The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for ������������������

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

January 16, 2022Ravie Lakshmanan
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed  IndexedDB Leaks , was disclosed by fraud protection software company FingerprintJS, which  reported the issue  to the iPhone maker on November 28, 2021. IndexedDB is a low-level JavaScript application programming interface (API) provided by web browsers for managing a  NoSQL database  of structured data objects such as files and blobs. "Like most web storage solutions, IndexedDB follows a same-origin policy," Mozilla  notes in its documentation  of the API. "So while you can access stored data within a domain, you cannot access data across different domains." Same-origin is a  fundamental security mechanism  that ensures that resources retrieved from distinct  origins  — i.e., a  combination  of the scheme (protocol),
A New Destructive Malware Targeting Ukrainian Government and Business Entities

A New Destructive Malware Targeting Ukrainian Government and Business Entities

January 16, 2022Ravie Lakshmanan
Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," Tom Burt, corporate vice president of customer security and trust at Microsoft, said , adding the intrusions were aimed at government agencies that provide critical executive branch or emergency response functions. Also targeted is an IT firm that "manages websites for public and private sector clients, including government agencies whose websites were recently defaced ," Burt noted. The computing giant, which first detected the malware on January 13, attributed the attacks to an emerging threat cluster codenamed " DEV-0586 ," with no observed overlaps in tact
Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

January 15, 2022Ravie Lakshmanan
In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise takedown, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organized cybercrime syndicate. "In order to implement the criminal plan, these persons developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB  said  in a statement. In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets u
Get Lifetime Access to Cybersecurity Certification Prep Courses

Get Lifetime Access to Cybersecurity Certification Prep Courses

January 15, 2022The Hacker News
You can't go far in professional IT without being asked for some key certifications. In particular, most  large companies  today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many opportunities — including six-figure roles. There is just a small matter of some exams to pass. To help you fly through the tests, we have teamed up with iCollege to bring you  The 2022 Ultimate Advanced CyberSec Professional Certification Bundle . This collection of five courses helps you work towards top certifications, with over 147 hours of content from expert instructors. The training would normally set you back a total of $1,475. But thanks to a special deal for readers of The Hacker News, you can get the bundle today for only $69. What's Included: NIST Cybersecurity & Risk Management Frameworks (ISC) CISSP - 2021 ISACA Certified Information Security Manager (CISM) Co
Massive Cyber Attack Knocks Down Ukrainian Government Websites

Massive Cyber Attack Knocks Down Ukrainian Government Websites

January 14, 2022Ravie Lakshmanan
No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson,  tweeted . The Security Service of Ukraine, the country's law-enforcement authority,  alluded  to a possible Russian involvement, pointing fingers at the hacker groups associated with the Russian secret services while branding the intrusions as a supply chain attack that involved hacking the "infrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack." Prior to the update from the SSU, the Ukrainian CERT claimed that the attacks may have exploited a security vulnerability in Laravel-based October CMS ( CVE-2021-32648 ), which cou
North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

January 14, 2022Ravie Lakshmanan
Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking the intrusions under the name " SnatchCrypto ," noted that the campaign has been running since at 2017, adding the attacks are aimed at startups in the FinTech sector located in China, Hong Kong, India, Poland, Russia, Singapore, Slovenia, the Czech Republic, the U.A.E., the U.S., Ukraine, and Vietnam. "The attackers have been subtly abusing the trust of the employees working at targeted companies by sending them a full-featured Windows backdoor with surveillance functions, disguised as a contract or another business file," the researchers  said . "In order to eventually empty the v
U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images

U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images

January 14, 2022Ravie Lakshmanan
A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have purchased an arsenal of cyber crime tools in 2019, including crypters and remote administration tools (RATs), which can be used as a backdoor to steal personal information and conduct surveillance through microphones and cameras, catching the attention of the U.K. National Crime Agency (NCA). The cyber voyeur's modus operandi involved catfishing potential targets by using fake profiles on different messaging apps such as Skype, leveraging the online encounters to send rogue links hosting the malware through the chats. "Davies was infecting his victims' phones or computers with malicious software by disguising it with the crypters so their antivirus protection would not detect it,&qu
Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

January 14, 2022Ravie Lakshmanan
Ukrainian police authorities have nabbed five members of a gang that's believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million. The  special operation , which was carried out in assistance with law enforcement officials from the U.K. and U.S., saw the arrest of an unnamed 36-year-old individual from the capital city of Kyiv, along with his wife and three other accomplices. A total of nine searches across the suspects' homes were carried out, resulting in the seizure of computer equipment, mobile phones, bank cards, flash drives, three cars, and other items with evidence of illegal activity. The Cyber Police of the National Police of Ukraine said the group offered a "hacker service" that enabled financially motivated crime syndicates to send phishing emails containing file-encrypted malware to lock confidential data pertaining to its victims, demanding that the target
Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

January 13, 2022Ravie Lakshmanan
Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as  CVE-2022-20658 , the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request. "With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP," Cisco  noted  in an advisory published this week. " To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials." Unified CCMP and Unified CCDM pro
GootLoader Hackers Targeting Employees of Law and Accounting Firms

GootLoader Hackers Targeting Employees of Law and Accounting Firms

January 13, 2022Ravie Lakshmanan
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system, infects the system with ransomware or other lethal malware," researchers from eSentire  said  in a report shared with The Hacker News. The cybersecurity services provider said it intercepted and dismantled intrusions aimed at three law firms and an accounting enterprise. The names of the victims were not disclosed. Malware can be delivered on targets' systems via many methods, including poisoned search results, fake updates, and trojanized applications downloaded from sites linking to pirated software. GootLoader resorts to the first technique. In March 2021,  details em
Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

