#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

Oct 01, 2024 Cryptojacking / Docker Security
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks leverage Docker for initial access to deploy a cryptocurrency miner on compromised containers, while also fetching and executing additional payloads that are responsible for conducting lateral movement to related hosts running Docker, Kubernetes, or SSH. Specifically, this involves identifying unauthenticated and exposed Docker API endpoints using Internet scanning tools, such as masscan and ZGrab . On vulnerable endpoints, the Docker API is used to spawn an Alpine container and then retrieve an initialization shell script (init.sh) from a remote server ("solscan[.]liv...
U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

Oct 01, 2024 Corporate Security / Financial Fraud
The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court documents, Westbrook is believed to have executed a fraudulent scheme between January 2019 and May 2020 that allowed him to generate millions in profits by gaining unauthorized access to Microsoft 365 accounts belonging to corporate executives. "On at least five occasions, Westbrook gained unauthorized access to Office 365 email accounts belonging to corporate executives employed by certain U.S.-based companies to obtain non-public information, including information about impending earnings announcements," the DoJ said . The accused then used that information to purchase securities and ma...
THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

Sep 30, 2024 Cybersecurity / Weekly Recap
Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news – Kaspersky's forced exit from the US market left users with more questions than answers. And don't even get us started on the Kia cars that could've been hijacked with just a license plate! Let's unpack these stories and more, and arm ourselves with the knowledge to stay safe in this ever-evolving digital landscape. ⚡ Threat of the Week Flaws Found in CUPS: A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. Red Hat Enterprise Linux tagged the issues as Important in severity, give...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Maximize the Security Tools You Already Have

websitePrelude SecuritySecurity Control Validation
Hone your EDR, identity, vuln, and email platforms against the threats that matter with a 14-day trial.
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Sep 30, 2024 Operational Technology / Network Security
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher Pedro Umbelino said in a report published last week. Making matters worse, the analysis found that thousands of ATGs are exposed to the internet, making them a lucrative target for malicious actors looking to stage disruptive and destructive attacks against gas stations, hospitals, airports, military bases, and other critical infrastructure facilities. ATGs are sensor systems designed to monitor the level of a storage tank (e.g., fuel tank) over a period of time with the goal of determining leakage and parameters. Exploitation of security flaws in such systems could therefore have ...
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Sep 30, 2024 Identity Theft / Phishing Attack
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this , as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn't a new technique – so what's changed? Session hijacking has a new look When we think of the classic example of session hijacking, we think of old-school Man-in-the-Middle (MitM) attacks that involved snooping on unsecured local network traffic to capture credentials or, more commonly, financial details like credit card data. Or, by conducting client-side attacks compromising a webpage, running malicious JavaScript and using cross-site scripting (XSS) to steal the victim's session ID.  Session hijacking looks quite different these days. No longer network-based, modern session hijacking is an identity-based att...
A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

Sep 30, 2024 SaaS Backup / Microsoft 365
Imagine a sophisticated cyberattack cripples your organization's most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock ticks down on a ransom demand that threatens to destroy your data forever. How did this happen, and more importantly, how can you prevent it from happening? Microsoft 365 (M365) is the lifeblood of countless organizations worldwide, offering a seamless, cloud-based platform for communication, collaboration and data management. Over 400 million users rely on Microsoft 365 for everything from document creation and management to video conferencing 1 . While M365 has empowered businesses to undergo digital transformation and remain competitive with its support for distributed, hybrid and remote w...
Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

Sep 30, 2024 GDPR / Data Privacy
The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's General Data Protection Regulation (GDPR). To that end, the DPC faulted Meta for failing to promptly notify the DPC of the data breach, document personal data breaches concerning the storage of user passwords in plaintext, and utilize proper technical measures to ensure the confidentiality of users' passwords. Meta originally revealed that the privacy transgression led to the exposure of a subset of users' Facebook passwords in plaintext, although it noted that there was no evidence it was improperly accessed or abused internally. According to Krebs on Security , some of ...
Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Sep 28, 2024 Cryptocurrency / Mobile Security
Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake reviews and consistent branding helped the app achieve over 10,000 downloads by ranking high in search results," the cybersecurity company said in an analysis, adding it's the first time a cryptocurrency drainer has exclusively targeted mobile device users. Over 150 users are estimated to have fallen victim to the scam, although it's believed that not all users who downloaded the app were impacted by the cryptocurrency drainer. The campaign involved distributing a deceptive app that went by several names such as "Mestox Calculator," "WalletConnect - DeFi &...
U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

Sep 28, 2024 Election Security / Cybercrime
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy with other known and unknown actors to undermine the U.S. electoral process . They are alleged to have hacked into accounts of current and former U.S. officials, members of the media, nongovernmental organizations, and individuals associated with U.S. political campaigns. None of the three operatives, said to be members of the Basij Resistance Force, have been arrested. "The activity was part of Iran's continuing efforts to stoke discord, erode confidence in the U.S. electoral process, and unlawfully acquire information relating to current and former U.S. officials that could be us...
Expert Insights Articles Videos
Cybersecurity Resources