#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security Posture Management

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware

Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware

May 25, 2023 Ransomware / Endpoint Security
The Iranian threat actor known as  Agrius  is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations. Agrius, also known as Pink Sandstorm (formerly Americium), has a  track record  of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections. Microsoft has attributed the threat actor to Iran's Ministry of Intelligence and Security (MOIS), which also operates  MuddyWater . It's known to be active since at least December 2020. In December 2022, the hacking crew was  attributed  to a set of attempted disruptive intrusions that were directed against diamond industries in South Africa, Israel, and Hong Kong. These attacks involved the use of a .NET-based wiper-turned-ransomware called  Apostle  and its successor known as Fantasy. Unlike Apostle, Moneybird is programmed in C++. "The use of a new ransomware, written in C++, is noteworthy, as it demonstrates the group's expanding capabil
GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

May 25, 2023 Software Security / Supply Chain
Google on Wednesday announced the  0.1 Beta version  of  GUAC  (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains. To that end, the search giant is  making available  the open source framework as an API for developers to integrate their own tools and policy engines. GUAC  aims to aggregate software security metadata from different sources into a graph database that maps out relationships between software, helping organizations determine how one piece of software affects another. "Graph for Understanding Artifact Composition ( GUAC ) gives you organized and actionable insights into your software supply chain security position," Google  says  in its documentation. "GUAC ingests software security metadata, like SBOMs, and maps out the relationship between software so that you can fully understand your software security position." In other words, it's designed to bring together Software Bill of M
cyber security

Guide: How to Minimize Third-Party Risk With Vendor Management

websitewww.vanta.comVendor Risk Management
Manage third-party risk while dealing with challenges like limited resources and repetitive manual processes.
How to Handle Retail SaaS Security on Cyber Monday

How to Handle Retail SaaS Security on Cyber Monday

Nov 27, 2023SaaS Security / Cyber Monday
If forecasters are right, over the course of today, consumers will spend  $13.7 billion . Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host nearly all of this behind-the-scenes activity. While retailers are rightfully focused on sales during this time of year, they need to ensure that the SaaS apps supporting their business operations are secure. No one wants a repeat of one of the biggest retail cyber-snafus in history, like when one U.S.-based national retailer had 40 million credit card records stolen.  The attack surface is vast and retailers must remain vigilant in protecting their entire SaaS app stack. For example, many often use multiple instances of the same application. They may use a different Salesforce tenant for eve
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry

Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry

May 24, 2023 Cyber Threat / Web Security
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as  Tortoiseshell , which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected sites collect preliminary user information through a script," ClearSky  said  in a technical report published Tuesday. Most of the impacted websites have been stripped of the rogue code. Tortoiseshell  is known to be active since at least July 2018, with  early attacks  targeting IT providers in Saudi Arabia. It has also been observed  setting up fake hiring websites  for U.S. military veterans in a bid to trick them into downloading remote access trojans. That said, this is not the first time Iranian activity clusters have set their sights on the Israeli shipping sector with wa
What to Look for When Selecting a Static Application Security Testing (SAST) Solution

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

May 24, 2023 AppSec / DevSecOps
If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical applications.  SAST scans code early during development, so your AppSec team won't be scrambling to fix unexpected vulnerabilities right before that big launch is planned. You'll avoid surprises and launch delays without inadvertently releasing risky software to customers — or into production.  But if you consider SAST as a part of a larger AppSec platform, crucial for those who wish to  shift security everywhere  possible in the software development life cycle (SDLC), some SAST solutions outshine others.  Knowing what to focus on With a plethora of players in the market, sometimes
Data Stealing Malware Discovered in Popular Android Screen Recorder App

Data Stealing Malware Discovered in Popular Android Screen Recorder App

May 24, 2023 Mobile Security / Data Safety
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021. The malicious functionality is believed to have been introduced in version 1.3.8, which was released on August 24, 2022. "It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code," ESET security researcher Lukáš Štefanko  said  in a technical report. "The malicious code that was added to the clean version of iRecorder is based on the open source  AhMyth  Android RAT (remote access trojan) and has been customized into what we named AhRat." iRecorder was  first flagged  as harboring the AhMyth trojan on October 28, 2022, by
Legion Malware Upgraded to Target SSH Servers and AWS Credentials

Legion Malware Upgraded to Target SSH Servers and AWS Credentials

May 24, 2023 Server Security / Malware
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications," Cado Labs researcher Matt Muir  said  in a report shared with The Hacker News. "It's clear that the developer's targeting of cloud services is advancing with each iteration." Legion, a Python-based hack tool, was  first documented  last month by the cloud security firm, detailing its ability to breach vulnerable SMTP servers in order to harvest credentials. It's also known to exploit web servers running content management systems (CMS), leverage Telegram as a data exfiltration point, and send spam SMS messages to a list of dynamically-generated U.S. mobile num
N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

May 24, 2023 Cyber Espionage / Server Security
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services ( IIS ) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to run arbitrary payloads. "The threat actor places a malicious DLL (msvcr100.dll) in the same folder path as a normal application (Wordconv.exe) via the Windows IIS web server process, w3wp.exe," ASEC explained . "They then execute the normal application to initiate the execution of the malicious DLL." DLL side-loading , similar to DLL search-order hijacking, refers to the proxy execution of a rogue DLL via a benign binary planted in the same directory. Lazarus , a highly-capable and relentless nation-state group linked to North Korea, was most recently spotted leveraging the same t
Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation

Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation

May 24, 2023 Cyber War / Threat Intel
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The  intrusion set , attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In the attack chain described by the agency, the emails targeted an unspecified ministry and purported to be from the Embassy of Tajikistan in Ukraine. It's suspected that the messages were sent from a previously compromised mailbox. The emails come attached with a Microsoft Word document that, upon enabling macros, launches an encoded VBScript called HATVIBE, which is then used to drop additional malware. This includes a keylogger (LOGPIE), a Python-based backdoor capable of running commands sent from a remote server (CHERRYSPY), and a tool focused on exfiltrating files with specific e
GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

May 23, 2023 Cyber Threat / APT
Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named  GoldenJackal . Russian cybersecurity firm Kaspersky, which has been  keeping tabs  on the group's activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, infecting victims with tailored malware that steals data, propagates across systems via removable drives, and conducts surveillance. GoldenJackal is suspected to have been active for at least four years, although little is known about the group. Kaspersky said it has been unable to determine its origin or affiliation with known threat actors, but the actor's modus operandi suggests an espionage motivation. What's more, the threat actor's attempts to maintain a low profile and disappear into the shadows bears all the hallmarks of a state-sponsored g
Cybersecurity Resources