The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the  Bitter APT  based on overlaps in the command-and-control (C2) infrastructure with that of prior campaigns mounted by the same actor. "Bangladesh fits the profile we have defined for this threat actor, previously targeting Southeast Asian countries including  China , Pakistan, and Saudi Arabia," Vitor Ventura, lead security researcher at Cisco Talos for EMEA and Asia, told The Hacker News. "And now, in this latest campaign, they have widened their reach to Bangladesh. Any new country in southeast Asia being targeted by Bitter APT shouldn't be of surprise." Bitter (aka APT-C-08 or T-APT-17) is suspected to be a South Asian hacking

A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called  Nerbian RAT  by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022. "The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries," Proofpoint researchers  said  in a report shared with The Hacker News.  "It is written in operating system (OS) agnostic Go programming language, compiled for 64-bit systems, and leverages several encryption routines to further evade network analysis." The messages, amounting to less than 100 in number, purport to be from the World Health Organization about safety measures related to COVID-19, urging potential victims to open a macr

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Security and IT teams are losing sleep as would-be intruders lay siege to the weakest link in any organization's digital defense: employees. By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Cybercriminals find it easier to manipulate people before resorting to technical "hacking" tactics. Recent research reveals that social engineering is leveraged in 98% of attacks. As the rapid, ongoing acceleration of remote work raises the stakes, security leaders are fighting back with education and awareness. Resources developed by experts, like this new white paper — " Social Engineering: What You Need to Know to Stay Resilient " — identify the most common tactics, track how these types of attacks are evolving, and provide tips to protect organizations and their end-users. These insights not only inform security practitioners of the latest tactics and emerging threats, but help employees unde

Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent media, logistics, and industrial firms based in Germany to carry out  supply chain attacks . "Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a highly-sophisticated, obfuscated piece of malware that acts as a backdoor and allows the attacker to take total control over the infected machine," researchers from JFrog  said  in a new report. The DevOps company said that evidence points to it being either the work of a sophisticated threat actor or a "very aggressive" penetration test. All the rogue packages, most of which have since been removed from the repository, have been traced to four "maintainers" - bertelsmannnpm, boschnodemodules, stihlnodemodules, and dbschenkernpm — indicating an attempt to impersonate legitimate firms like Bertelsmann, Bosch, Stihl, and DB Sc

The Five Eyes nations comprising  Australia ,  Canada ,  New Zealand ,  the U.K. , and  the U.S. , along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication ( SATCOM ) provider that had "spillover" effects across Europe. The  cyber offensive , which took place one hour before the Kremlin's military invasion of Ukraine on February 24, targeted the KA-SAT satellite network operated by telecommunications company Viasat, crippling the operations of wind farms and internet users in central Europe. Viasat, in late March,  disclosed  that it had shipped nearly 30,000 modems to distributors to restore service to customers whose modems were rendered unusable. "This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several E.U. Member States," the Counci

Microsoft on Tuesday rolled out fixes for as many as  74 security vulnerabilities , including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of privilege, 17 information disclosure, and six denial-of-service vulnerabilities, among others. The updates are in addition to  36 flaws  patched in the Chromium-based Microsoft Edge browser on April 28, 2022. Chief among the resolved bugs is  CVE-2022-26925  (CVSS score: 8.1), a spoofing vulnerability affecting the Windows Local Security Authority ( LSA ), which Microsoft describes as a "protected subsystem that authenticates and logs users onto the local system." "An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to

The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers from Secureworks Counter Threat Unit (CTU)  said  in a report published Monday. "The identification of multiple samples with varying modifications in such a short period of time and the lack of an official new version indicates that REvil is under heavy active development once again." REvil, short for Ransomware Evil, is a ransomware-as-a-service (RaaS) scheme and attributed to a Russia-based/speaking group known as  Gold Southfield , arising just as  GandCrab  activity declined and the latter announced their retirement. It's also one of the earliest groups to adopt the double extortion scheme in which stolen data from