  cyber attack on its systems  in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE)  revealed  that it had been the victim of an attack perpetrated by a hacking crew tracked as  APT29 , which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. "This threat actor is known to primarily target governments, diplomatic entities, non-governmental organizations (NGOs) and IT service providers, primarily in the U.S. and Europe," the Microsoft Threat Intelligence team  said  in a new advisory. The primary goal of these espionage missions is to gather sensitive information that is of strategic interest to Russia by maintaining footholds for extended periods of time without attracting any attenti...

40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after  Dunaev pleaded guilty  to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. "Hospitals, schools, and businesses were among the millions of TrickBot victims who suffered tens of millions of dollars in losses," DoJ  said . "While active, TrickBot malware, which acted as an initial intrusion vector into victim computer systems, was used to support various ransomware variants." Originating as a banking trojan in 2016, TrickBot evolved into a Swiss Army knife capable of delivering additional payloads, including ransomware. Following efforts to take down the botnet, it was absorbed into the Conti ransomware operation in 2022. The cybercrime crew's allegiance to ...

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as  CVE-2024-20253  (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a specially crafted message to a listening port of a susceptible appliance. "A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user," Cisco  said  in an advisory. "With access to the underlying operating system, the attacker could also establish root access on the affected device." Synacktiv security researcher Julien Egloff has been credited with discovering and reporting CVE-2024-20253. The following products are impacted by the flaw - Unified Communications Manager (versions 11...