#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

Nov 14, 2023 Pen Testing / Vulnerability Management
In 2023, the global average cost of a data breach reached  $4.45 million . Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity measures might not be cutting it anymore.  Against this backdrop, businesses must find ways to strengthen their measures to safeguard precious data and critical assets. At the heart of this shift lies a key strategy: continuous monitoring. Understanding Continuous Security Monitoring in Cybersecurity Continuous monitoring is a dynamic approach that encompasses several techniques to fulfil a multi-layered defense strategy. These techniques can include:  Risk-Based Vulnerability Management (RBVM): Continuous vulnerability assessments across your network with remediation prioritization based on
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Nov 14, 2023 Cloud Security / Malware
Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed  OracleIV . "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv_latest' and containing Python malware compiled as an ELF executable," Cado researchers Nate Bill and Matt Muir  said . The malicious activity starts with attackers using an HTTP POST request to Docker's API to retrieve a malicious image from Docker Hub, which, in turn, runs a command to retrieve a shell script (oracle.sh) from a command-and-control (C&C) server. Oracleiv_latest  purports to be a MySQL image for docker and has been pulled 3,500 times to date. In a perhaps not-so-surprising twist, the image also includes additional instructions to fetch an XMRig miner and its configuration from the same server. That said, the clo
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
CI/CD Risks: Protecting Your Software Development Pipelines

CI/CD Risks: Protecting Your Software Development Pipelines

Nov 14, 2023
Have you heard about Dependabot? If not, just ask any developer around you, and they'll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects.  Dependabot not only takes care of the checks for you, but also provides suggestions for modifications that can be approved with just a single click. Although Dependabot is limited to GitHub-hosted projects, it has set a new standard for continuous providers to offer similar capabilities. This automation of "administrative" tasks has become a norm, enabling developers to integrate and deploy their work faster than ever before. Continuous integration and deployment workflows have become the cornerstone of software engineering, propelling the DevOps movement to the forefront of the industry. But a  recent advisory  by security firm Checkmarx sheds light on a concerning incident. Malicious actors have recently attempted to exploit the trust associated with D
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
New Campaign Targets Middle East Governments with IronWind Malware

New Campaign Targets Middle East Governments with IronWind Malware

Nov 14, 2023 Cyber Espionage / Threat Intelligence
Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind . The activity, detected between July and October 2023, has been  attributed  by Proofpoint to a threat actor it tracks under the name  TA402 , which is also known as Molerats, Gaza Cyber Gang, and shares  tactical overlaps  with a pro-Hamas hacking crew known as  APT-C-23  (aka Arid Viper). "When it comes to state-aligned threat actors, North Korea, Russia, China, and Iran generally reap the lion's share of attention," Joshua Miller, senior threat researcher at Proofpoint, said in a statement shared with The Hacker News. "But TA402, a Middle Eastern advanced persistent threat (APT) group that historically has operated in the interests of the Palestinian Territories, has consistently proven to be an intriguing threat actor capable of highly sophisticated cyber espionage with a focus on intelligence collection
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers

Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers

Nov 14, 2023 ChatGPT / Malware
The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. "An important feature that sets it apart is that, unlike previous campaigns, which relied on .NET applications, this one used Delphi as the programming language," Kaspersky  said  in a report published last week. Ducktail , alongside  Duckport  and  NodeStealer , is part of a  cybercrime ecosystem  operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts. Such attacks primarily single out users who may have access to a Facebook Business account. The fraudsters then use the unauthorized access to place advertisements for financial gain, perpetuating the infections fur
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

Nov 14, 2023 Cyber Attack / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday  added  five vulnerabilities to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation - CVE-2023-36844  (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845  (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability CVE-2023-36846  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36847  (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36851  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical
New Ransomware Group Emerges with Hive's Source Code and Infrastructure

New Ransomware Group Emerges with Hive's Source Code and Infrastructure

Nov 13, 2023 Cyber Threat / Malware
The threat actors behind a new ransomware group called  Hunters International  have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International," Martin Zugec, technical solutions director at Bitdefender,  said  in a report published last week. Hive, once a prolific ransomware-as-a-service (RaaS) operation, was  taken down  as part of a coordinated law enforcement operation in January 2023. While it's common for ransomware actors to regroup, rebrand, or disband their activities following such seizures, what can also happen is that the core developers can pass on the source code and other infrastructure in their possession to another threat actor. Reports about Hunters International as a possible Hive rebrand  sur
Top 5 Marketing Tech SaaS Security Challenges

Top 5 Marketing Tech SaaS Security Challenges

Nov 13, 2023 SaaS Security / Cyber Threat
Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.  These apps serve as the digital command centers for marketing professionals. They house essential go-to-market strategies, and are often connected to live payment systems authorized to spend substantial budgets. Ensuring their security is a complex task, given the multitude of applications, application owners, configurations within each app, users, interconnected apps and more. In this article, we explore the top Marketing SaaS application use cases, from external users and publicly shared links to connected apps and credit cards — and how to ensure the security and integrity of the data stored within them. 1 . External Users Marketing departments frequently grant
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Nov 13, 2023 National Security / Cyber Attack
Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers  said  in a report last week. "The observed activity aligns with geopolitical goals of the Chinese government as it seeks to leverage their strong relations with Cambodia to project their power and expand their naval operations in the region." Targeted organizations span defense, election oversight, human rights, national treasury and finance, commerce, politics, natural resources, and telecommunications sectors. The assessment stems from the persistent nature of inbound network connections originating from these entities to a China-linked adversarial infrastructure that masquerades as cloud backup and storage services over a "period of several month
Expert Insights / Articles Videos
Cybersecurity Resources