#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances

Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances

Jun 07, 2024 Cryptojacking / Vulnerability
The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham Singh said in a Thursday analysis. Commando Cat, so named for its use of the open-source Commando project to generate a benign container, was first documented earlier this year by Cado Security. The attacks are characterized by the targeting of misconfigured Docker remote API servers to deploy a Docker image named cmd.cat/chattr, which is then used as a basis to instantiate a container and break out of its confines using the chroot command, and gain access to the host operating system. The final step entails retrieving the malicious miner binary using a curl or wget command fr...
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Jun 06, 2024 Botnet / DDoS Attack
Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution , targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining . Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3") , and ensuring persistence by copying to multiple directories and editing system files. With over 5,000 vulnerable Apache RocketMQ instances still exposed, organizations must update to the latest version to mitigate risks, while securing MS-SQL servers against brute-force attacks and ensuring regular password changes. The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. "Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize the...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Nov 22, 2024Google Workspace / SaaS Backup
Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that's both scalable and adaptable. As companies shift from traditional, on-premises setups focused on device security, to more user-centered, hybrid models, Google Workspace is perfectly positioned to support this evolution. Now, the user account itself is the central hub, allowing access from any device or location — a game changer in today's remote and distributed work environments. However, with all this connectivity and flexibility comes a challenge. Google Workspace connects to countless apps and touches every user in the organization, making it an appealing target for cybercriminals. The platform's internet accessibility opens up additional entry points, raisi...
Third-Party Cyber Attacks: The Threat No One Sees Coming – Here's How to Stop Them

Third-Party Cyber Attacks: The Threat No One Sees Coming – Here's How to Stop Them

Jun 06, 2024 Cyber Hygiene / Threat Detection,
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In an increasingly interconnected world, supply chain attacks have emerged as a formidable threat, compromising not just individual organizations but the broader digital ecosystem. The web of interdependencies among businesses, especially for software and IT vendors, provides fertile ground for cybercriminals to exploit vulnerabilities. By targeting one weak link in the supply chain, threat actors can gain unauthorized access to sensitive information and can conduct malicious activities with severe consequences on multiple organizations, from data breaches and financial losses to widespread disruption and reputational damage. Understanding the nature, impact, and mitigation strategies of supply chain...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Prevent Account Takeover with Better Password Security

Prevent Account Takeover with Better Password Security

Jun 06, 2024 Password Security / Dark Web
Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He's memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web. Now threat actors are working hard to link these leaked credentials back to real-life individuals and their places of work. Before long, a threat actor will use Tom's legitimate email account to send a spear-phishing link to his CEO. This is a common account takeover scenario where malicious attackers gain unauthorized access to the organization's systems, putting critical information and operations at risk. It usually starts with compromised credentials. We'll run through why account takeover is so hard to stop once it starts and why strong password security is the best prevention.  Why are account takeover attacks so...
Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Jun 06, 2024 Endpoint Security / Malware
Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and government industries," Check Point security researcher Jiri Vinopal said in an analysis. The volume of samples packed with BoxedApp and submitted to the Google-owned VirusTotal malware scanning platform witnessed a spike around May 2023, the Israeli cybersecurity firm added, with the artifact submissions mainly originating from Turkey, the U.S., Germany, France, and Russia. Among the malware families distributed in this manner are Agent Tesla, AsyncRAT, LockBit, LodaRAT, NanoCore, Neshta, NjRAT, Quasar RAT, Ramnit, RedLine, Remcos, RevengeRAT, XWorm, and ZXShell. Packers are self-extracting archives that are often used to bundle software and make them smaller. But over the year...
Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Jun 06, 2024 Data Encryption / Privacy
Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by setting it to three months by default, down from the previous limit of 18 months. Google Maps Timeline , as the name implies, helps users track routes, trips, and places they have been to over time, assuming Location History and Web & App Activity settings are enabled. But with the latest change to host the data on users' devices, the company has also said that it's removing the ability to view them on the web. "Since the data shown on your Timeline comes directly from your device, Timeline won't be available on Maps on your computer after your data is moved to your phone," Google noted in a support document. The updates, it added, are gradually rolling out to...
Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Jun 06, 2024 Software Security / Data Theft
Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library named crytic-compile . The rogue package was downloaded 441 times before it was taken down by PyPI maintainers. "The counterfeit library is interesting in that, in addition [to] being named after the legitimate Python utility, 'crytic-compile,' it aligns its version numbers with the real library," Sonatype security researcher Ax Sharma said . "Whereas the real library's latest version stops at 0.3.7, the counterfeit 'crytic-compilers' version picks up right here, and ends at 0.3.11 — giving off the impression that this is a newer version of the component." In a further attempt to keep up the ruse, some versions of crytic-compilers (e.g., 0.3.9) we...
Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

Jun 05, 2024 Cyber Espionage / Threat Intelligence
An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace . "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese state interests," Sophos researchers Paul Jaramillo, Morgan Demboski, Sean Gallagher, and Mark Parsons said in a report shared with The Hacker News. "This includes accessing critical IT systems, performing reconnaissance of specific users, collecting sensitive military and technical information, and deploying various malware implants for command-and-control (C2) communications." The name of the government organization was not disclosed, but the company said the country is known to have repeated conflict with China over territory in the South China Sea , raising the possibility that it may be the Philippines, which has been targeted by Chi...
Unpacking 2024's SaaS Threat Predictions

Unpacking 2024's SaaS Threat Predictions

Jun 05, 2024 SaaS Security / Artificial Intelligence
Early in 2024, Wing Security released its State of SaaS Security report , offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of these issues, ensuring security teams have the necessary tools to face these challenges head-on. In this article, we will revisit our predictions from earlier in the year, showcase real-world examples of these threats in action, and offer practical tips and best practices to help you prevent such incidents in the future. It's also worth noting the overall trend of an increasing frequency of breaches in today's dynamic SaaS landscape, leading organizations to demand timely threat alerts as a vital capability. Industry regulations with upcoming compliance deadlines are demanding similar time-sens...
Expert Insights / Articles Videos
Cybersecurity Resources