#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

Dec 01, 2023 Mobile Security / Banking Security
Cybersecurity researchers have disclosed a new sophisticated Android malware called  FjordPhantom  that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app security firm Promon  said  in an analysis published Thursday. Propagated mainly via email, SMS, and messaging apps, attack chains trick recipients into downloading a purported banking app that comes fitted with legitimate features but also incorporates rogue components. Victims are then subjected to a social engineering technique akin to telephone-oriented attack delivery ( TOAD ), which involves calling a bogus call center to receive step-by-step instructions for running the app. A key characteristic of the malware that sets it apart from other banking trojans of its kind is th...
Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats

Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats

Dec 01, 2023 Malware / Cyber Threat
The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation strategies, and offers guidance on determining past infections. The Takedown and Its Limitations During the takedown operation, law enforcement secured court orders to remove Qakbot malware from infected devices remotely. It was discovered that the malware had infected a substantial number of devices, with 700,000 machines globally, including 200,000 computers in the U.S., being compromised at the time of the takedown. However, recent reports suggest that Qakbot is still active but in a diminished state. The absence of arrests during the takedown operation indicates that only the command-and-cont...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan

Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan

Dec 01, 2023 Malware / Cyber Espionage
A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called  SugarGh0st RAT . The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the malware, which is a customized variant of  Gh0st RAT  (aka Farfli). It comes with features to "facilitate the remote administration tasks as directed by the C2 and modified communication protocol based on the similarity of the command structure and the strings used in the code," Cisco Talos researchers Ashley Shen and Chetan Raghuprasad  said . The attacks commence with a phishing email bearing decoy documents, opening which activates a multi-stage process that leads to the deployment of SugarGh0st RAT. The decoy documents are incorporated within a heavily obfuscated JavaScript dropper that's contained within a Windows Shortcut file ...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks

Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks

Dec 01, 2023 Network Security / Cyber Attack
The most recent  Gcore Radar report  and  its aftermath  have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks  reached 800 Gbps , but now, even a peak as high as 1.5+ Tbps is unsurprising. To try and break through Gcore's defenses, perpetrators made two attempts with two different strategies. Read on to discover what happened and learn how the security provider stopped the attackers in their tracks without affecting end users' experiences. A Powerful DDoS Attacks In November 2023, one of Gcore's customers from the gaming industry was targeted by two massive DDoS attacks, peaking at 1.1 and 1.6 Tbps respectively. The attackers deployed various techniques in an unsuccessful attempt to compromise Gcore's protective mechanisms. Attack #1: 1.1 Tbps UDP-based DDoS In the first cyber assault, the attackers sent a barrage of UDP traffic to a target server, peaking at 1.1 Tbps. Two...
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Dec 01, 2023 Privacy / Data Protection
Meta-owned WhatsApp has launched a new  Secret Code  feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been  described  as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else." Secret Code builds on another feature called  Chat Lock  that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics. By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted. "You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added. The development comes weeks after What...
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents

U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents

Dec 01, 2023 Cyber Espionage / Cryptocurrency
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion. The agents, the Treasury  said , helped in " revenue generation  and missile-related technology procurement that support the DPRK's weapons of mass destruction (WMD) programs." The sanctions against Kimsuky, which have been levied for gathering intelligence to support the regime's strategic objectives, come more than four years after the OFAC  imposed   similar measures  against the Lazarus Group and its offshoots  Andariel  and  BlueNoroff  in September 2019. The actions are in  response  to North Korea's launch of a military reconnaissance satellite late last month, the Treasury added. They also arrive a day after a virtual currency mixer service called Sinbad was  san...
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Dec 01, 2023 Firewall / Network Security
Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The  three vulnerabilities  are listed below - CVE-2023-35138  (CVSS score: 9.8) - A command injection vulnerability that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted HTTP POST request. CVE-2023-4473  (CVSS score: 9.8) - A command injection vulnerability in the web server that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. CVE-2023-4474  (CVSS score: 9.8) - An improper neutralization of special elements vulnerability that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. Also patched by Zyxel are three hi...
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Dec 01, 2023 Spyware / Threat Analysis
Apple has  released  software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916  - An out-of-bounds read issue that could be exploited to leak sensitive information when processing web content. CVE-2023-42917  - A memory corruption bug that could result in arbitrary code execution when processing web content. Apple said it's aware of reports exploiting the shortcomings "against versions of iOS before iOS 16.7.1," which was released on October 10, 2023. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the twin flaws. The iPhone maker did not provide additional information regarding ongoing exploitation, but previously disclosed zero-days in iOS have been used to...
Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Nov 30, 2023 Machine Learning / Email Security
Google has revealed a new multilingual text vectorizer called  RETVec  (short for Resilient and Efficient Text Vectorizer) to  help detect  potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more," according to the  project's description  on GitHub. "The RETVec model is trained on top of a novel character encoder which can encode all UTF-8 characters and words efficiently." While huge platforms like Gmail and YouTube rely on text classification models to spot phishing attacks, inappropriate comments, and scams, threat actors are known to devise counter-strategies to bypass these defense measures. They have been observed resorting to adversarial text manipulations, which range from the use of homoglyphs to keyword stuffing to invisible characters. RETVec , which works on over 100 langua...
Expert Insights / Articles Videos
Cybersecurity Resources