The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow , Dark Web Informer , and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, who has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000. This includes full names, addresses, email addresses, phone numbers, ticket sales and event information, and the last four digits of credit cards and their associated expiration dates. However, in an interesting twist, visitors of the site are now being asked to sign up for an account in order to view the content. The development follows a joint law enforcement action that seized all the new domains belonging to BreachForums (breachforums[.]st/.cx/.is/....

An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in prison and a $250,000 fine. He was arrested on December 20, 2023, upon entering the country. "Tomar and his co-conspirators engaged in a scheme to steal millions in cryptocurrency from hundreds of victims located worldwide and in the United States, including in the Western District of North Carolina," the Department of Justice (DoJ) said last week. The website, created around June 2021, was named "CoinbasePro[.]com" in an effort to masquerade as Coinbase Pro and deceive unsuspecting users into believing that they were accessing the legitimate version of the virtual currency exchange. It's worth noting that Coinbase discontinued the offering in favor of Advanced Trade ...

You're probably familiar with the term "critical assets". These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If anything happens to these assets, such as application servers, databases, or privileged identities, the ramifications to your security posture can be severe.  But is every technology asset considered a critical asset? Moreover, is every technology asset considered a  business -critical asset? How much do we really know about the risks to our  business -critical assets?  Business-critical assets are the underlying technology assets of your business in general – and we all know that technology is just one of the 3 essential pillars needed for a successful business operation. In order to have complete cybersecurity governance, organizations should consider: 1) Technology, 2) Business processes, and 3) Key People. When these 3 pillars come togeth...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples have used a large number of known vulnerabilities to deliver samples," the QiAnXin XLab team  said . "Additionally, the maximum number of targets has been observed to exceed 300+ per day." The flaws impact routers, networking gear, and other devices from vendors such as Apache (ActiveMQ, Hadoop, Log4j, and RocketMQ), Cacti, Cisco, D-Link, DrayTek, FreePBX, GitLab, Gocloud, Huawei, Jenkins, Linksys, Metabase, NETGEAR, Realtek, Seagate, SonicWall, Tenda, TOTOLINK, TP-Link, ZTE, and Zyxel, among others. CatDDoS was previously documented by  QiAnXin  and  NSFOCUS  in late 2023, describing it as a  Mirai botnet variant  capable of performing DDoS attacks using...

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called  Dessky Snippets , which allows users to add custom PHP code. It has over 200 active installations. Such attacks are known to leverage previously disclosed flaws in WordPress plugins or easily guessable credentials to gain administrator access and install other plugins (legitimate or otherwise) for post-exploitation. Sucuri said the Dessky Snippets plugin is used to insert a server-side PHP credit card skimming malware on compromised sites and steal financial data. "This malicious code was saved in the dnsp_settings option in the WordPress wp_options table and was designed to modify the checkout process in WooCommerce by manipulating the billing form and injecting...

A maximum-severity security flaw has been disclosed in the  TP-Link Archer C5400X gaming router  that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as  CVE-2024-5035 , carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has been patched in  version 1_1.1.7  released on May 24, 2024. "By successfully exploiting this flaw, remote unauthenticated attackers can gain arbitrary command execution on the device with elevated privileges," German cybersecurity firm ONEKEY  said  in a report published Monday. The issue is rooted in a binary related to radio frequency testing "rftest" that's launched on startup and exposes a network listener on TCP ports 8888, 8889, and 8890, thus allowing a remote unauthenticated attacker to achieve code execution. While the network ...

Microsoft is calling attention to a Morocco-based cybercrime group dubbed  Storm-0539  that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company  said  in its latest Cyber Signals report. "We've seen some examples where the threat actor has stolen up to $100,000 a day at certain companies." Storm-0539 was  first spotlighted  by Microsoft in mid-December 2023, linking it to social engineering campaigns ahead of the year-end holiday season to steal victims' credentials and session tokens via adversary-in-the-middle ( AitM ) phishing pages. The gang, also called Atlas Lion and active since at least late 2021, is known to then abuse the initial access to register their own devices to bypass authentication and obtain persistent access, gain elevated privileges, and compromise gift card-related ser...

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of phishing attacks today and analyzes the protections organizations have in place to protect against them. This report, "The Dark Side of Phishing Protection: Are You as Protected as You Should Be?" ( Download here ), can be leveraged by security and IT professionals across organizations in their security efforts. They can use it to pinpoint any internal security blind spots they have and identify controls and practices that can help them gain visibility into those blind spots. Understanding the Threat: Phishing Stats Phishing is on the rise. Based on a number of sources, the report d...

Cybersecurity researchers are alerting of phishing campaigns that abuse  Cloudflare Workers  to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle ( AitM ) phishing, "uses Cloudflare Workers to act as a reverse proxy server for a legitimate login page, intercepting traffic between the victim and the login page to capture credentials, cookies, and tokens," Netskope researcher Jan Michael Alcantara  said  in a report. A majority of phishing campaigns hosted on Cloudflare Workers over the past 30 days have targeted victims in Asia, North America, and Southern Europe, spanning technology, financial services, and banking sectors. The cybersecurity firm said that an increase in traffic to Cloudflare Workers-hosted phishing pages was first registered in Q2 2023, noting it observed a spike in the total number of d...