The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. Dubbed " Janeleiro " by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble the websites of some of the biggest banks in the country, including Itaú Unibanco, Santander, Banco do Brasil, Caixa Econômica Federal, and Banco Bradesco. "These pop-ups contain fake forms, aiming to trick the malware's victims into entering their banking credentials and personal information that the malware captures and exfiltrates to its [command-and-control] servers," ESET researchers Facundo Muñoz and Matías Porolli said in a write-up. This modus operandi is not new to banking trojans. In August 2020, ESET uncovered a Latin American (LATAM) banking trojan call

Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations," cybersecurity firm Onapsis and SAP  said  in a joint report published today. The Boston-based company said it detected over 300 successful exploitations out of a total of 1,500 attempts targeting previously known vulnerabilities and insecure configurations specific to SAP systems between mid-2020 to March 2021, with multiple brute-force attempts made by adversaries aimed at high-privilege SAP accounts as well as chaining together several flaws to strike SAP applications. Applicatio

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a barometer of platform effectiveness.  This means that every cybersecurity vendor will be tripping over themselves to push out blog posts, webinars, press releases, and more touting how great their services are and how the results validate their products. The result is a storm of spin and PR that is hard to navigate. An upcoming webinar offered by Cynet ( register here ) aims to help industry participants differentiate the spin from the real information when it comes to MITRE ATT&CK results. The Webinar will be led by renowned cybersecurity researcher and Chief Security Strategist for Cynet, Chris Roberts, and Director of Product Marketing for Cynet, George Tubin. The conver

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called  Cycldek  (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the U.S. at least since 2013. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed " FoundCore ." DLL side-loading  has been a tried-and-tested technique used by various threat actors as an obfuscation tactic to bypass antivirus defenses. By loading malicious DLLs into legitimate executables, the idea is to mask their malicious activity under a trusted system or software proc

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles. "For example, if the LinkedIn member's job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the 'position' added to the end)," cybersecurity firm eSentire's Threat Response Unit (TRU)  said  in an analysis. "Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs." Campaigns delivering more_eggs using the  same modus operandi  have been spotted at least since 2018, with the backdo

The data is in. According to IBM Security's  2020 Cost of a Data Breach Report , there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has  increased 630% . Moreover, 75% of respondents report that discovery and recovery time from data breaches has significantly increased due to remote work during the pandemic. Although organizations can save over $1 million if they discover a breach in the first 30 days, the average reported response time was a whopping 280 days.  In the remote-work world, SaaS apps have become an enticing vector-of-choice for bad actors. Just think of the typical employee, working off-site, untrained in security measures, and how their access or privileges increase the risk of sensitive data being stolen, exposed, or compromised. However, it doesn't have to be that way — a company's SaaS security posture can be strengthened, an

In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability. The  leaked data  includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other profile details broken down by country, with over 32 million records belonging to users in the U.S., 11 million users the U.K., and six million users in India, among others. Also included in the leak are  phone numbers  from Facebook CEO Mark Zuckerberg, and co-founders Chris Hughes, and Dustin Moskovitz, who are the fourth, fifth, and sixth members to have registered on Facebook. Interestingly, it appears that the same phone number is also registered to his name on the privacy-focussed messaging app Signal. "Mark Zuckerberg als

Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios. Employing several security solutions tends to be inevitable for many, especially those that have outgrown their previous network setups. Companies that expand to new branches and even overseas operations have to make use of additional security measures and tools. This use of multiple tools or software often leads to critical issues, though. The management of the many cybersecurity solutions can become too complicated and difficult to handle, especially for organizations with little experience in addressing cyber threats, let alone actual attacks. This can result in confusion and the inabilit

Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. What's more, an app can also set to be notified when a new app is installed. Apart from all the usual concerns about misuse of such a data grab, the information can be abused by a potentially harmful app to fingerprint other installed apps, check for the  presence of antivirus ,  affiliate fraud , and even for targeted ads.  In 2014, Twitter  began  tracking the list of apps installed on users' devices as part of its "app graph" initiative with an aim to deliver tailored content. Digital wallet company MobiKwik was also caught  collecting information  about installed apps in the wake of a data breach that came to light earlier this week. Indeed, a study undertaken by a group of Swiss researchers in 2019  found  that "free apps are more likely to query for such information and that third-party libraries (libs) are the main requ