#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

May 12, 2022
Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. "The websites all shared a common issue — malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files," Krasimir Konov, a malware analyst at Sucuri,  said  in a report published Wednesday. This involved infecting files such as jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that's activated on every page load, allowing the attacker to redirect the website visitors to a destination of their choice. The GoDaddy-owned website security company said that the domains at the end of the redirect chain could be used to load advertisements, phishing pages, malware, or even trigger another set of redirects. In some instances, unsus
Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

May 12, 2022
Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick  said  in a statement. The goal, the search giant, said to keep payment information safe and secure during online shopping and protect users from  skimming attacks  wherein threat actors inject malicious JavaScript code to plunder credit card numbers and sell them on the black market. The feature is expected to roll out in the U.S. for Visa, American Express, Mastercard, and Capital One cards starting this summer. Interestingly, while Apple offers an option to mask email addresses via  Hide My Email , which enables users to create unique, random email addresses to use with apps
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Everything We Learned From the LAPSUS$ Attacks

Everything We Learned From the LAPSUS$ Attacks

May 12, 2022
In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile (April 23, 2022) Globant  Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health. While high-profile cyber-attacks are certainly nothing new, there are several things that make LAPSUS$ unique. The alleged mastermind of these attacks and several other alleged accomplices were all teenagers. Unlike more traditional ransomware gangs, LAPSUS$ has a very strong social media presence. The gang is best known for data exfiltration. It has stolen source code and other proprietary information and has often leaked this information on the Internet. LAPSUS$ stolen credentials  In the case of Nvidia, for example, the  attackers gained access to hundreds of gigabytes of proprietary data ,
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

May 12, 2022
Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a  joint advisory  warning of threats targeting managed service providers (MSPs) and their customers. Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication (MFA) on MSP accounts that access customer environments, and ensuring transparency in ownership of security roles and responsibilities. MSPs have emerged as an attractive attack route for cybercriminals to scale their attacks, as a vulnerable provider can be weaponized as an initial access vector to breach several downstream customers at once. The spillover effects of such intrusions, as witnessed in the wake of high-profile breaches aimed at  SolarWinds  and  Kaseya  in recent years, have once again underlined the need to secure the software supply chain. The targeting of MSPs by malicious cyber actors in an effort to "expl
Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

May 12, 2022
Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of enterprise environments, as of May 2022," CrowdStrike  said  in a Wednesday report. The cybersecurity firm, which discovered the sophisticated malware in late 2021, noted its presence in multiple victim networks and in geographically distinct locations. Targeted victims span a wide range of sectors, including technology, academic, and government entities. A post-exploitation toolset, as the name implies, is not used to provide initial access, but is rather employed to carry out follow-on attacks after having already compromised the hosts in question. IceApple is notable for the fact that it's an in-memo
CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

May 12, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  the recently disclosed F5 BIG-IP flaw to its  Known Exploited Vulnerabilities Catalog  following reports of  active abuse  in the wild. The flaw, assigned the identifier  CVE-2022-1388  (CVSS score: 9.8), concerns a  critical bug  in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to execute arbitrary system commands. "An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.ai  said  in a report. "This includes making configuration changes, stealing sensitive information and moving laterally within the target network." Patches and mitigations for the flaw were announced by F5 on May 4, but it has been  subjected  to  in-the-wild   exploitation  over the past week, with attackers attempting to install a web shell that grants backdoor access to the targeted systems. "Due to the ease
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia

Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia

May 11, 2022
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the  Bitter APT  based on overlaps in the command-and-control (C2) infrastructure with that of prior campaigns mounted by the same actor. "Bangladesh fits the profile we have defined for this threat actor, previously targeting Southeast Asian countries including  China , Pakistan, and Saudi Arabia," Vitor Ventura, lead security researcher at Cisco Talos for EMEA and Asia, told The Hacker News. "And now, in this latest campaign, they have widened their reach to Bangladesh. Any new country in southeast Asia being targeted by Bitter APT shouldn't be of surprise." Bitter (aka APT-C-08 or T-APT-17) is suspected to be a South Asian hacking
Cybersecurity Resources