The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a maximum security prison at Belmarsh for what was described by the U.S. government as the "largest compromises of classified information" in its history. Capping off a 14-year legal saga, Assange, 52, pleaded guilty to one criminal count of conspiring to obtain and disclose classified U.S. national defense documents. He is due to be sentenced to 62 months of time already served in the Pacific island of Saipan later this week. According to the Associated Press , the hearing is taking place there because of Assange's "opposition to traveling to the continental U.S. and the court's proximity to Australia." "This is the result of a global campaign that spanned grass-roots organizers, press freedom campaigners, legislators and leaders from across the political spectrum, all the way to the United Nations," WikiLeaks said in a...

Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien Nguyen), Nguyen Trang Xuyen, and Nguyen Van Truong (aka Chung Nguyen), have been accused of conducting phishing campaigns and supply chain compromises to orchestrate cyber attacks and steal millions of dollars. "From at least May 2018 through October 2021, the defendants hacked the computer networks of victim companies throughout the United States and used their access to steal or attempt to steal non-public information, employee benefits, and funds," the U.S. Department of Justice said in an unsealed indictment last week. According to court documents, the individuals – after successfully gaining initial access to target networks – stole gift card data, personally identifiable informat...

Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model , exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity measures.  The Essence of Shared Responsibility  Think of cloud security like a well-maintained building: the property manager handles structural integrity and common areas, while tenants secure their individual units. Similarly, the shared responsibility model creates a clear division of security duties between cloud providers and their users. This partnership approach ensures comprehensive protection through clearly defined roles and responsibilities.  What Your Cloud Provider Handles  Microsoft maintains comprehensive responsibility for securing the foundational eleme...

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server," Wordfence security researcher Chloe Chamberland said in a Monday alert. "In addition, it appears the threat actor also injected malicious JavaScript into the footer of websites that appears to add SEO spam throughout the website." The admin accounts have the usernames "Options" and "PluginAuth," with the account information exfiltrated to the IP address 94.156.79[.]8. It's currently not known how the unknown attackers behind the campaign managed to compromise the plugins, but the earliest signs of the software supply chain attack date back to June 21, 2024. The plugins in question are no longer available for downlo...

Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target codebase," Google Project Zero researchers Sergei Glazunov and Mark Brand said . "The agent is provided with a set of specialized tools designed to mimic the workflow of a human security researcher." The initiative is so named for the fact that it allows humans to "take regular naps" while it assists with vulnerability research and automating variant analysis. The approach, at its core, seeks to take advantage of advances in code comprehension and general reasoning ability of LLMs, thus allowing them to replicate human behavior when it comes to identifying and demonstrating security vulnerabilities. It encompasses several components such as a Code Browser tool...

Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032 , the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version 0.1.34 released on May 7, 2024. Ollama is a service for packaging, deploying, running large language models (LLMs) locally on Windows, Linux, and macOS devices. At its core, the issue relates to a case of insufficient input validation that results in a path traversal flaw an attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution. The shortcoming requires the threat actor to send specially crafted HTTP requests to the Ollama API server for successful exploitation. It specifically takes advantage of the API endpoint "/api/pull...

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  Cybersecurity professionals are facing unprecedented challenges as they strive to manage increasing workloads amidst limited budgets, inadequate staffing, and growing attack surfaces. Research indicates that a majority of these professionals find their jobs more difficult than ever, and a significant number are contemplating leaving their current positions due to the stress and demands of the role. The value of cyber threat intelligence (CTI) in anticipating and mitigating potential attacks is widely recognized. However, security teams face several challenges in effectively utilizing CTI insights, which can turn a powerful cyber defense weapon into an additional burden that security professionals must ...

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name RedJuliett , describing it as a cluster that operates from Fuzhou, China, to support Beijing's intelligence collection goals related to the East Asian country. It's also tracked under the names Flax Typhoon and Ethereal Panda . Among other countries targeted by the adversarial collective include Djibouti, Hong Kong, Kenya, Laos, Malaysia, the Philippines, Rwanda, South Korea, and the U.S. In all, as many as 24 victim organizations have been observed communicating with the threat actor infrastructure, including government agencies in Taiwan, Laos, Kenya, and Rwanda. It's also estimated to have targeted at least 75 Taiwanese entities for broader reconnaissance and follow-on exploita...

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities from data theft to device manipulation," Check Point said in an analysis published last week. It boasts a wide range of features, such as the ability to wipe SD cards, delete call logs, siphon notifications, and even act as ransomware. The use of Rafel RAT by DoNot Team (aka APT-C-35, Brainworm, and Origami Elephant) was previously highlighted by the Israeli cybersecurity company in cyber attacks that leveraged a design flaw in Foxit PDF Reader to trick users into downloading malicious payloads. The campaign, which took place in April 2024, is said to have utilized military-them...

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang ," Positive Technologies researchers Vladislav Lunin and Alexander Badayev said in a technical report published this week. "Cobalt attacked financial institutions to steal funds. One of Cobalt's hallmarks was the use of the CobInt tool , something ExCobalt began to use in 2022." Attacks mounted by the threat actor have singled out various sectors in Russia over the past year, including government, information technology, metallurgy, mining, software development, and telecommunications. Initial access to environments is facilitated by taking advantage of a previously compromised contractor and a supply chain attack, wherein the adversary infected a component used to bu...