Search results for traffic system news | Breaking Cybersecurity News | The Hacker News

Potential connections between a subscription-based crimeware-as-a-service (CaaS) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus , as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of malicious software distribution campaigns undertaken by cybercriminal groups to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish in Belgium and the U.S. Costing $250 a month, it's marketed on Russian underground forums as a traffic direction system (TDS) to enable phishing redirection on a mass scale to rogue landing pages that are designed to deploy malware payloads on the targeted systems. "Prometheus can be considered a full-bodied service/platform that allows threat groups to purvey their malware or phishing operations with ease," BlackBerry Resear...

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System ( CUPS ) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)," security researcher Simone Margaritelli said . CUPS is a standards-based, open-source printing system for Linux and other Unix-like operating systems, including ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux. The list of vulnerabilities is as follows - CVE-2024-47176 - cups-browsed <= 2.0.1 binds on UDP INADDR_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker-controlled URL CVE-2024-47076 - libcupsfil...

The threat actors behind ClearFake, SocGholish, and dozens of other e-crime outfits have established partnerships with another entity known as  VexTrio  as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their activities and depth of their connections within the cybercrime industry," the company said , describing VexTrio as the "single largest malicious traffic broker described in security literature." VexTrio, which is believed to be have been active since at least 2017, has been attributed to  malicious campaigns  that use domains generated by a dictionary domain generation algorithm ( DDGA ) to propagate scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and pornographic content. This includes a 2022 activity cluster that  distributed the Glupteba malware  following an earlier attempt by Google to take down a significant chunk of its infrastru...

NordVPN, one of the most popular and widely used VPN services out there, yesterday disclosed details of a security incident that apparently compromised one of its thousands of servers based in Finland. Earlier this week, a security researcher on Twitter disclosed that "NordVPN was compromised at some point," alleging that unknown attackers stole private encryption keys used to protect VPN users traffic routed through the compromised server. In response to this, NordVPN published a blog post detailing about the security incident, and here we have summarized the whole incident for our readers to let you quickly understand what exactly happened, what's at stake, and what you should do next. Some of the information mentioned below also contains information The Hacker News obtained via an email interview with NordVPN. What has been compromised? — NordVPN has thousands of servers across the world hosted with third-party data centers. One such server hosted with a ...

Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted disks." ShrinkLocker was first documented in May 2024 by Kaspersky, which found the malware's use of Microsoft's native BitLocker utility for encrypting files as part of extortion attacks targeting Mexico, Indonesia, and Jordan. It appears to have been adapted from benign ten-year-old code. Bitdefender, which investigated a ShrinkLocker incident targeting an unnamed healthcare company in the Middle East, said the attack likely originated from a machine belonging to a contractor, once again highlighting how threat actors are increasingly abusing trusted relationships to ...

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen , a threat cluster that's also tracked as Earth Bluecrow, DecisiveArchitect, and Red Dev 18. The group has a track record of striking telecom providers across the Middle East and Asia since at least 2021. Rapid7 described the covert access mechanisms as "some of the stealthiest digital sleeper cells" ever encountered in telecommunications networks. The campaign is characterized by the use of kernel-level implants, passive backdoors, credential-harvesting utilities, and cross-platform command frameworks, giving the threat actor the ability to persistently inhabit networks of interest. One of the most recognized tools in its malware arsenal i...

Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News. Yes, that's correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick up an unknown, untrusted USB drive and plug it into their computer. Collectively dubbed " USBAnywhere ," the attack leverages several newly discovered vulnerabilities in the firmware of BMC controllers that could let an unauthorized, remote attacker connect to a Supermicro server and virtually mount malicious USB device. Comes embedded with a majority of server chipsets, a baseboard management controller (BMC) is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without havin...

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with the Operating System. Exodus Intelligence has released some details and a video evidence that demonstrate an exploit against the found vulnerability unmasking an anonymous user of the Tails operating system. The researchers at Exodus claims they can use the vulnerability to upload malicious code to a system running Tails, execute the payload remotely, and de-anonymize the targeted users’ public IP address as well. Tails is a security-focused Debian-based Linux distribution and a suite of applications that can be carried on a USB stick, an SD card or a DVD. It keeps users’ communications private by running all connectivity through Tor , the network that routes traffic through ...

Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and malware researchers today at Black Hat conference launch a revolutionary machine learning and artificial intelligence-powered malware researcher platform that aims to help users identify unknown malware samples before they strike. Dubbed SNDBOX , the free online automated malware analysis system allows anyone to upload a file and access its static, dynamic and network analysis in an easy-to-understand graphical interface. The loss due to malware attacks is reported to be more than $10 billion every year, and it’s increasing. Despite the significant improvement of cyber security mechanisms, malware is still a powerful and effective tool used by hackers to compromise systems because of...

This year marks the 40th anniversary of Creeper, the world’s first computer virus. From Creeper to Stuxnet, the last four decades saw the number of malware instances boom from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Besides sheer quantity, viruses, which were originally used as academic proof of concepts, quickly turned into geek pranks, then evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and virtually all viruses were developed with the sole purpose of making money via more or less complex business models. In the following story, FortiGuard Labs looks at the most significant computer viruses over the last 40 years and explains their historical significance. 1971: Creeper: catch me if you can While theories on self-replicating automatas were developed by genius mathematician Von Neumann in the early 50s, the first real computer virus was released “in lab” in 1971 by an employee of a company working on building ARPANET, the ...

Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1 million weekly downloads. The unauthorized access could then be used to perform various follow-on actions like mining cryptocurrency, stealing sensitive information, and even shutting down services. Aikido said the first package compromise was detected on June 6, 2025, at 9:33 p.m. GMT.  The list of the impacted packages and the affected versions is below - @gluestack-ui/utils version 0.1.16 (101 Downloads) @gluestack-ui/utils version 0.1.17 (176 Downloads) @react-native-aria/button version 0.2.11 (174 Downloads) @react-native-aria/checkbox version 0.2.11 (577 Downloads) @re...