#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

Apr 02, 2024 Firmware Security / Vulnerability
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as  CVE-2024-3094  (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund alerted to the  presence  of a  backdoor  in the data compression utility that gives remote attackers a way to sidestep secure shell authentication and gain complete access to an affected system. "I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise," Freund said in a post shared on Mastodon. "Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc." "Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I
Harnessing the Power of CTEM for Cloud Security

Harnessing the Power of CTEM for Cloud Security

Apr 02, 2024 Cloud Security / Threat Intelligence
Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What's more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud breach was above the overall average, at $4.75 million. In a time where cloud has become the de facto standard – with 65% of IT decision-makers confirming that cloud-based services are their first choice when upgrading or purchasing new solutions – despite its overwhelming prominence, cloud security still faces multiple challenges.  Security Challenges in the Cloud  One major hurdle is the lack of visibility. Unlike physical servers you can see and touch, cloud resources are often spread across vast networks, making it difficult to monitor for suspicious activity and leaving vulnerabilities undetected. Another challenge is the inconsistency across cloud vendor permission management systems. D
NIST Cybersecurity Framework (CSF) and CTEM – Better Together

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

Sep 05, 2024Threat Detection / Vulnerability Management
It's been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally tailored for Critical infrastructure, 2018's version 1.1 was designed for any organization looking to address cybersecurity risk management.  CSF is a valuable tool for organizations looking to evaluate and enhance their security posture. The framework helps security stakeholders understand and assess their current security measures, organize and prioritize actions to manage risks, and improve communication within and outside organizations using a common language. It's a comprehensive collection of guidelines, best practices, and recommendations, divided into five core functions: Identify, Protec
China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations

China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations

Apr 02, 2024 Cyber Espionage / Threat Intelligence
A threat activity cluster tracked as  Earth Freybug  has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So  said  in a report published today. "It has been observed to target organizations from various sectors across different countries." The cybersecurity firm has described Earth Freybug as a subset within  APT41 , a China-linked cyber espionage group that's also tracked as Axiom, Brass Typhoon (formerly Barium), Bronze Atlas, HOODOO, Wicked Panda, and Winnti. The adversarial collective is known to rely on a combination of living-off-the-land binaries (LOLBins) and custom malware to realize its goals. Also adopted are techniques like dynamic-link library (DLL) hijacking and application programming interface (API) unhooking. Trend Micro said th
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement

Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement

Apr 02, 2024 Browser Security / Data Security
Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser. The  class action , filed in 2020, alleged the company misled users by tracking their internet browsing activity who thought that it remained private when using the "incognito" or "private" mode on web browsers like Chrome. In late December 2023, it  emerged  that the company had consented to settle the lawsuit. The deal is currently pending approval by the U.S. District Judge Yvonne Gonzalez Rogers. "The settlement provides broad relief regardless of any challenges presented by Google's limited record keeping," a court filing on April 1, 2024, said. "Much of the private browsing data in these logs will be deleted in their entirety, including billions of event level data records that reflect class members' private
Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

Apr 02, 2024 Malvertising / Threat Intelligence
The threat actor known as  TA558  has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, the United States, Colombia, Portugal, Brazil, Dominican Republic, and Argentina. Active since at least 2018, TA558 has a  history  of  targeting entities  in the LATAM region to deliver a variety of malware such as Loda RAT, Vjw0rm, and Revenge RAT. The latest infection chain, according to Perception Point researcher  Idan Tarab , leverages phishing emails as an initial access vector to drop  Venom RAT , a fork of Quasar RAT that comes with  capabilities  to harvest sensitive data and commandeer systems remotely. The disclosure comes as threat actors have been increasingly observed using the  DarkGate  malware loader following the  law enforcement takedown of QakBo
Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia

Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia

Apr 01, 2024 Cryptocurrency / Financial Fraud
The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams. The Indian nationals "were lured with employment opportunities to that country but were forced to undertake illegal cyber work," the Ministry of External Affairs (MEA)  said  in a statement, adding it had rescued 75 people in the past three months. It also said it's working with "with Cambodian authorities and with agencies in India to crack down on those responsible for these fraudulent schemes." The development comes in the wake of a  report  from the Indian Express that said more than 5,000 Indians stuck in Cambodia were forced into "cyber slavery" by organized crime rackets to scam people in India and extort money by masquerading as law enforcement authorities in some cases. The report also tracks with an earlier disclosure from INTERPOL, which characterized the situation as  human trafficking-fu
Detecting Windows-based Malware Through Better Visibility

Detecting Windows-based Malware Through Better Visibility

Apr 01, 2024 Malware Detection / Endpoint Security
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national security at risk. But if that wasn't enough – North Korea appears to be  using revenue from cyber attacks to funds its nuclear weapons program . Small and mid-size businesses are increasingly caught in the dragnet of ongoing malware attacks - often due to underfunded IT departments. Exacerbating the problem are complex enterprise security solutions that are often out of reach for many companies - especially when multiple products are seemingly needed to establish a solid defense. Volume-based products that incentivize users to collect less data in order to conserve funds work backward, dampening the anticipated benefits. But what if you could detect many malware attacks holistically with
Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

Apr 01, 2024 Botnet / Mobile Security
Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN's Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user's device into a proxy node without their knowledge. The operation has been codenamed  PROXYLIB  by the company. The 29 apps in question have since been removed by Google. Residential proxies are a network of proxy servers sourced from real IP addresses provided by internet service providers (ISPs), helping users hide their actual IP addresses by routing their internet traffic through an intermediary server. The anonymity benefits aside, they are ripe for abuse by threat actors to not only obfuscate their origins, but also to conduct a wide range of attacks. "When a threat actor uses a residential proxy, the traffic from these
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

Apr 01, 2024 Mobile Security / Data Privacy
The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions," NCC Group researcher Joshua Kamp  said  in a report published last week. Vultur was  first disclosed  in early 2021, with the malware capable of leveraging Android's accessibility services APIs to execute its malicious actions. The malware has been observed to be  distributed via trojanized dropper apps  on the Google Play Store, masquerading as authenticator and productivity apps to trick unwitting users into installing them. These dropper apps are offered as part of a dropper-as-a
Expert Insights / Articles Videos
Cybersecurity Resources