The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working from home. Like in an eerie doomsday movie, servers were left on in the office, but nobody was sitting in the chairs. While everyone hopes that the world returns to its previous state, it's evident that work dynamics have changed forever. From now on, we can assume a hybrid work environment. Even companies that will require their employees to arrive daily at their offices recognize that they have undergone a digital transformation, and work from home habits will remain. The eBook "5 Security Lessons for Small Security Teams for a Post-COVID19 Era" ( download here ) helps companies prepare

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called " Shadow attacks " by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant." The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that's expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed. "The signers of the PDF receive the document, review it, and s

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Cybersecurity researchers on Monday tied a  string of attacks  targeting Accellion File Transfer Appliance (FTA) servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546 . The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named DEWMODE on victim networks and exfiltrating sensitive data, which was then published on a data leak website operated by the CLOP ransomware gang. But in a twist, no ransomware was actually deployed in any of the recent incidents that hit organizations in the U.S., Singapore, Canada, and the Netherlands, with the actors instead resorting to extortion emails to threaten victims into paying bitcoin ransoms. According to  Risky Business , some of the companies that have had their data listed on the site include Singapore's telecom provider  SingTel , the American Bureau of Shipping, law firm 

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay their focus on MNCs and enterprise-level organizations. SMEs these days are just as much a target to email fraud as the larger industry players. How Can BEC Affect Organizations?  Examples of BEC include sophisticated social engineering attacks like phishing, CEO fraud, fake invoices, and email spoofing, to name a few. It can also be termed an impersonation attack wherein an attacker aims to defraud a company by posing people in authoritarian positions. Impersonating people like the CFO or CEO, a business partner, or anyone you will blindly place your trust in is what drives these attacks' success. February of

On August 13, 2016, a hacking unit calling itself " The Shadow Brokers " announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S.  National Security Agency  (NSA). Although  the group  has since signed off following the unprecedented disclosures, new "conclusive" evidence unearthed by Check Point Research shows that this was not an isolated incident, and that other threat actors may have had access to some of the same tools before they were published. The previously undocumented cyber-theft took place more than two years prior to the Shadow Brokers episode, the American-Israeli cybersecurity company said in an exhaustive report published today, resulting in U.S.-developed cyber tools reaching the hands of a Chinese advanced persistent threat which then repurposed them in order to strike American targets. "The caught-in-

Days after the  first malware  targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker's M1 processors. However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload leaving researchers unsure of its distribution timeline and whether the threat is just under active development. Calling the malware "Silver Sparrow," cybersecurity firm Red Canary said it identified two different versions of the malware — one compiled only for Intel x86_64 and uploaded to VirusTotal on August 31, 2020 ( version 1 ), and a second variant submitted to the database on January 22 that's compatible with both Intel x86_64 and M1 ARM64 architectures ( version 2 ). Adding to the mystery, the x86_64 binary, upon execution, simply displays the message "Hello,

Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix  release  (V1.20.108) made available yesterday. Brave ships with a built-in feature called " Private Window with Tor " that integrates the  Tor  anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs), Wi-Fi network providers, and the websites themselves. The feature was added in  June 2018 . This is achieved by relaying users' requests for an onion URL through a network of volunteer-run Tor nodes. At the same time, it's worth noting that the feature uses Tor just as a proxy and does not implement most of the privacy protections offered by Tor Browser. But according to a report first

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a study  detailed last September  that delved into a PIN bypass attack, permitting bad actors to leverage a victim's stolen or lost Visa EMV-enabled credit card for making high-value purchases without knowledge of the card's PIN, and even fool the terminal into accepting unauthentic offline card transactions. "This is not just a mere card brand mixup but it has critical consequences," researchers David Basin, Ralf Sasse, and Jorge Toro said. "For example, criminals can use it in combination with the previous attack on Visa to also bypass the PIN for Mastercard cards. The cards of this brand were previously presumed protected by PIN." Following responsible disclosu

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of  MassLogger  — a .NET-based malware with capabilities to hinder static analysis — building on similar campaigns undertaken by the same actor against users in Bulgaria, Lithuania, Hungary, Estonia, Romania, and Spain in September, October, and November 2020. MassLogger was first spotted in the wild last April, but the presence of a new variant implies malware authors are constantly retooling their arsenal to evade detection and monetize them. "Although operations of the Masslogger trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain," researchers with Cisco Talos  said  on W