#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Microsoft is Rolling out Support for Passkeys in Windows 11

Microsoft is Rolling out Support for Passkeys in Windows 11

Sep 26, 2023 Endpoint Security / Password
Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a  major update  to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step. Based on  FIDO standards , Passkeys were  first announced  in May 2022 as a replacement for passwords in a manner that's both strong and phishing-resistant. It has since been adopted by  Apple ,  Google , and a number of other services in recent months. While the tech giant added passkey management in the Windows Insider program back in June 2023, the development marks the feature's general availability. "Passkeys are the cross-platform future of secure sign-in management," David Weston, vice president of enterprise and OS Security,  said . "A passkey creates a unique, unguessable cryptographic credential that is securely stored
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families

ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families

Sep 26, 2023 Cybercrime / Malware
Cybersecurity experts have shed light on a new cybercrime group known as  ShadowSyndicate  (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell  said  in a joint technical report. The actor, active since July 16, 2022, has linked to ransomware activity related to Quantum, Nokoyawa, BlackCat, Royal, Cl0p, Cactus, and Play strains, while also deploying off-the-shelf post-exploitation tools like  Cobalt Strike  and  Sliver  as well as loaders such as  IcedID  and  Matanbuchus . The findings are based on a distinct SSH fingerprint (1ca4cbac895fc3bd12417b77fc6ed31d) discovered on 85 servers, 52 of which have been used as command-and-control (C2) for Cobalt Strike. Among those servers are eight different Cobalt Strike license keys (or watermarks). A majority of the servers (23) a
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
Essential Guide to Cybersecurity Compliance

Essential Guide to Cybersecurity Compliance

Sep 26, 2023 Compliance / Penetration Testing
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert's head spin. If you're embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance? Cybersecurity compliance means you have met a set of agreed rules regarding the way you protect sensitive information and customer data. These rules can be set by law, regulatory authorities, trade associations or industry groups.  For example, the GDPR is set by the EU with a wide range of cybersecurity requirements that every organization within its scope must comply with, while ISO 27001 is a voluntary (but internationally recognized) set of best practices for information security management. Customers increasingly expect the assurance that compliance brings, because breaches and data disclosure will
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

Sep 26, 2023 Mobile Security / Malware
An updated version of an  Android banking trojan  called  Xenomorph  has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors. Some of the other targeted prominent countries targeted comprise Spain, Canada, Italy, and Belgium. "This new list adds dozens of new overlays for institutions from the United States, Portugal, and multiple crypto wallets, following a trend that has been consistent amongst all banking malware families in the last year," the company  said  in an analysis published Monday. Xenomorph is a variant of another banker malware called Alien which  first emerged  in 2022. Later that year, the financial malware was propagated via a new dropper dubbed  BugDrop , which bypassed security features in Android 13. A subsequent iter
Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX

Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX

Sep 26, 2023 Cyber Threat / DDoS Protection
How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization's threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from  Fastly's Next-Gen WAF  from Q2 2023 (April 1, 2023 to June 30, 2023). This report looks at traffic originating from IP addresses tagged by Fastly's Network Learning Exchange (NLX), our collective threat intelligence feed that anonymously shares attack source IP addresses across all Next-Gen WAF customer networks. Before diving deeper into the attack observations, here are five key takeaways that we found most significant in our research, covering global traffic across multiple industries, including High Tech, Financial Services, Commerce, Education, and Media and entertainment. Multi-customer attacks: 69% of IPs tagged by NLX targeted multiple customers, and 6
Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

Sep 26, 2023 Cyber Espionage / Malware
A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is  tracking  the activity under the moniker TAG-74, said the adversary has been linked to "Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government, military, and political entities in South Korea, Japan, and Russia." The cybersecurity firm characterized the targeting of South Korean academic institutions as in alignment with China's broader efforts to conduct intellectual property theft and expand its influence, not to mention motivated by the country's strategic relations with the U.S. Social engineering attacks mounted by the adversary make use of Microsoft Compiled HTML Help (CHM) file lures to drop a custom variant of an open-source Visual Basic Script backdoor called  ReVBShell , which subsequently ser
Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

Sep 26, 2023 Vulnerability / Source Code
A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as  CVE-2023-42793 , carries a CVSS score of 9.8 and has been addressed in  TeamCity version 2023.05.4  following responsible disclosure on September 6, 2023. "Attackers could leverage this access to steal source code, service secrets, and private keys, take control over attached build agents, and poison build artifacts," Sonar security researcher Stefan Schiller  said  in a report last week. Successful exploitation of the bug could also permit threat actors to access the build pipelines and inject arbitrary code, leading to an integrity breach and supply chain compromise. It's worth noting that the shortcoming only affects on-premise versions of the JetBrains software. The TeamCity Cloud version has already been updated wit
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

Sep 25, 2023 Cyber Attack / Phishing
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News. The cybersecurity company is tracking the campaign under the name  STARK#VORTEX . The starting point of the attack is a Microsoft Compiled HTML Help (CHM) file that, when opened, runs malicious JavaScript embedded inside one of the HTML pages to execute PowerShell code designed to contact a remote server to fetch an obfuscated binary. The Windows-based payload is decoded to extract the  Merlin Agent , which, in turn, is configured to communicate with a command-and-control (C2) server for post-exploita
Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks

Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks

Sep 25, 2023 Artificial Intelligence / Cybersecurity
Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand.  On the other end of this fencing match: risk. From IP leakage and data privacy risks to the empowering of cybercriminals with AI tools, generative AI presents enterprises with concrete concerns. For example, the mass availability of AI tools was the second most-reported Q2 risk among senior enterprise risk executives — appearing in the top 10 for the first time — according to a  Gartner survey .  In this escalating AI arms race, how can enterprises separate fact from hype and comprehensively manage generative AI risk while accelerating productivity?  Register here and join Zscaler's Will Seaton, Product Marketing Manager, ThreatLabz, to: Uncover the  tangible risks of generative AI  — both for employee AI usage and by threat actors b
Are You Willing to Pay the High Cost of Compromised Credentials?

Are You Willing to Pay the High Cost of Compromised Credentials?

Sep 25, 2023 Password Security / Cybersecurity
Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them?  83% of compromised passwords  would satisfy the password complexity and length requirements of compliance standards. That's because bad actors already have access to billions of stolen credentials that can be used to compromise additional accounts by reusing those same credentials. To strengthen password security, organizations need to look beyond complexity requirements and block the use of compromised credentials. Need stolen credentials? There's a market for that Every time an organization gets breached or a subset of customers' credentials is stolen, there's a high possibility all those passwords end up for sale on the dark web. Remember the  Dropbox and LinkedIn hack  that resulted in 71 million and 117 million stolen passwords? There is an underground market that sells those credentials to hackers which they can then use in cre
From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese

From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese

Sep 25, 2023 Spyware / Cyber Espionage
Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed  EvilBamboo  to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy browser-based exploits against targeted users," Volexity security researchers Callum Roxan, Paul Rascagneres, and Thomas Lancaster said in a report published last week. "Partly through impersonating existing popular communities, the attacker has built communities on online platforms, such as Telegram, to aid in distribution of their malware." EvilBamboo, formerly tracked by the cybersecurity firm under the name Evil Eye, has been linked to multiple attack waves  since at least 2019 , with the threat actor leveraging watering hole attacks to deliver spyware targeting Android and iOS devices. It's also known as Earth Empusa and POISON CARP. The intrusions directed agai
Expert Insights / Articles Videos
Cybersecurity Resources