The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name  Ice Breaker , stating the intrusions employ clever social engineering tactics to deploy a JavaScript backdoor. The attack sequence proceeds as follows: The threat actor poses as a customer while initiating a conversation with a support agent of a gaming company under the pretext of having account registration issues. The adversary then urges the individual on the other end to open a screenshot image hosted on Dropbox. Security Joes said that the threat actor is "well-aware of the fact that the customer service is human-operated." Clicking the purported screenshot link sent in the chat leads to the retrieval of an LNK payload or, alternatively, a VBScript file as a backup option,

A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the  Google Admin console , including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," Google  states  in its documentation. That's where the  exploit  – dubbed Shady Hacking 1nstrument Makes Machine Enrollment Retreat aka  SH1MMER  – comes in, allowing users to bypass these admin restrictions. The method is also a reference to shim, a Return Merchandise Authorization (RMA) disk image used by service center technicians to reinstall the operating system and run diagnosis and repair programs. The Google-signed  shim image  is a "combination of existing Chrome OS  factory bundle  components" – namely a release image, a toolkit, and the firmware, amon

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure. What is Kubernetes? Kubernetes is an open source container management solution that automates the deployment and scaling of containers and also manages the life cycle of containers. It organizes containers into logical units for simple management and discovery. Kubernetes extends how we scale containerized applications so that we may use a truly persistent infrastructure. You can build cloud-native applications based on microservices with Kubernetes. Enthusiasts view Kubernetes as the cornerstone of application m

The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as  Prilex  have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky  said  it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its criminal scheme a notch higher. Having evolved out of ATM-focused malware into PoS malware over the years since going operational in 2014, the threat actor has steadily incorporated new features that are designed to facilitate credit card fraud, including a technique called  GHOST transactions . While contactless payments have taken off in a big way, in part due to the COVID-19 pandemic, the underlying motive behind the new functionality is to disable the feature so as to force the user to insert the card into the PIN pad. To that end, the latest version of Prilex, which Kaspersky disc

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious  OAuth  applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting permissions to the fraudulent apps," the tech giant  said . "This phishing campaign targeted a subset of customers primarily based in the U.K. and Ireland." Consent phishing is a  social engineering attack  wherein users are tricked into granting permissions to malicious cloud applications, which can then be weaponized to gain access to legitimate cloud services and sensitive user data. The Windows maker said it became aware of the campaign on December 15, 2022. It has since alerted affected customers via email, with the company noting that the threat actors abused the conse

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after  three security vulnerabilities  were brought to light in the same product. Firmware security firm Eclypsium  said  the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, collectively tracked as  BMC&C , could act as a springboard for cyber attacks, enabling threat actors to obtain remote code execution and unauthorized device access with superuser permissions. The two new flaws in question are as follows - CVE-2022-26872  (CVSS score: 8.3) - ​​Password reset interception via API CVE-2022-40258  (CVSS score: 5.3) - Weak password hashes for Redfish and API Specifically, MegaRAC has been found to use the MD5 hashing algorithm with a global salt for older devices, or  SHA-512 with per user salts  on newer appliances, potentially allowing a threat actor to crack th

Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases. It might sound ridiculous at first: keeping secrets is an obvious first thought when thinking about security in the development lifecycle. Whether in the cloud or on-premise, you know that your secrets are safely stored behind hard gates that few people can access. It is not just a matter of common sense since it's also an essential compliance requirement for security audits and certifications. Developers working in your organization are well-aware that secrets should be handled with special care. They have put in place specific tools and procedures to correctly create, communicate, and rotate human or machine credentials. Still, do you know where your secrets are?

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed  NikoWiper  as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on  SDelete , a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET  revealed  in its latest APT Activity Report shared with The Hacker News. The Slovak cybersecurity firm said the attacks coincided with  missile strikes  orchestrated by the Russian armed forces aimed at the Ukrainian energy infrastructure, suggesting overlaps in objectives. The disclosure comes merely days after ESET attributed Sandworm to a Golang-based data wiper known as  SwiftSlicer  that was deployed against an unnamed Ukrainian entity on January 25, 2023. The advanced persistent threat (APT) group linked to Russia's foreign military intelligence agency GRU has also been implicated in a partially successful attack targeting national

A shellcode-based  packer  dubbed  TrickGate  has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically," Check Point Research's Arie Olshtein  said , calling it a "master of disguises." Offered as a service to other threat actors since at least late 2016, TrickGate helps conceal payloads behind a layer of wrapper code in an attempt to get past security solutions installed on a host. Packers can also function as crypters by encrypting the malware as an obfuscation mechanism. "Packers have different features that allow them to circumvent detection mechanisms by appearing as benign files, being difficult to reverse engineer, or incorporating sandbox evasion tec