#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
AI Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks

May 31, 2023 Advanced Persistent Threat
The threat actor known as  Dark Pink  has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational institutions, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew's continued focus on high-value targets. Dark Pink, also called Saaiwc Group, is an advanced persistent threat (APT) actor believed to be of Asia-Pacific origin, with  attacks   targeting  entities primarily located in East Asia and, to a lesser extent, in Europe. The group employs a set of custom malware tools such as TelePowerBot and KamiKakaBot that provide various functions to exfiltrate sensitive data from compromised hosts. "The group uses a range of sophisticated custom tools, deploys multiple kill chains relying on spear-phishing emails," Group-IB security researcher Andrey Polovinkin  said  in a technical report shared with The Hacker News. "Onc
RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks

RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks

May 31, 2023 Cyber Threat / Malware
The threat actors behind  RomCom RAT  are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius (Unit 42) and UNC2596 (Mandiant). "These lure sites are most likely only meant for a small number of targets, thus making discovery and analysis more difficult," security researchers Feike Hacquebord, Stephen Hilt, Fernando Merces, and Lord Alfred Remorin  said . Some of the impersonated apps spotted so far include AstraChat, Devolutions' Remote Desktop Manager, Gimp, GoTo Meeting, KeePass, OpenAI ChatGPT, Signal, Veeam Backup & Replication, and WinDirStat. RomCom RAT was  first chronicled  by Palo Alto Networks Unit 42 in August 2022, linking it to a financially motivated group deploying  Cuba Ransomware  (aka COLDDRAW). It's worth noting that there is no
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Jul 15, 2024Cyber Crime / Data Protection
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it. Let's start with what infostealer malware actually is. As the name suggests, it's malware that... steals data. Depending on the specific type, the information it extracts might differ slightly, but most will try to extract the following: Cryptocurrency wallets Bank account information and saved credit card details Saved passwords from various apps Bro
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

May 31, 2023 Network Security / Zero Day
Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest  findings  show that the  critical vulnerability , tracked as  CVE-2023-2868  (CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery. The flaw, which Barracuda identified on May 19, 2023, affects versions 5.1.3.001 through 9.2.0.006 and could allow a remote attacker to achieve code execution on susceptible installations. Patches were released by Barracuda on May 20 and May 21. "CVE-2023-2868 was utilized to obtain unauthorized access to a subset of ESG appliances," the network and email security company  said  in an updated advisory. "Malware was identified on a subset of appliances allowing for persistent backdoor access. Evidence of data exfiltration was identified on a subset of impacted appliance
cyber security

Top 4 Security Risks of GenAI

websiteWizGenAI Security / Technology
Gain a competitive edge and unlock the top 4 major emerging risks within GenAI. This report from Gartner provides insights and recommended actions for security and product leaders.
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers

Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers

May 30, 2023 Zero Day / Vulnerability
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI)  said  in a report published last week. The vulnerabilities were demonstrated by three different teams from Qrious Secure, STAR Labs, and DEVCORE at the Pwn2Own hacking contest held in Toronto late last year, netting them $105,000 in monetary rewards. The list of four flaws, which impact Sonos One Speaker 70.3-35220, is below - CVE-2023-27352  and  CVE-2023-27355  (CVSS scores: 8.8)  - Unauthenticated flaws that allow network-adjacent attackers to execute arbitrary code on affected installations. CVE-2023-27353  and  CVE-2023-27354  (CVSS score: 6.5)  - Unauthenticated flaws that allow network-adjacent attackers to disclose sensitive information on affected installations. While CVE-2023-27352 stems from when processing SMB directory query commands, CVE-2023-27355 exists within the MPEG-TS pars
CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security

CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security

May 30, 2023
Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic. "Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this market demand have been created," Trend Micro  said  in a report published last week. "These CAPTCHA-solving services don't use [optical character recognition] techniques or advanced machine learning methods; instead, they break CAPTCHAs by farming out CAPTCHA-breaking tasks to actual human solvers." CAPTCHA  – short for Completely Automated Public Turing test to tell Computers and Humans Apart – is a tool for differentiating real human users from automated users with the goal of combating spam and restricting fake account creation. While CAPTCHA mechanisms can be a  disruptive user experience , they are seen as an effective means to counter attacks from bot-ori
Implementing Risk-Based Vulnerability Discovery and Remediation

Implementing Risk-Based Vulnerability Discovery and Remediation

May 30, 2023 Vulnerability Management
In this day and age, vulnerabilities in software and systems pose a considerable danger to businesses, which is why it is essential to have an efficient vulnerability management program in place. To stay one step ahead of possible breaches and reduce the damage they may cause, it is crucial to automate the process of finding and fixing vulnerabilities depending on the level of danger they pose. This post will discuss the fundamental approaches and tools to implement and automate risk-based vulnerability management. To make this process easier, consider using an  all-in-one cloud-based solution  right from the start. Implementing a risk-based vulnerability management program A risk-based vulnerability management program is a complex preventative approach used for swiftly detecting and ranking vulnerabilities based on their potential threat to a business. By implementing a risk-based vulnerability management approach, organizations can improve their security posture and reduce the lik
Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users

Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users

May 30, 2023 Mobile Security / Android
A new open source remote access trojan (RAT) called  DogeRAT  targets Android users primarily located in India as part of a sophisticated malware campaign. The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGPT, and Premium versions of YouTube, Netflix, and Instagram. "Once installed on a victim's device, the malware gains unauthorized access to sensitive data, including contacts, messages, and banking credentials," cybersecurity firm CloudSEK  said  in a Monday report. "It can also take control of the infected device, enabling malicious actions such as sending spam messages, making unauthorized payments, modifying files, and even remotely capturing photos through the device's cameras." DogeRAT, like many other malware-as-a-service ( MaaS ) offerings, is promoted by its India-based developer through a Telegram channel that has more than 2,100 subscribers since it wa
New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

May 29, 2023 Authentication / Mobile Security
Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed  BrutePrint , bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework. The flaws, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), leverage logical defects in the authentication framework, which arises due to insufficient protection of fingerprint data on the Serial Peripheral Interface (SPI) of fingerprint sensors. The result is a "hardware approach to do man-in-the-middle (MitM) attacks for fingerprint image hijacking," researchers Yu Chen and Yiling He  said  in a research paper. "BrutePrint acts as a middleman between fingerprint sensor and  TEE  [Trusted Execution Environment]." The goal, at its core, is to be
AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks

AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks

May 29, 2023 Cyber Threat / Malware
A crypter (alternatively spelled cryptor) malware dubbed  AceCryptor  has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET  said  it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month. Some of the prominent malware families contained within AceCryptor are SmokeLoader, RedLine Stealer, RanumBot, Raccoon Stealer, Stop ransomware, and Amadey, among others. The countries with the most detections include Peru, Egypt, Thailand, Indonesia, Turkey, Brazil, Mexico, South Africa, Poland, and India. AceCryptor was  first highlighted  by Avast in August 2022, detailing the use of the malware to distribute Stop ransomware and RedLine Stealer on Discord in the form of 7-Zip files. Crypters  are similar to packers, but instead of using compression, they are known to obfuscate the malware code with encryption to make detection and reverse engineering a lot more challenging.
Cybersecurity
Expert Insights
Cybersecurity Resources