#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics

Dec 07, 2023 Threat Intelligence / Cyber Espionage
The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as  Star Blizzard  (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), Gossamer Bear, and TA446. The adversary "continues to prolifically target individuals and organizations involved in international affairs, defense, and logistics support to Ukraine, as well as academia, information security companies, and other entities aligning with Russian state interests," Redmond  said . Star Blizzard , linked to Russia's Federal Security Service (FSB), has a  track record  of setting up lookalike domains that impersonate the login pages of targeted companies. It's known to be active since at least 2017. In August 2023...
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

Dec 07, 2023 Mobile Security / Vulnerability
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as  CVE-2023-45866 , the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. "Multiple Bluetooth stacks have authentication bypass vulnerabilities that permit an attacker to connect to a discoverable host without user confirmation and inject keystrokes," said security researcher  Marc Newlin , who  disclosed  the flaws to the software vendors in August 2023. Specifically, the attack deceives the target device into thinking that it's connected to a Bluetooth keyboard by taking advantage of an "unauthenticated pairing mechanism" that's defined in the Bluetooth specification. Successful exploitation of the flaw could permit an adversary in close physical proximity to connect to a vulnerable device and trans...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'

Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'

Dec 07, 2023 Social Engineering / Cyber Threat
Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human qualities, sharpening their skills to manipulate biases and emotional triggers with the objective of influencing human behaviour to compromise security whether it be personal and organisational security.  More than just a 'human factor' Understanding what defines our humanity, recognizing how our qualities can be perceived as vulnerabilities, and comprehending how our minds can be targeted provide the foundation for identifying and responding when we inevitably become the target. The human mind is a complex landscape that evolved over years of exposure to the natural environment, interactions with others, and lessons drawn from past experiences. As humans, our minds set us apart, marke...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Building a Robust Threat Intelligence with Wazuh

Building a Robust Threat Intelligence with Wazuh

Dec 07, 2023 Threat Intelligence / Network Security
Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the constantly evolving threat landscape. Importance of threat intelligence in the cybersecurity ecosystem Threat intelligence is a crucial part of any cybersecurity ecosystem. A robust cyber threat intelligence program helps organizations identify, analyze, and prevent security breaches. Threat intelligence is important to modern cyber security practice for several reasons: Proactive defense:  Organizations can enhance their overall cyber resilience by integrating threat intelligence into security practices to address the specific threats and risks that are relevant to their industry, geolocation, or technology stack. Threat intelligence allows organizations to identify potential threats in ad...
Governments May Spy on You by Requesting Push Notifications from Apple and Google

Governments May Spy on You by Requesting Push Notifications from Apple and Google

Dec 07, 2023 Privacy / Data Security
Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden  said . "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of that structure, the two companies have visibility into how their customers use apps and could be compelled to provide this information to U.S. or foreign governments." Wyden, in a letter to U.S. Attorney General Merrick Garland, said both Apple and Google confirmed receiving such requests but noted that information about the practice was restricted from public release by the U.S. government, raising questions about the transparency of legal demands they receive from governments. When mobile apps for Android and iOS send push notifications to users' devices, they are ro...
New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand

New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand

Dec 07, 2023 Malware / Security Breach
A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a  nocturnal female spirit  of Southeast Asian folklore, the malware is "able to conceal its own presence during the initialization phase," Group-IB  said  in a report shared with The Hacker News. The exact initial access vector used to deploy Krasue is currently not known, although it's suspected that it could be via vulnerability exploitation, credential brute-force attacks, or downloaded as part of a bogus software package or binary. The malware's core functionalities are realized through a rootkit that masquerades as an unsigned VMware driver and allows it to maintain persistence on the host without attracting any attention. The rootkit is derived from open-source projects such as Diamorphine, Suterusu, and Rooty. This has raised the possibility that...
Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

Dec 07, 2023 Encryption / Data Privacy
Meta has officially begun to  roll out  support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet." "This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of Messenger at Meta,  said  in a post shared on X (formerly Twitter). CEO Mark Zuckerberg, who announced a "privacy-focused vision for social networking" back in 2019,  said  the update comes "after years of work" redesigning the platform. It's worth noting that E2EE for group messaging in Messenger is still in the testing phase. Encrypted chats were first introduced as an opt-in feature called "secret conversations" in Messenger in 2016. Meta's Instagram also has  support for E2EE  for messages and calls but it's "only available in some ...
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

Dec 06, 2023 Access Management / Cloud Security
Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth  said  in a Tuesday analysis. AWS STS is a  web service  that enables users to request temporary, limited-privilege credentials for users to access AWS resources without needing to create an AWS identity. These STS tokens can be valid  anywhere from 15 minutes to 36 hours . Threat actors can steal long-term IAM tokens through a variety of methods like malware infections, publicly exposed credentials, and phishing emails, subsequently using them to determine roles and privileges associated with those tokens via API calls. "Depending on the token's permission level, adversaries may also be able to use it to create additional IAM users with long-term A...
New Report: Unveiling the Threat of Malicious Browser Extensions

New Report: Unveiling the Threat of Malicious Browser Extensions

Dec 06, 2023 Browser Security / Privacy
Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like  DataSpii  and the  Nigelthorn  malware attack have exposed the extent of damage that malicious extensions can inflict. In both cases, users innocently installed extensions that compromised their privacy and security. The underlying issue lies in the permissions granted to extensions. These permissions, often excessive and lacking granularity, allow attackers to exploit them. What can organizations do to protect themselves from the risks of browser extensions without barring them from use altogether (an act that would be nearly impossible to enforce)?  A new report b...
Expert Insights / Articles Videos
Cybersecurity Resources