#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor

Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor

Sep 26, 2022
A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile. The intrusions involved the exploitation of  CVE-2022-1040  and  CVE-2022-30190  (aka "Follina"), two remote code execution vulnerabilities in Sophos Firewall and Microsoft Office, respectively. "This willingness to rapidly incorporate new techniques and methods of initial access contrasts with the group's continued use of well known and reported capabilities, such as the Royal Road RTF weaponizer, and often lax infrastructure procurement tendencies," Recorded Future  said  in a new technical analysis. TA413, also known as LuckyCat, has been linked to rel
BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

Sep 26, 2022
The  BlackCat ransomware crew  has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software," researchers from Symantec  said  in a new report. BlackCat, also known by the names ALPHV and Noberus, is attributed to an adversary tracked as Coreid (aka  FIN7 , Carbanak, or Carbon Spider) and is said to be a  rebranded successor  of  DarkSide  and  BlackMatter , both of which shut shop last year following a string of high-profile attacks, including that of Colonial Pipeline. The threat actor, like other notorious ransomware groups, is known to run a ransomware-as-a-service (RaaS) operation, which involves its core developers enlisting the help of affiliates to carry out the attacks in exchange for a cut
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
5 Network Security Threats And How To Protect Yourself

5 Network Security Threats And How To Protect Yourself

Sep 26, 2022
Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, these would all live on one "corporate network," - networks today are often just made up of the devices themselves, and how they're connected: across the internet, sometimes via VPNs, to the homes and cafes people work from, to the cloud and data centres where services live. So what threats does this modern network face? Let's look at them in more detail. #1 Misconfiguration According to recent research by  Verizon , misconfiguration errors and misuse now make up 14% of breaches. Misconfiguration errors occur when configuring a system or application so that it&
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Google to Make Account Login Mandatory for New Fitbit Users in 2023

Google to Make Account Login Mandatory for New Fitbit Users in 2023

Sep 26, 2022
Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker  said . The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is expected to continue until at least the beginning of 2025, after which a Google account will be mandatory for using the devices. The deeper integration also means that a Google account will be compulsory to sign up for Fitbit and activate new features, including those that incorporate Google products and services such as Google Assistant. Also necessitated as part of the transition is the consent from the part of users to move their personal data from Fitbit to Google. The internet giant  stressed that  users' personal information will not be used to serve ads. The goal, Fitbit said
Ukraine Arrests Cybercrime Group for Selling Data of 30 Million Accounts

Ukraine Arrests Cybercrime Group for Selling Data of 30 Million Accounts

Sep 26, 2022
Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems like YooMoney, Qiwi, and WebMoney that are outlawed in the country. "Their 'wholesale clients' were pro-kremlin propagandists," the Security Service of Ukraine (SSU)  said  in a press release. "It was them who used the received identification data of Ukrainian and foreign citizens to spread fake 'news' from the front and sow panic." The goal behind the campaign was "large-scale destabilization in multiple countries," it stated, adding the hacked accounts were used to propagate false information about the socio-political situation in U
London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

Sep 24, 2022
The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency  said , adding "he remains in police custody." The department said the arrest was made as part of an investigation in partnership with the U.K. National Crime Agency's cyber crime unit. No further details about the nature of the investigation were disclosed, although it's suspected that the law enforcement action may have something to do with the recent string of high-profile hacks aimed at  Uber  and  Rockstar Games . Both the intrusions are alleged to have been committed by the same threat actor, who goes by the name Tea Pot (aka teapotuberhacker). Uber, for its part, has pinned the breach on an attacker (or attackers) that it believes is associated with the LAPSUS$ extortion
Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Sep 24, 2022
Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers' network. The issue, tracked as  CVE-2022-3236  (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company  said  it "has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region," adding it directly notified these entities. As a workaround, Sophos is recommending that users take steps to ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest supported version - v19.5 GA v19.0 MR2 (19.0.2) v19.0 GA, MR1, and MR1-1 v18.5 MR5 (18.5.5) v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4 v18.0 MR3, MR4,
Cybersecurity Resources