#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Aug 31, 2022
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole  said . "The latter borrows several phrases from another popular extension called GoFullPage." The browser add-ons in question – available via the Chrome Web Store and downloaded 1.4 million times – are as follows - Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) - 800,000 downloads Netflix Party (flijfnhifgdcbhglkneplegafminjnhn) - 300,000 downloads Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) - 200,000 downloads AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) - 20,000 downloads The extensions are designed to load a pi
Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

Aug 31, 2022
A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix , points to the growing adoption of Go among threat actors, given the programming language's cross-platform support, effectively allowing the operators to leverage a common codebase to target different operating systems. Go binaries also have the added benefit of rendering reverse engineering a lot more challenging as opposed to malware written in other languages like C++ or C#, not to mention prolong analysis and detection attempts. Phishing emails containing a Microsoft Office attachment act as the entry point for the attack chain that, when opened, retrieves an obfuscated VBA macro, which, in turn, is auto-executed should the recipient enable macros. The execution of the macro results in the download of an image file &quo
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Interested in Reducing Your Risk Profile? Jamf Has a Solution for That

Interested in Reducing Your Risk Profile? Jamf Has a Solution for That

Aug 31, 2022
The threat landscape has changed dramatically over the past decade. While cybercriminals continue to look for new ways to gain access to networks and steal sensitive information, the mobile attack surface is also expanding. Mobile devices are not only becoming more powerful but also more vulnerable to cyberattacks, making mobile security an increasingly important concern for enterprises. This means that anyone accessing the Internet via their cell phone or logging into their home or work network at any time is putting both their own personal data and that of their company at risk. No matter how big or small your business is, you should always take steps to ensure the security of your employees and customers. Recent global attacks have shown us just how vulnerable businesses are to cyberattacks. There are several ways hackers can attack mobile devices. To protect their data, businesses should take a comprehensive approach that addresses both internal and external threats. Jamf Thr
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Aug 31, 2022
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to  eleet or leet ) to secure the ecosystem from  supply chain attacks . Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs. With the tech giant the maintainer of major projects such as Angular, Bazel, Golang, Protocol Buffers, and Fuchsia, the program aims to reward vulnerability discoveries that could otherwise have a significant impact on the larger open source landscape.  Other projects managed by Google and hosted on public repositories such as GitHub as well as the third-party dependencies that are included in those projects are also eligible. Submissions  from bug hunters are expected to meet the following criteria - Vulnerabilities that lead to supply chain compromise Design issues that cause product vulnerabilities Other security
Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks

Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks

Aug 31, 2022
A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint  said  in a published in partnership with PwC. Targets encompass local and federal Australian Governmental agencies, Australian news media companies, and global heavy industry manufacturers which conduct maintenance of fleets of wind turbines in the South China Sea. Proofpoint and PwC attributed the intrusions with moderate confidence to a threat actor tracked by the two companies under the names TA423 and Red Ladon respectively, which is also known as APT40 and Leviathan. APT40 is the name designated to a China-based, espionage-motivated threat actor that's known to be active since 2013 and
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

Aug 30, 2022
As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the  SystemBC  trojan and  DCRat , to enable various stages of their operations," Cisco Talos researcher Vanja Svajcer said in a report shared with The Hacker News. The malicious implant in question, ModernLoader , is designed to provide attackers with remote control over the victim's machine, which enables the adversaries to deploy additional malware, steal sensitive information, or even ensnare the computer in a botnet. Cisco Talos attributed the infections to a previously undocumented but Russian-speaking threat actor, citing the use of off-the-shelf tools. Potential targets included Eastern Eur
Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs

Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs

Aug 30, 2022
As threat complexity increases and the boundaries of an organization have all but disappeared, security teams are more challenged than ever to deliver consistent security outcomes. One company aiming to help security teams meet this challenge is  Stellar Cyber .  Stellar Cyber claims to address the needs of MSSPs by providing capabilities typically found in NG-SIEM, NDR, and SOAR products in their Open XDR platform, managed with a single license. According to Stellar Cyber, this consolidation means faster security analyst ramp time and customer onboarding with far less manually intensive tasks required. Stellar Cyber currently counts 20+ of the top MSSP providers as customers, providing security for over 3 million assets. In addition, stellar Cyber claims after deployment, users see up to 20x faster mean time to respond (MTTR), a bold claim. We recently took a closer look at the Stellar Cyber Security Operations Platform.  Before we begin Before digging into the platform, here are
India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information

Aug 30, 2022
Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot , the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug was identified on August 7, 2022, the same day the low-cost airline commenced its operations in the country. "I found an HTTP request which gave my name, email, phone number, gender, etc. in JSON format," Barot  said  in a write-up. "I immediately changed some parameters in [the] request and I was able to see other user's PII. It took around ~30 minutes to find this issue." Upon receiving the report, the company  said  it temporarily shut down parts of its system to incorporate additional security guardrails. It has also reported the incident to the Indian Computer Emergency Response Team (
FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

Aug 30, 2022
The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency  said  in a notification. Attackers are said to have used different methods to hack and steal cryptocurrency from DeFi platforms, including initiating flash loans that trigger exploits in the platforms' smart contracts and exploiting signature verification flaws in their token bridge to withdraw all investments. The agency has also observed criminals defrauding the platforms by manipulating cryptocurrency price pairs – assets that can be traded for each other on an exchange – by exploiting a series of vulnerabilities to bypass  slippage checks  and steal roughly $35 million in digital funds. It further said that the threat ac
Expert Insights / Articles Videos
Cybersecurity Resources