The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for ���������������������������

Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks

Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks

December 02, 2021Ravie Lakshmanan
Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. "All frameworks are designed to perform some form of espionage, [and] all the frameworks used USB drives as the physical transmission medium to transfer data in and out of the targeted air-gapped networks," ESET researchers Alexis Dorais-Joncas and Facundo Muñoz  said  in a comprehensive study of the frameworks. Air-gapping is a network security measure designed to prevent unauthorized access to systems by physically isolating them from other unsecured networks, including local area networks and the public internet. This also implies that the only way to transfer data is by connecting a physical device to it, such as USB drives or external hard disks. Given that the mechanism is one of the most common ways  SCAD
Let there be light: Ensuring visibility across the entire API lifecycle

Let there be light: Ensuring visibility across the entire API lifecycle

December 02, 2021The Hacker News
The following article is based on a  webinar series on enterprise API security by Imvision , featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. Centralizing security is challenging in today's open ecosystem When approaching API visibility, the first thing we have to recognize is that today's enterprises actively avoid managing all their APIs through one system. According to IBM's Tony Curcio, Director of Integration Engineering, many of his enterprise customers already work with hybrid architectures that leverage classic on-premise infrastructure while adopting SaaS and IaaS across various cloud vendors.  These architectures aim to increase resilience and flexibility, but are well aware that it complicates centralization efforts. In these organizations, it is imperative to have a centr
Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

December 01, 2021Ravie Lakshmanan
Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of  banking malware  that bank of overlay attacks to capture sensitive data without the knowledge of the victim, the malicious applications uncovered by Check Point Research are designed to trick the targets into handing over their credit card information by sending them a legitimate-looking SMS message that contains a link, which, when clicked, downloads a malicious app on to their devices. "The malicious application not only collects the victim's credit card numbers, but also gains access to their 2FA authentication SMS, and turn[s] the victim's device into a bot capable of spreading similar phishing SMS to other potential victims," Check Point researcher Shmuel
Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals

Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals

December 01, 2021Ravie Lakshmanan
A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other criminal clientele for distributing a wide range of malware and attempted to cause millions of dollars in losses to U.S. victims.  Skvortsov is pending sentencing and faces a maximum penalty of 20 years in prison. Bulletproof hosting operations are similar to regular web hosting, but are a lot more lenient about what can be hosted on their servers. They are known for providing secure hosting for malicious content and activity and assuring anonymity to threat actors. Grichishkin, in May,  pleaded guilty  to conspiracy to engage in a racketeer-influenced corrupt organization (RICO). Acting as th
Critical Bug in Mozilla’s NSS Crypto Library Potentially Affects Several Other Software

Critical Bug in Mozilla's NSS Crypto Library Potentially Affects Several Other Software

December 01, 2021Ravie Lakshmanan
Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services ( NSS ) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a  heap overflow  vulnerability when verifying digital signatures such as  DSA  and  RSA-PSS  algorithms that are encoded using the  DER  binary format. Credited with reporting the issue is Tavis Ormandy of Google Project Zero, who codenamed it " BigSig ." "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures," Mozilla  said  in an advisory published Wednesday. "Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted." NSS is a
New EwDoor Botnet Targeting Unpatched AT&T Network Edge Devices

New EwDoor Botnet Targeting Unpatched AT&T Network Edge Devices

December 01, 2021Ravie Lakshmanan
A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360's Netlab network security division, which detected the botnet first on October 27, 2021, called it  EwDoor , noting it observed 5,700 compromised IP addresses located in the U.S. during a brief three-hour window. "So far, the EwDoor in our view has undergone three versions of updates, and its main functions can be summarized into two main categories of DDoS attacks and backdoor," the researchers  noted . "Based on the attacked devices are telephone communication related, we presume that its main purpose is DDoS attacks, and gathering of sensitive information, such as call logs." Propagating through a flaw in EdgeMarc devices, EwDoor supports a
Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks

Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks

December 01, 2021Ravie Lakshmanan
Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called  RTF  (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to retrieve malicious content from a remote URL using an RTF file," Proofpoint researchers said in a new report shared with The Hacker News. At the heart of the attack is an RTF file containing decoy content that can be  manipulated  to enable the retrieval of content, including malicious payloads, hosted at an external URL upon opening an RTF file. Specifically, it leverages the RTF  template functionality  to alter a document's formatting properties using a  hex editor  by specifying a URL resource instead of an accessible file resource destination from which a remote payload
Hacker Jailed for Stealing Millions of Dollars in Cryptocurrencies by SIM Hijacking

Hacker Jailed for Stealing Millions of Dollars in Cryptocurrencies by SIM Hijacking

December 01, 2021Ravie Lakshmanan
A sixth member associated with an international hacking group known as  The Community  has been sentenced in connection with a multimillion-dollar SIM swapping conspiracy, the U.S. Department of Justice (DoJ) said. Garrett Endicott, 22, from the U.S. state of Missouri, who pleaded guilty to charges of wire fraud and aggravated identity theft following an indictment in 2019, was  sentenced  to 10 months in prison and ordered to pay an amount totaling $121,549.37 in restitution. SIM swapping , also called SIM hijacking, refers to an identity theft scheme wherein malicious parties persuade phone carriers into porting their victims' cell services to SIM cards under their control, often facilitated by bribing an employee of a mobile phone provider or by contacting the service provider's customer support by posing as the victim and requesting that the phone number be swapped to a SIM card operated by the group. The goal is to leverage the phone numbers as a gateway to hijack dif
Twitter Bans Users From Posting ‘Private Media’ Without a Person's Consent

Twitter Bans Users From Posting 'Private Media' Without a Person's Consent

November 30, 2021Ravie Lakshmanan
Twitter on Tuesday announced an expansion to its private information policy to include private media, effectively prohibiting the sharing of photos and videos without express permission from the individuals depicted in them with an aim to curb doxxing and harassment. "Beginning today, we will not allow the sharing of private media, such as images or videos of private individuals without their consent. Publishing people's private info is also prohibited under the policy, as is threatening or incentivizing others to do so," the company's Safety team  said  in a tweet. To that end, the policy also  discourages  users from sharing information such as sign-in credentials that would enable malicious actors to gain access to a person's sensitive information without their authorization. It also forbids users from seeking financial compensation in exchange for posting (or not posting) another individual's private information as part of blackmail schemes. As part o
New Hub for Lean IT Security Teams

New Hub for Lean IT Security Teams

November 30, 2021The Hacker News
One of the harsh realities of cybersecurity today is that malicious actors and attackers don't distinguish between organizations that have seemingly endless resources and those operating with lean IT security teams. For these lean teams, meeting the challenges in the current security landscape requires constant attention, and sometimes a little support. XDR provider Cynet has built a new minisite ( find it here ) with the goal of giving these lean IT Security teams a space to find answers, share their wins and strategies, gain new insights, and have some fun in the process. The company refers to these lean teams and the people that make them up as Lean IT Security Heroes. These groups often work with fewer resources, but are always able to defend against massive threats through creativity, ingenuity, and hard work. This new Lean IT Security Heroes minisite offers a variety of activities and tools that are ideal for lean teams looking to enhance their defenses. Additionally, the sit
Critical Wormable Security Flaw Found in Several HP Printer Models

Critical Wormable Security Flaw Found in Several HP Printer Models

November 30, 2021Ravie Lakshmanan
Cybersecurity researchers on Tuesday disclosed eight-year-old security flaws affecting 150 different multifunction printers (MFPs) from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to mount other attacks. The two weaknesses — collectively called  Printing Shellz  — were discovered and reported to HP by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev on April 29, 2021, prompting the PC maker to  issue   patches  earlier this month — CVE-2021-39237  (CVSS score: 7.1) - An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers. CVE-2021-39238  (CVSS score: 9.3) - A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products. "The flaws are in the unit's communications board and
Panasonic Suffers Data Breach After Hackers Hack Into Its Network

