The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver  Cobalt Strike  and  SystemBC  for post-exploitation. "The threat actor displayed fast-moving behaviors, quickly heading to control the network it infected, and getting elevated privileges in less than four hours," Cybereason  said  in an analysis published February 8, 2023. Gootkit, also called Gootloader, is exclusively attributed to a threat actor tracked by Mandiant as UNC2565. Starting its life in 2014 as a banking trojan, the malware has since morphed into a loader capable of delivering next-stage payloads. The shift in tactics was  first uncovered  by Sophos in March 2021. Gootloader takes the form of heavily-obfuscated JavaScript files th

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as  CVE-2023-0286 , the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The vulnerability is rooted in the way the  popular cryptographic library  handles X.509 certificates, and is likely to impact only those applications that have a custom implementation for retrieving a certificate revocation list ( CRL ) over a network. "In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature," OpenSSL  said . "If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon."

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for  lightweight cryptography  applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NIST  said . "They are also designed for other miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles." Put differently, the idea is to adopt security protections via lightweight cryptography in devices that have a "limited amount of electronic resources." That said, NIST still recommends the Advanced Encryption Standard ( AES ) and SHA-256 for general use. Ascon is  credited  to a team of cryptographers from the Graz University of Technology, Infineon Technologies, Lamarr Security Researc

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization." The list of eight cross-site scripting ( XSS ) flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows - CVE-2022-47412  - ONLYOFFICE Workspace Search Stored XSS CVE-2022-47413 and CVE-2022-47414  - OpenKM Document and Application XSS CVE-2022-47415, CVE-2022-47416, CVE-2022-47417, and CVE-2022-47418  - LogicalDOC Multiple Stored XSS CVE-2022-47419  - Mayan EDMS Tag Stored XSS Stored XSS, also known as persistent XSS, occurs when a malicious script is injected directly into

A Sydney man has been  sentenced  to an 18-month Community Correction Order ( CCO ) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when  arrested in October 2022  and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme. The suspect contacted dozens of victims to threaten that their personal information would be sold to other hackers and "used for fraudulent activity" unless an AU$ 2,000 payment is made to a bank account under their control. The scammer is said to have sent the SMS messages to 92 individuals whose information was part of a  larger cache of 10,200 records  that was briefly published in a criminal forum in September 2022, The Australian Federal Police (AFP), which launched Operation Guardian following the breach, said there is no evidence that any of the affected customers transferred the dem

A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as  Nodaria , which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files," the Symantec Threat Hunter Team  said  in a report shared with The Hacker News. Nodaria was  first spotlighted  by CERT-UA in January 2022, calling attention to the adversary's use of  SaintBot and OutSteel malware  in spear-phishing attacks targeting government entities. Also called DEV-0586, TA471, and UNC2589, the hacking crew has been linked to the destructive WhisperGate (aka PAYWIPE ) data wiper attacks targeting Ukrainian entities around the same time.

To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks.  During a  webinar called The Hacker Mindset,  a Red Team Researcher shared how you can use some of these tools for your own detection and prevention of breaches. He also demonstrated how an attack takes place using the  Follina exploit  as an example. So, what does "the hacker mindset" mean?  The hacker mindset can be characterized by three core values: a strong sense of curiosity, an adversarial attitude, and persistence.  3 core values of a hacker's mindset  1  —  "Curiosity might have killed the cat, but it had nine lives." Curiosity drives hackers to explore and understand systems, networks, and software in order to identify vulnerabilities. Not only are they constantly seeking new knowledge and skills to improve their abilities and stay ahead of security measures, they're cons

A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. Denis Mihaqlovic Dubnikov, 30, was  arrested  in Amsterdam in November 2021 before he was extradited from the Netherlands in August 2022. He is awaiting sentencing on April 11, 2023. "Between at least August 2018 and August 2021, Dubnikov and his co-conspirators laundered the proceeds of Ryuk ransomware attacks on individuals and organizations throughout the United States and abroad," the Department of Justice (DoJ)  said . Dubnikov and his accomplices are said to have engaged in various criminal schemes designed to obscure the trail of the ill-gotten proceeds. According to DoJ, a chunk of the 250 Bitcoin ransom paid by a U.S. company in July 2019 after a Ryuk attack was sent to Dubnikov in exchange for about $400,000. The crypto was subsequently converted to Tether and trans

The Computer Emergency Response Team of Ukraine (CERT-UA) has  issued  an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as  UAC-0050 , with the agency describing the activity as likely motivated by espionage given the toolset employed. The bogus emails that kick-start the infection sequence claim to be from Ukrainian telecom company Ukrtelecom and come bearing a decoy RAR archive. Of the two files present in the file, one is a password-protected RAR archive that's over 600MB and the other is a text file containing the password to open the RAR file. Embedded within the second RAR archive is an executable that leads to the installation of the Remcos remote access software, granting the attacker full access to commandeer compromised computers. Remcos , short for remote control and surveillance software, is offered by B