#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for malicious software | Breaking Cybersecurity News | The Hacker News

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

Nov 03, 2022
The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. To be noted, the malicious software in question is not related to any product developed or released by SolarWinds, and is instead an unlicensed, "cracked" version of an old product. "Given the geography of the targets and the current geopolitical situation, it's unlikely that the RomCom RAT threat actor is cybercrime-motivated," the BlackBerry Threat Research and Intelligence Team  said  in a new analysis. The latest findings  come  a week after the Canadian cybersecurity company disclosed a spear-phishing campaign aimed at Ukrainian entities to deploy a remote access trojan called RomCom RAT. The unknown threat ac
Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

Jul 21, 2021
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named " nodejs_net_server " and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent locations hosted on GitHub.  "It isn't malicious by itself, but it can be when put into the malicious use context," ReversingLabs researcher Karlo Zanki  said  in an analysis shared with The Hacker News. "For instance, this package uses it to perform malicious password stealing and credential exfiltration. Even though this off-the-shelf password recovery tool comes with a graphical user interface, malware authors like to use it as it can also be run from the command line." While the first version of the package was put out just to test the process of p
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
New Report: Unveiling the Threat of Malicious Browser Extensions

New Report: Unveiling the Threat of Malicious Browser Extensions

Dec 06, 2023 Browser Security / Privacy
Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like  DataSpii  and the  Nigelthorn  malware attack have exposed the extent of damage that malicious extensions can inflict. In both cases, users innocently installed extensions that compromised their privacy and security. The underlying issue lies in the permissions granted to extensions. These permissions, often excessive and lacking granularity, allow attackers to exploit them. What can organizations do to protect themselves from the risks of browser extensions without barring them from use altogether (an act that would be nearly impossible to enforce)?  A new report by LayerX, "Unveiling the
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Several Malicious Typosquatted Python Libraries Found On PyPI Repository

Several Malicious Typosquatted Python Libraries Found On PyPI Repository

Jul 30, 2021
As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them as a platform to spread malware, whether through typosquatting, dependency confusion, or simple social engineering attacks," JFrog researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe  said  Thursday. PyPI, short for Python Package Index, is the official third-party software repository for Python, with package manager utilities like  pip  relying on it as the default source for packages and their dependencies. The Python packages in question, which were found to be obfuscated using Base64 encoding, are listed below - pytagora (uploaded by leonora123) pytagora2 (upl
Warning — Bitcoin Users Could Be Targeted by State-Sponsored Hackers

Warning — Bitcoin Users Could Be Targeted by State-Sponsored Hackers

Aug 19, 2016
Another day, another bad news for Bitcoin users. A leading Bitcoin information site is warning users that an upcoming version of the Blockchain consolidation software and Bitcoin wallets could most likely be targeted by "state-sponsored attackers." Recently, one of the world's most popular cryptocurrency exchanges, Bitfinex, suffered a major hack that resulted in a loss of around $72 Million worth of Bitcoins . Now, Bitcoin.org, the website that hosts downloads for Bitcoin Core, posted a message on its website on Wednesday warning users that the next version of the Bitcoin Core wallet, one of the most popular bitcoin wallets used to store bitcoins, might be replaced with a malicious version of the software offered by government-backed hackers. Specifically, Chinese bitcoin users and services are encouraged to be vigilant " due to the origin of the attackers. " Bitcoin.org doesn't believe it has sufficient resources to defend against the attack.
Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

Sep 15, 2017
Even after so many efforts by Google, malicious apps somehow managed to fool its Play Store's anti-malware protections and infect people with malicious software. The same happened once again when at least 50 apps managed to make its way onto Google Play Store and were successfully downloaded as many as 4.2 million times—one of the biggest malware outbreaks. Security firm Check Point on Thursday published a blog post revealing at least 50 Android apps that were free to download on official Play Store and were downloaded between 1 million and 4.2 million times before Google removed them. These Android apps come with hidden malware payload that secretly registers victims for paid online services, sends fraudulent premium text messages from victims' smartphones and leaves them to pay the bill—all without the knowledge or permission of users. Dubbed ExpensiveWall by Check Point researchers because it was found in the Lovely Wallpaper app, the malware comes hidden in fre
Beebone Botnet Taken Down By International Cybercrime Taskforce

Beebone Botnet Taken Down By International Cybercrime Taskforce

Apr 10, 2015
U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide , allowing hackers to steal victims' banking information and other sensitive data. The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH ) botnet . What's a Botnet? A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker's "robot" that does the malicious work directed by hackers. Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks
Alleged BlackShades Malware Co-Author pleads not Guilty

Alleged BlackShades Malware Co-Author pleads not Guilty

May 31, 2014
A Swedish man accused of being involved in the creation of the malicious software used to infect over half a million systems in more than dozens of countries, has pleaded not guilty in New York on Thursday to computer hacking charges brought against him. Alex Yucel, 24, who is the co-author of the Blackshades Remote Access Trojan (RAT), owned and operate an organization called Blackshades, which sold the notorious software to the other people and hackers across the country for prices ranging from $40 to $50. This allowed the hackers to remotely control the victims' computers and to steal keystrokes, passwords and access to victims' private files, according to the authorities. Blackshades malware is designed to steal victims' usernames and passwords for email and Web services, instant messaging applications, FTP clients and lots more. In worst cases, the malicious software program even allows hackers to take remote control of users' computer and webcam to take photos or v
Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Jun 21, 2019
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security researchers at SafeBreach Labs , the vulnerability, identified as CVE-2019-12280, is a privilege-escalation issue and affects Dell's SupportAssist application for business PCs (version 2.0) and home PCs (version 3.2.1 and all prior versions). Dell SupportAssist, formerly known as Dell System Detect, checks the health of your system's hardware and software, alerting customers to take appropriate action to resolve them. To do so, it runs on your computer with SYSTEM-level permissions. With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device d
[Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack

[Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack

Jul 05, 2017
Ukrainian National Police has released a video showing officers raiding company of M.E.Doc accounting software makers, whose systems have been linked to outbreak of Petya (NotPetya) ransomware that recently infected computers of several major companies worldwide. On 4th July, masked police officers from Ukrainian anti-cybercrime unit — carrying shotguns and assault rifles — raided the software development firm " Intellect Service, " in the capital city Kyiv and seized their servers, which were reportedly compromised by hackers to spread (ExPetr, PetrWrap, Petya, NotPetya) ransomware. Researchers from ESET security firm have found a very stealthy malicious code in the M.E.Doc software update which was injected by an unknown hacker or group of hackers in mid-April by exploiting a vulnerability. The malicious software upgrade, designed to install a backdoor and give unauthorized remote access to attackers, was then delivered as an update to nearly 1 million computers belonging
Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

Jan 14, 2020
After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products. What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency (NSA) of the United States. What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the  Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017. CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability According to an advisory released by Microsoft, the flaw, dubbed ' NSACrypt ' and tracked as CVE-20
Adobe patches 2nd Flash Player Zero-day Vulnerability

Adobe patches 2nd Flash Player Zero-day Vulnerability

Jan 25, 2015
Ready to patch your Adobe Flash software now. Adobe has patched one after one two zero-day vulnerabilities in its Adobe Flash that are being actively exploited by the cyber criminals. PATCH FOR FIRST ZERO-DAY On Thursday, the company released an emergency update for one of the critical vulnerabilities in Flash Player. However, the flaw was not the one that security researcher Kafeine reported. Adobe focused on another zero-day, identified as CVE-2015-0310 , that was also exploited by Angler malicious toolkit. PATCH FOR SECOND ZERO-DAY Today, Adobe released an updated version of its Flash player software that patches a zero-day vulnerability , tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week. The vulnerability is " being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, " Adobe said in a security advisory . The com
Warning: Malware Campaign targeting Jailbroken Apple iOS Devices

Warning: Malware Campaign targeting Jailbroken Apple iOS Devices

Apr 19, 2014
A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users' credentials, has been discovered by Reddit users. The Reddit Jailbreak community discovered the malicious infection dubbed as ' Unflod Baby Panda ', on some jailbroken Apple iOS devices on Thursday while a user noticed an unusual activity that the file was causing apps such as Snapchat and Google Hangouts to crash constantly on his jailbroken iPhone. CHINA WANTS YOUR APPLE ID & PASSWORDS Soon after the jailbroken developer uncovered the mysteries ' Unfold.dylib ' file and found that the infection targets jailbroken iOS handsets to captures Apple IDs and passwords from Internet sessions that use Secure Socket Layer (SSL) to encrypt communications and is believed to be spreading through the Chinese iOS software sites, according to the researchers at German security firm SektionEins . The researchers found that the captured login information is been sent
Limitless Keylogger Optimized with AutoIT Infected thousands of Computers

Limitless Keylogger Optimized with AutoIT Infected thousands of Computers

Sep 23, 2014
A new surge of malware has been discovered which goes on to infect hundreds of thousands of computers worldwide and allegedly steals users' social and banking site credentials. Few days back, a list of 5 million combinations of Gmail addresses and passwords were leaked online. The search engine giant, Google said that Gmail credentials didn't come from the security breaches of its system, rather the credentials had been stolen by phishing campaigns and unauthorized access to user accounts. Just now, we come across another similar incident where cyber criminals are using a malware which has already compromised thousands of Windows users worldwide in an effort to steal their Social Media account, Online account and Banking account Credentials. A Greek Security Researcher recently discovered a malware sample via a spam campaign (caught in a corporate honeypot), targeting large number of computers users rapidly. He investigated and posted a detailed technical analyses of
Flaw in Popular μTorrent Software Lets Hackers Control Your PC Remotely

Flaw in Popular μTorrent Software Lets Hackers Control Your PC Remotely

Feb 26, 2018
If you have installed world's most popular torrent download software, μTorrent, then you should download its latest version for Windows as soon as possible. Google's security researcher at Project Zero discovered a serious remote code execution vulnerability in both the 'μTorrent desktop app for Windows' and newly launched 'μTorrent Web' that allows users to download and stream torrents directly into their web browser. μTorrent Classic and μTorrent Web apps run in the background on the Windows machine and start a locally hosted HTTP RPC server on ports 10000 and 19575, respectively, using which users can access its interfaces over any web browser. However, Project Zero researcher Tavis Ormandy found that several issues with these RPC servers could allow remote attackers to take control of the torrent download software with little user interaction. According to Ormandy, uTorrent apps are vulnerable to a hacking technique called the "domain name s
Cybersecurity Resources