The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

October 02, 2020Ravie Lakshmanan
Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track down other exploits developed by them. By deploying this technique, the researchers were able to link 16 Windows local privilege escalation (LPE) exploits to two zero-day sellers "Volodya" (previously called "BuggiCorp") and "PlayBit" (or "luxor2008"). "Instead of focusing on an entire malware and hunting for new samples of the malware family or actor, we wanted to offer another perspective and decided to concentrate on these few functions that were written by an exploit developer," Check Point Research's Itay Cohen and Eyal Itkin noted. Fingerprinting an
Beware: New Android Spyware Found Posing as Telegram and Threema Apps

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

October 01, 2020Ravie Lakshmanan
A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET  said  in a Wednesday analysis. First detailed by Qihoo 360 in 2017 under the moniker  Two-tailed Scorpion (aka APT-C-23 or Desert Scorpion), the mobile malware has been deemed "surveillanceware" for its abilities to spy on the devices of targeted individuals, exfiltrating call logs, contacts, location, messages, photos, and other sensitive documents in the process. In 2018, Symantec discovered a  newer variant  of the
Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

October 01, 2020Swati Khandelwal
A Russian hacker who was found guilty of  hacking LinkedIn ,  Dropbox , and Formspring over eight years ago has finally been  sentenced  to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin , 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users. Between March and July 2012, Nikulin hacked into the computers of LinkedIn,  Dropbox, and Formspring , and installed malware on them, which allowed him to remotely download user databases of over  117 Million LinkedIn  users and more than  68 Million Dropbox  users. According to the prosecutor, Nikulin also worked with unnamed co-conspirators of a Russian-speaking cybercriminal forum to sell customer data he stole as a result of his hacks. Besides hacking into the three social media firms, Nikulin
Critical Flaws Discovered in Popular Industrial Remote Access Systems

Critical Flaws Discovered in Popular Industrial Remote Access Systems

October 01, 2020Ravie Lakshmanan
Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws,  discovered  by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect Line's mbCONNECT24, two of the popular remote maintenance tools used in automotive, energy, oil & gas, metal, and packaging sectors to connect to industrial assets from anywhere across the world. Six Flaws in B&R Automation's SiteManager and GateManager According to an  advisory published by the US Cybersecurity and infrastructure Security Agency (CISA) on Wednesday, successful exploitation of the B&R Automation vulnerabilities could allow for "arbitrary information disclosure, manipulation, and a denial-of-service condition." The flaws, ranging from p
Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

September 30, 2020Wang Wei
Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago. Tracked as CVE-2020-3566 and CVE-2020-3569 , details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software that is installed on a range of Cisco's carrier-grade and data center routers. Both DoS vulnerabilities resided in Cisco IOS XR Software's Distance Vector Multicast Routing Protocol (DVMRP) feature and existed due to incorrect implementation of queue management for Internet Group Management Protocol (IGMP) packets on affected devices. IGMP is a communication protocol typically used by hosts and adjacent routers to efficiently use resources for multicasting applications when supporting streaming content such as online video streaming and gaming. "These vulnerabilities affect any Cisco device th
Chinese APT Group Targets Media, Finance, and Electronics Sectors

Chinese APT Group Targets Media, Finance, and Electronics Sectors

September 30, 2020Ravie Lakshmanan
Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks to Palmerworm (aka BlackTech) — likely a  China-based  advanced persistent threat (APT) — Symantec's Threat Hunter Team  said  the first wave of activity associated with this campaign began last year in August 2019, although their ultimate motivations still remain unclear. "While we cannot see what Palmerworm is exfiltrating from these victims, the group is considered an espionage group and its likely motivation is considered to be stealing information from targeted companies," the cybersecurity firm said. Among the multiple victims infected by Palmerworm, the media, electronics, and finance companies were all based in Taiwan, while an engineering company in Japan and a construction firm in China were also targeted. In addition to using custom malware to compromi
LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

September 29, 2020The Hacker News
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called  Zerologon —that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the  Netlogon Remote Control  Protocol for Domain Controllers. In other words, the underlying vulnerability ( CVE-2020-1472 ) could be exploited by an attacker to compromise Active Directory services, and eventually, the Windows domain without requiring any authentication. What's worse is that a proof-of-concept exploit for this flaw was released to the public last week, and immediately after, attackers started exploiting the weakness against unpatched systems in the wild. As described in our  coverage  based on a technical analysis published by Cynet security researchers, the underlying issue is Microsoft's implementation of
Researchers Uncover Cyber Espionage Operation Aimed At Indian Army

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army

September 28, 2020Ravie Lakshmanan
Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed " Operation SideCopy " by Indian cybersecurity firm  Quick Heal , the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay under the radar by "copying" the tactics of other threat actors such as the  SideWinder . Exploiting Microsoft Equation Editor Flaw The campaign's starting point is an email with an embedded malicious attachment — either in the form of a ZIP file containing an LNK file or a Microsoft Word document — that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw ( CVE-2017
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.