January 13, 2022Ravie Lakshmanan
Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the  Windows Registry . Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been  observed   in the wild  since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new functionality to deliver post-compromise attack platforms such as Cobalt Strike Beacon, with the final objective of loading ransomware on infected machines. "It has been continually developed, with new capabilities introduced such as lateral movement, the ability to exfiltrate email and browser data, and to install additional malware," Trustwave researchers Lloyd Macrohon and Rodel Mendrez said in a report shared with The Hacker News. In recent months, phishing campaigns have culminated in the distribution of a  new loader  called  SQUIRRELWAFFLE , which acts as a channel to retrieve
Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor

Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor

January 13, 2022Ravie Lakshmanan
An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed " CharmPower " for follow-on post-exploitation. "The actor's attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations on previous infrastructure, which made the attack easier to detect and attribute," researchers from Check Point  said  in a report published this week. The Israeli cybersecurity company linked the attack to a group known as  APT35 , which is also tracked using the codenames Charming Kitten, Phosphorus, and TA453, citing overlaps with toolsets previously identified as infrastructure used by the threat actor. Log4Shell  aka CVE-2021-44228 (CVSS score: 10.0) concerns a critical security vulnerability in the popular Log4j logging library that, if successfully exploite
Meeting Patching-Related Compliance Requirements with TuxCare

Meeting Patching-Related Compliance Requirements with TuxCare

January 13, 2022The Hacker News
Cybersecurity teams have many demands competing for limited resources. Restricted budgets are a problem, and restricted staff resources are also a bottleneck. There is also the need to maintain business continuity at all times. It's a frustrating mix of challenges – with resources behind tasks such as patching rarely sufficient to meet security prerogatives or compliance deadlines. The multitude of different security-related standards have ever stringent deadlines, and it is often the case that business needs don't necessarily align with those requirements. At the core of what TuxCare does is automated live patching – a way to consistently keep critical services safe from security threats, without the need to expend significant resources in doing so, or the need to live with business disruption. In this article, we'll outline how  TuxCare  helps organizations such as yours deal better with security challenges including patching, and the support of end-of-life operating s
US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence

US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence

January 12, 2022Ravie Lakshmanan
The U.S. Cyber Command (USCYBERCOM) on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's Cyber National Mission Force (CNMF)  said  in a statement. "These include side-loading  DLLs  in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions." The agency characterized the hacking efforts as a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS), corroborating earlier reports about the nation-state actor's provenance. Also tracked under the monikers Static Kitten, Seedworm, Mercury and TEMP.Zagros,  MuddyWater  is known for its  attacks  primarily directed against a wide gamut of en
Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

January 12, 2022Ravie Lakshmanan
Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent  denial-of-service (DoS) issue  affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its  release notes  for iOS and iPadOS 15.2.1, termed it as a "resource exhaustion issue" that could be triggered when processing a maliciously crafted HomeKit accessory name, adding it addressed the bug with improved validation. The so-called "doorLock" vulnerability, tracked as CVE-2022-22588, affects HomeKit, the software API for connecting smart home devices to iOS applications. Should it be successfully exploited, iPhones and iPads can be sent into a crash spiral simply by changing the name of a HomeKit device to a string larger than 500,000 characters and tricking the target into accepting a malicious Home invitation. Even worse, since HomeKit device names are backed up to iClou
Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

January 12, 2022Ravie Lakshmanan
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as  Nanocore ,  Netwire , and  AsyncRAT  to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and Singapore, researchers from Cisco Talos said in a report shared with The Hacker News. Using existing legitimate infrastructure to facilitate intrusions is increasingly becoming part of an attacker's playbook as it obviates the need to host their own servers, not to mention be used as a cloaking mechanism to evade detection by security solutions. In recent months, collaboration and communication tools like  Discord, Slack, and Telegram  have found a place in many an infection chain to  commandeer and exfiltrate data  from the victim machines. Viewed in that light, the abuse of
New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users

New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users

January 12, 2022Ravie Lakshmanan
A new  cross-platform backdoor  called " SysJoker " has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021. "SysJoker masquerades as a system update and generates its [command-and-control server] by decoding a string retrieved from a text file hosted on Google Drive," Intezer researchers Avigayil Mechtinger, Ryan Robinson, and Nicole Fishbein  noted  in a technical write-up publicizing their findings. "Based on victimology and malware's behavior, we assess that SysJoker is after specific targets." The Israeli cybersecurity company, attributing the work to an advanced threat actor, said it first discovered evidence of the implant in December 2021 during an active attack against a Linux-based web server belonging to an unnamed educational institution. A C++-based malware, SysJoker is delivered via a dr
XDR: Redefining the game for MSSPs serving SMBs and SMEs

XDR: Redefining the game for MSSPs serving SMBs and SMEs

January 12, 2022The Hacker News
SMBs and SMEs are increasingly turning to MSSPs to secure their businesses because they simply do not have the resources to manage an effective security technology stack. However, it's also challenging for MSSPs to piece together an effective but manageable security technology stack to protect their clients, especially at an affordable price point. This is where Extended Detection and Response (XDR) comes in and can help MSSPs boost their profitability from SMB and SME and improve their protections. XDR is heating up within the MSSP market as these security service providers stand to gain tremendous financial and operational benefits from this nascent technology. XDR promises far better security outcomes at a lower cost than the current security stack approaches most MSSPs currently have in place. One sticky point that keeps arising in the XDR discussion has to do with the different technology approaches XDR providers rely upon to deliver platform capabilities. Most of us have heard
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.