The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including denial-of-service (DoS) attacks, model poisoning, model theft, and more," Oligo Security researcher Avi Lumelsky said in a report published last week. Ollama is an open-source application that allows users to deploy and operate large language models (LLMs) locally on Windows, Linux, and macOS devices. Its project repository on GitHub has been forked 7,600 times to date. A brief description of the six vulnerabilities is below - CVE-2024-39719 (CVSS score: 7.5) - A vulnerability that an attacker can exploit using /api/create an endpoint to determine the existence of a file in the se...

German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical skills of their own," the Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said . "The use of stresser services to carry out DDoS attacks has recently become increasingly known in the context of police investigations." The BKA described dstat[.]cc as a platform that offered recommendations and evaluations of stresser services in order to conduct DDoS attacks against websites of interest and render them unresponsive. According to an alert published by Radware in January 2023, dstat[.]cc offered botnet owners the ability to assess the capacity and capabilities of their DDoS attack services. "Bot herders use DStat sites ...

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We're talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 It's enough to make you want to chuck your phone in the ocean. (But don't do that, you need it to read this newsletter!) The good news? We've got the inside scoop on all the latest drama. Think of this newsletter as your cheat sheet for surviving the digital apocalypse. We'll break down the biggest threats and give you the knowledge to outsmart those pesky hackers. Let's go! ⚡ Threat of the Week North Korean Hackers Deploy Play Ransomware: In what's a sign of blurring boundaries between nation-state groups and cybercrime actors, it has emerged that the North Korean state-sponsored hacking crew called Andariel ...

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain.  Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide . Data from the Imperva Threat Research team's six-month analysis (April 2024 – September 2024) revealed that AI-driven threats need to be top of mind for retailers this year. As generative AI tools and large language models (LLMs) become more widespread and advanced, cybercriminals are increasingly leveraging these technologies to scale and refine their attacks on eCommerce platforms. Imperva Threat Research also found that retail sites collectively experience an average of 569,884 AI-driven attacks each day. Understanding what types of threats are accounting for these attacks, and how to protect against them, is critical for retail businesses ...

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent. "We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software," the Big Sleep team said in a blog post shared with The Hacker News. The vulnerability in question is a stack buffer underflow in SQLite, which occurs when a piece of software references a memory location prior to the beginning of the memory buffer, thereby resulting in a crash or arbitrary code execution. "This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of t...

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information. "FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming and outgoing calls," Zimperium researcher Fernando Ortega said in a report published last week. "Victims are tricked into calling fraudulent phone numbers controlled by the attacker and mimicking the normal user experience on the device." FakeCall, also tracked under the names FakeCalls and Letscall, has been the subject of multiple analyses by Kaspersky, Check Point , and ThreatFabric since its emergence in April 2022. Previous attack waves have primarily targeted mobile users in South Korea. The names of the malicious package names, i.e., dropper apps, bearing the ma...

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It's a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT professionals now face an uphill battle against these sophisticated threats. Traditional security measures are proving insufficient, leaving organizations vulnerable to data breaches, financial losses, and reputational harm. This webinar provides crucial insights and actionable strategies to help safeguard your organization against these evolving threats. Join us to hear from a renowned expert with firsthand experience in cyber defense. Ian Ahl, SVP of P0 Labs and former Head of Advanced Practices at Mandiant, brings extensive experience from responding to hundreds of breaches. He will shar...

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event. The activity has been pinned on an entity that's known as Emennet Pasargad , which the agencies said has been operating under the cover name Aria Sepehr Ayandehsazan (ASA) since mid-2024. It's tracked by the broader cybersecurity community as Cotton Sandstorm, Haywire Kitten, and Marnanbridge. "The group exhibited new tradecraft in its efforts to conduct cyber-enabled information operations into mid-2024 using a myriad of cover personas, including multiple cyber operations that occurred during and targeting the 2024 Summer Olympics – including the compromise of a French commercial dynamic display provider," according to the advisory . ASA, the U.S. Federal Bureau of Investigation (FBI),...

Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE , is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket, consisting of no less than 15,000 stolen credentials, has since been taken down by Amazon. "The stolen credentials belong to Cloud Service Providers (CSPs), Email providers, and other services," Sysdig said in a report. "Phishing and spam seem to be the primary goal of stealing the credentials." The multi-faceted criminal operation, while not sophisticated, has been found to leverage an arsenal of private tools to steal credentials as well as scrape Git config files, Laravel .env files, and raw web data. It has not been attributed to any known threat actor or grou...