The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to offer tech and pro-Kurd content — two aimed at Android users while the other four appeared to provide news for the Kurdish supporters — only to share links to spying apps on public Facebook groups. All the six profiles have since been taken down. "It targeted the Kurdish ethnic group through at least 28 malicious Facebook posts that would lead potential victims to download Android 888 RAT or SpyNote," ESET researcher Lukas Stefanko  said . "Most of the malicious Facebook posts led to downloads of the commercial, multi-platform 888 RAT, which has been available on the black market since 2018." The Slovakian cybersecurity firm attributed the at

Most cyber security today involves much more planning, and much less reacting than in the past. Security teams spend most of their time preparing their organizations' defenses and doing operational work. Even so, teams often must quickly spring into action to respond to an attack. Security teams with copious resources can quickly shift between these two modes. They have enough resources to allocate to respond properly. Lean IT security teams, however, are more hard-pressed to react effectively. A new guide by XDR provider Cynet ( download here ), however, argues that lean teams can still respond effectively. It just takes some work.  For teams that are resource-constrained, success starts with having a clear plan and putting the tools and infrastructure in place for the organization to follow properly. The guide breaks down the tools, factors, and knowledge that go into optimizing an organization's time to respond.  Building a successful incident response plan Today's

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents. "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company  said . "An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users who

The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts. "At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected," the company  said  in a statement published over the weekend. The disclosure comes as the U.S. Cyber Command  warned  of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments. Tracked as CVE-2

End-to-end encrypted email service provider ProtonMail has  drawn   criticism  after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account. On its website, ProtonMail  advertises  that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first." Protonmail Homepage Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by req

An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications. "These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos  said  in a report published last week. The attacks work by taking advantage of a number of bait pages hosted on WordPress that contain "download" links to software packages, which, when clicked, redirect the victims to a different website that delivers potentially unwanted browser plug-ins and malware, such as installers for  Raccoon Stealer , Stop ransomware, the Glupteba backdoor, and a variety of malicious cryptocurrency miners that masquerade as antivirus solutions. "Visitors who arrive on these sites are prompted to allow notifications; If they allow th

Networking, storage and security solutions provider Netgear on Friday  issued patches  to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device. The flaws, which were discovered and reported to Netgear by Google security engineer Gynvael Coldwind, impact the following models - GC108P (fixed in firmware version 1.0.8.2) GC108PP (fixed in firmware version 1.0.8.2) GS108Tv3 (fixed in firmware version 7.0.7.2) GS110TPP (fixed in firmware version 7.0.7.2) GS110TPv3 (fixed in firmware version 7.0.7.2) GS110TUP (fixed in firmware version 1.0.5.3) GS308T (fixed in firmware version 1.0.3.2) GS310TP (fixed in firmware version 1.0.3.2) GS710TUP (fixed in firmware version 1.0.5.3) GS716TP (fixed in firmware version 1.0.4.2) GS716TPP (fixed in firmware version 1.0.4.2) GS724TPP (fixed in firmware version 2.0.6.3) GS724TPv2 (fixed in firmware version 2.0.6.3) GS728TPPv2 (fixed in firmware