Panasonic Suffers Data Breach After Hackers Hack Into Its Network

November 30, 2021Ravie Lakshmanan
Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company  said  in a short statement published on November 26. Panasonic didn't reveal the exact nature of the data that was accessed, but TechCrunch  reported  that the breach began on June 22 and ended on November 3. The Osaka-based company said that immediately upon discovering the intrusion on November 11, it took steps to report the incident to the relevant authorities and that it implemented security countermeasures, including preventing external access to the network. Panasonic also noted it's currently working with an independent "specialist" organization to probe the extent of the leak and determine if the access
Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS

Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS

November 30, 2021Ravie Lakshmanan
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems. Tracked as  CVE-2021-24084  (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files. Security researcher Abdelhamid Naceri was credited with discovering and reporting the bug in October 2020, prompting Microsoft to address the issue as part of its February 2021 Patch Tuesday updates. But as  observed  by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month found that the incompletely patched vulnerability could also be  exploited  to gain administrator privileges and run malicious code on Windows 10 machines running the  latest security updates . "Name
WIRTE Hacker Group Targets Government, Law, Financial Entities in Middle East

WIRTE Hacker Group Targets Government, Law, Financial Entities in Middle East

November 30, 2021Ravie Lakshmanan
Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the intrusions involved "MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant," which is a Visual Basic Script (VBS) with functionality to amass system information and execute arbitrary code sent by the attackers on the infected machine. An analysis of the campaign as well as the toolset and methods employed by the adversary has also led the researchers to conclude with low confidence that the  WIRTE group  has connections to another politically motivated collective called the  Gaza Cybergang . The affected entities are spread across Armenia, Cyp
4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021

4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021

November 29, 2021Ravie Lakshmanan
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm ThreatFabric  said  the malware campaigns are not only more refined, but also engineered to have a small malicious footprint, effectively ensuring that the payloads are installed only on smartphones devices from specific regions and preventing the malware from being downloaded during the publishing process . Once installed, these banking trojans can surreptitiously siphon user passwords and SMS-based two-factor authentication codes, keystrokes, screenshots, and even deplete users' bank accounts without their knowledge by using a tool called Automatic Transfer System ( ATSs ). The apps have since been removed from the
New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists

New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists

November 29, 2021Ravie Lakshmanan
North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as  ScarCruft , also known as  APT37 , Reaper Group, InkySquid, and Ricochet Chollima. "The actor utilized three types of malware with similar functionalities: versions implemented in PowerShell, Windows executables and Android applications," the company's Global Research and Analysis Team (GReAT)  said  in a new report published today. "Although intended for different platforms, they share a similar command and control scheme based on HTTP communication. Therefore, the malware operators can control the whole malware family through one set of command and control scripts." Likely active since at least 2012, ScarC
Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency

Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency

November 29, 2021Ravie Lakshmanan
Threat actors are exploiting improperly-secured Google Cloud Platform (GCP) instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation. "While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation," Google's Cybersecurity Action Team (CAT)  outlined  as part of its recent Threat Horizons report published last week. Of the 50 recently compromised GCP instances, 86% of them were used to conduct cryptocurrency mining, in some cases within 22 seconds of successful breach, while 10% of the instances were exploited to perform scans of other publicly accessible hosts on the Internet to identify vulnerable systems, and 8% of the instances were used to strike other entiti
CleanMyMac X: Performance and Security Software for Macbook

CleanMyMac X: Performance and Security Software for Macbook

November 29, 2021The Hacker News
We use Internet-enabled devices in every aspect of our lives today—to find information, shop, bank, do homework, play games, and keep in touch with friends and family. As a result, our devices contain much personal information about us. Also, any great device will get a little clunky and slow over time and the Mac is no exception, and the whole "Macs don't get viruses" claim is a myth. Malware for Macs has increased over the years, and today's Macs are being plagued by adware, scareware, and other potentially unwanted programs as well. If you are worried about your Macbook's performance and security, including unwanted software, ransomware,  CleanMyMac X software has you covered. CleanMyMac is all-in-all software to optimize your Mac's performance and security. It clears out clutter and removes megatons of junk so your computer can run faster, just like it did on day one. The tool is designed to replace several optimization apps for Mac and can be anythi
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.