The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss , Patrick Wardle , and Malwarebytes , the ransomware variant — dubbed " EvilQuest " — is packaged along with legitimate apps, which upon installation, disguises itself as Apple's CrashReporter or Google Software Update. Besides encrypting the victim's files, EvilQuest also comes with capabilities to ensure persistence, log keystrokes, create a reverse shell, and steal cryptocurrency wallet-related files. With this development, EvilQuest joins a handful of ransomware strains that have exclusively singled out macOS, including KeRanger and Patcher . The source of the malware appears to be trojanized versions of popular macOS software — such as Little Snitch, a DJ software called Mixed In Key 8, and Ableton Live — that are distributed on popular torre

Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called StrongPity , has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker News. "Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover a wide range of options that targeted victims might be seeking," the researchers said. With the timestamps of the analyzed malware samples used in the campaign coinciding with the Turkish offensive into north-eastern Syria (codenamed Operation Peace Spring )

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes. Aleksei Yurievich Burkov , 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud—one count of access device fraud and one count of conspiracy to commit access device fraud, identity theft, computer intrusions, wire fraud, and money laundering. Burkov admitted to operating a website named Cardplanet that was dedicated to buying and selling stolen credit card and debit card data for anywhere between $2.50 and $10 per payment card, depending on the card type, origin, and availability of card owner information. According to the U.S. Department of Justice, Cardplanet hosted roughly 150,000 payment card details between 2009 and 2013, most of which belonged to U.S. citizens and used to make over $

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes researchers said last week. "This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot." The evolving tactic of the operation, widely known as web skimming or a Magecart attack, comes as bad actors are finding different ways to inject JavaScript scripts, including misconfigured AWS S3 data storage buckets and exploiting content security policy to transmit data to a Google Analytics account under their control. Using Steganography

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets. According to court documents, Kenneth Currin Schuchman , a resident of Vancouver, and his criminal associates–Aaron Sterritt and Logan Shwydiuk–created multiple DDoS botnet malware since at least August 2017 and used them to enslave hundreds of thousands of home routers and other Internet-connected devices worldwide. Dubbed Satori, Okiru, Masuta, and Tsunami or Fbot, all these botnets were the successors of the infamous IoT malware Mirai , as they were created mainly using the source code of Mirai, with some additional features added to make them more sophisticated and effective against evolving targets. Even after the orig

The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the infamous LulzSec and "Anonymous" hacking groups. The new superseding indictment does not contain any additional charges beyond the prior 18-count indictment filed against Assange in May 2019, but it does "broaden the scope of the conspiracy surrounding alleged computer intrusions with which Assange was previously charged," the DoJ said. In May 2019, Assange was charged with 18 counts under the old U.S. Espionage Act for unlawfully publishing classified military and diplomatic documents on his popular WikiLeaks website in 2010, which he obtained from former Army intelligence analyst Chelsea Manning. Assange has been alleged to have obtained those classified documents by conspiring with Manning to crack a password hash to a classified U.S. Department of Defense comput

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service (DDoS) attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images. "Docker containers provide a convenient way for packaging software, which is evident by its increasing adoption rate," Unit 42 researchers said . "This, combined with coin mining, makes it easy for a malicious actor to distribute their images to any machine that supports Docker and instantly starts using its compute resources towards cryptojacking." Docker is a well-known platform-as-a-servic

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. In a report shared exclusively with The Hacker News, enterprise security firm Acronis said it discovered the vulnerabilities last year following a routine security audit of a Singapore-based major retailer. "Malicious attackers can establish persistence on the network and spy on internal users, steal data — without ever getting detected," Acronis said. "They can reuse your fingerprint data to enter your home and/or personal devices, and photos can be easily reused by malicious actors to perpetrate identity theft based on biometric data." In all, the flaws affect at least 6 device families, with over 2,500 vulnerable devices discovered online across Brazil, US, Germany, Ta