The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of this new malware have been discovered, spread across three different variants, hinting that it's under active development. "RATDispenser is used to gain an initial foothold on a system before launching secondary malware that establishes control over the compromised device," security researcher Patrick Schläpfer  said . "All the payloads were RATs, designed to steal information and give attackers control over victim devices." As with other attacks of this kind, the starting point of the infection is a phishing email containing a malicious attachment, which masquerades as a text

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a previously undocumented PowerShell-based information stealer designed to harvest extensive details from infected machines. "[T]he stealer is a PowerShell script, short with powerful collection capabilities — in only ~150 lines, it provides the adversary a lot of critical information including screen captures, Telegram files, document collection, and extensive data about the victim's environment," SafeBreach Labs researcher Tomer Bar  said  in a report published Wednesday. Nearly half of the targets are from the U.S., with the cybersecurity firm noting that the attacks are likely aimed at "Iranians who live abroad and might be seen as a threat to Iran's Islamic regime." The phishing campaign, which began in July 2021, involved the exploitation of CVE-2021-40444, a remote code execution fl

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.  Need help picking out antivirus software? Well, we've got you covered. Below you can find our picks for the best antivirus products of 2021. But before we get to that, let's set a few things straight so we're all on the same page.  When we talk about antivirus products, we're really talking about anti- malware  products. Malware is a catchall term that refers to any malicious program created to damage, disrupt, or take charge of a computer. Types of malware include not only viruses but spyware, trojan horses, ransomware, adware, and scareware. Any good antivirus product in 2021 must be ab

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos  disclosed  that it "detected malware samples in the wild that are attempting to take advantage of this vulnerability." Tracked as  CVE-2021-41379  and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft's  Patch Tuesday updates  for November 2021. However, in what's a case of an insufficient patch, Naceri found that it was not only possible to bypass the fix implemented by Microsoft but also  achieve  local privilege escalation via a newly discovered zero-day bug. The proof-of-concept (PoC) exploit, dubbed " InstallerFileTakeOver ," w

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system, and impacts vCenter Server versions 6.5 and 6.7. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information," the company  noted  in an advisory published on November 23, crediting ch0wn of Orz lab for reporting the flaw. The second shortcoming remediated by VMware relates to an  SSRF  (Server-Side Request Forgery) vulnerability in the Virtual storage area network (vSAN) Web Client plug-in that could allow a malicious actor with network access to port 443 on vCenter Server to exploit the flaw by accessing an i

Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese company's audio digital signal processor ( DSP ) unit by Israeli cybersecurity firm Check Point Research, ultimately finding that by stringing them together with other flaws present in a smartphone manufacturer's libraries, the issues uncovered in the chip could lead to local privilege escalation from an Android application.  "A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware," Check Point security researcher Slava Makkaveev  said  in a report. "Since the DSP firmware h

A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated new features into their malicious apps that make them more resilient to actions by users, who might try to remove them manually, and to security and web hosting companies that attempt to block access to, or shut down, their command-and-control server domains," Sophos threat researcher Pankaj Kohli  said  in a report published Tuesday. Also known by the monikers  VAMP ,  FrozenCell ,  GnatSpy , and  Desert Scorpion , the mobile spyware has been a preferred tool of choice for the APT-C-23 threat group since at least 2017, with  successive iterations  featuring extended surveillance functionality to vacuum files, images, contacts and call logs, read notifications from messaging apps, r