The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and starkstresser.net. These services typically employ botnet malware installed on compromised devices to launch attacks on behalf of paying customers against targets of their liking. In addition, three administrators associated with the illicit platforms have been arrested in France and Germany, with over 300 users identified for planned operational activities. "Known as 'booter' and 'stresser' websites, these platforms enabled cybercriminals and hacktivists to flood targets with illegal traffic, rendering websites and other web-based services inaccessible," Europol said in a stat...

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically selected" systems associated with the Ukrainian military between March and April 2024. The activity is assessed to be the second time since 2022 that Secret Blizzard, also known as Turla, has latched onto a cybercrime campaign to propagate its own tools in Ukraine. "Commandeering other threat actors' access highlights Secret Blizzard's approach to diversifying its attack vectors," the company said in a report shared with The Hacker News. Some of the other known methods employed by the hacking crew include adversary-in-the-middle ( AitM ) campaigns, strategic web compro...

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "This can lead to stealthy command execution, which can harvest sensitive data, redirect browsers to phishing websites, and more." Even worse, local attackers could take advantage of this security blindspot to execute commands and read/write messages from/to messaging applications like Slack and WhatsApp. On top of that, it could also be potentially weaponized to manipulate UI elements over a network. First available in Windows XP as part of the Microsoft .NET Framework, UI Automation is designed to provide programmatic access to various user interface (UI) elements and h...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble," Oasis Security researchers Elad Luz and Tal Hason said in a report shared with The Hacker News. Following responsible disclosure, the issue – codenamed AuthQuake – was addressed by Microsoft in October 2024. While the Windows maker supports various ways to authenticate users via MFA, one method involves entering a six-digit code from an authenticator app after supplying the credentials. Up to 10 consequent failed attempts are permitted for a single session. The vulnerability identified by Oasis, at its core, concerns...

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell that supports more than a dozen commands, which may be valuable for ransomware attacks," Zscaler ThreatLabz said in a Tuesday report. "These modifications provide additional layers of resilience against detection and mitigation." ZLoader , also referred to as Terdot, DELoader, or Silent Night, is a malware loader that's equipped with the ability to deploy next-stage payloads. Malware campaigns distributing the malware were observed for the first time in almost two years in September 2023 after its infrastructure was taken down. In addition to incorporating various...

Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world's first and only solution to bring together all facets of SaaS management in one solution: Discovery : Gain visibility into your full SaaS footprint including GenAI apps, free tools, duplicate tenants, unapproved apps, and more, all on Day One. Security: Secure new accounts as they are created, uncover and revoke risky OAuth grants, and continuously harden your SaaS security posture. Spend Management: Discover up to 2 years of historical...

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as September 25, 2024. "The surveillanceware consists of two parts: an installer APK, and a surveillance client that runs headlessly on the device when installed," Kristina Balaam, senior staff threat intelligence researcher at Lookout, said in a technical report shared with The Hacker News. "EagleMsgSpy collects extensive data from the user: third-party chat messages, screen recording and screenshot capture, audio recordings, call logs, device contacts, SMS messages, location data, [and] network activity." EagleMsgSpy has been described by its developers as a "compreh...

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team said in a new report shared with The Hacker News. The attacks, which leveraged tools previously identified as linked to China-based advanced persistent threat (APT) groups, are characterized by the use of both open-source and living-off-the-land (LotL) techniques. This includes the use of reverse proxy programs such as Rakshasa and Stowaway , as well as asset discovery and identification tools, keyloggers, and password stealers. Also deployed during the course of the attacks is PlugX (aka Korplug), a remote access trojan put to use by several Chinese hacking groups. "The threat ac...

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the elevation of privileges. This is in addition to 13 vulnerabilities the company has addressed in its Chromium-based Edge browser since the release of last month's security update . In total, Microsoft has resolved as many as 1,088 vulnerabilities in 2024 alone, per Fortra. The vulnerability that Microsoft has acknowledged as having been actively exploited is CVE-2024-49138 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the company said in an...