#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Latest Multi-Stage Attack Scenarios with Real-World Examples

Latest Multi-Stage Attack Scenarios with Real-World Examples

Nov 27, 2024 Malware / Threat Intelligence
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of the most common multi-stage attack scenarios that are active right now. URLs and Other Embedded Content in Documents Attackers frequently hide malicious links within seemingly legitimate documents, such as PDFs or Word files. Upon opening the document and clicking the embedded link, users are directed to a malicious website. These sites often employ deceptive tactics to get the victim to download malware onto their computer or share their passwords. Another popular type of embedded content is QR codes. Attackers conceal malicious URLs within QR codes and insert them into documents. This strategy forces users to turn to their mobile devices to scan the code, which then directs them to ph...
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

Nov 27, 2024 Malware / Cyber Espionage
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack, an email purporting to be from a prospective employee was sent to the organization's recruiting contact, infecting the contact with malware," the agency said . APT-C-60 is the moniker assigned to a South Korea-aligned cyber espionage group that's known to target East Asian countries. In August 2024, it was observed exploiting a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to drop a custom backdoor called SpyGlace. The attack chain discovered by JPCERT/CC involves the use of a phishing email that contains a link to a file hosted on Goo...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

Nov 27, 2024 Cybercrime / Financial Fraud
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti , the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email compromise (BEC), digital extortion, and online scams. The participating nations in the operation were Algeria, Angola, Benin, Cameroon, Côte d'Ivoire, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe. These activities, which ranged from online credit card fraud and Ponzi schemes to investment and multi-level marketing scams, victimized more than 35,000 people, leading to financial losses nearly amounting to $193 million across the world. In connection with the $6 million online Ponzi ...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

Nov 27, 2024 IoT Security / Network Security
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DDoS) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a do-it-all-yourself approach to cyberattacks," Assaf Morag, director of threat intelligence at cloud security firm Aqua, said . There is evidence to suggest that the operation is the work of a lone wolf actor, a script kiddie of Russian origin. The attacks have primarily targeted IP addresses located in China, Japan, and to a lesser extent Argentina, Australia, Brazil, Egypt, India, and the U.S. The absence of Ukraine in the victimology footprint indicates that the attackers are purely driven by financial motivations, the cloud security firm said. The attack chains are characterized by ...
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Nov 26, 2024 Vulnerability / Website Security
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781 , carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions 6.44 and 6.45 released this month. Installed on over 200,000 WordPress sites, CleanTalk's Spam protection,f Anti-Spam, FireWall plugin is advertised as a "universal anti-spam plugin" that blocks spam comments, registrations, surveys, and more. According to Wordfence, both vulnerabilities concern an authorization bypass issue that could allow a malicious actor to install and activate arbitrary plugins. This could then pave the way for remote code execution if the activated plugin is vulnerable of its own. The plugin is "vulnerable to unauthorized Arbitrary Plugin ...
Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

Nov 26, 2024 Pentest / Vulnerability Assessment
When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That's why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize real threats. What is Intel? Intel was created to fill a gap in the resources available for tracking emerging vulnerabilities. When one of Intruder's go-to tools shut down last year, the team set out to build a solution that would not only meet their needs but also benefit the wider infosec community. Intel tracks the top trending CVEs from the past 24 hours and assigns each a 'hype score' - a rating out of 100, benchmarked against the year's highest levels. Alongside real-time insights, Intel features expert commentary from Intruder's Security team and consolidates the latest information from trusted sources like NVD and CISA, all in one place. 5 Ways Intel Helps You Stay Ahead Keep on top of trends: I...
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

Nov 26, 2024 Vulnerability / Cybercrime
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) – which in this case led to the installation of RomCom's backdoor on the victim's computer," ESET said in a report shared with The Hacker News. The vulnerabilities in question are listed below - CVE-2024-9680 (CVSS score: 9.8) - A use-after-free vulnerability in Firefox's Animation component (Patched by Mozilla in October 2024)  CVE-2024-49039 (CVSS score: 8.8) - A privilege escalation vulnerability in Windows Task Scheduler (Patched by Microsoft in November 2024) RomCom , also known as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and...
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Nov 26, 2024 Cyber Espionage / Vulnerability
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.  Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed MASOL RAT (aka Backdr-NQ) on Linux systems belonging to Southeast Asian government networks. In all, Earth Estries is estimated to have successfully compromised more than 20 entities spanning telecommunications, technology, consulting, chemical, and transportation industries, government agencies, and non-profit organization (NGO) sectors. Victims have been identified across over a dozen countries, including Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, the U.S., and Vietnam. Earth Estries shares overlap with clusters t...
CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks

CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks

Nov 26, 2024 Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities ( KEV ) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that could be exploited to achieve arbitrary code execution remotely. Fixes (version 9.4.0.484) for the security shortcoming were released by the network hardware vendor in March 2023.  "Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication," Array Networks said. "The product can be exploited through a vulnerable URL." The inclusion to KEV catalog comes shortly after cybersecurity company Trend...
Google's New Restore Credentials Tool Simplifies App Login After Android Migration

Google's New Restore Credentials Tool Simplifies App Login After Android Migration

Nov 25, 2024 Mobile Security / Privacy
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's Credential Manager API , the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement. "With Restore Credentials, apps can seamlessly onboard users to their accounts on a new device after they restore their apps and data from their previous device," Google's Neelansh Sahai said . The tech giant said the process occurs automatically in the background when a user restores apps and data from a previous device, enabling apps to sign users back into the respective accounts without requiring any additional interaction. This is accomplished by means of what's called a restore key, which, in reality, is a public key that's compatible with FIDO2 standards such as passkeys. Thus when a user signs in to an app that...
PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot

Nov 25, 2024 Software Supply Chain / Malware
The administrators of the Python Package Index (PyPI) repository have quarantined the package " aiocpa " following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date. By putting the Python library in quarantine, it prevents further installation by clients and cannot be modified by its maintainers.  Cybersecurity outfit Phylum, which shared details of the software supply chain attack last week, said the author of the package published the malicious update to PyPI, while keeping the library's GitHub repository clean in an attempt to evade detection. It's currently not clear if the original developer was behind the rogue update or if their credentials were compromised by a different threat actor. Signs of malicious activity were first spotted i...
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)

Nov 25, 2024 Cybersecurity / Critical Updates
We hear terms like "state-sponsored attacks" and "critical vulnerabilities" all the time, but what's really going on behind those words? This week's cybersecurity news isn't just about hackers and headlines—it's about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn't just about stolen data—it's about power. Hackers are positioning themselves to control the networks we rely on for everything, from making calls to running businesses. And those techy-sounding CVEs? They're not just random numbers; they're like ticking time bombs in the software you use every day, from your phone to your work tools. These stories aren't just for the experts—they're for all of us. They show how easily the digital world we trust can be turned against us. But they also show us the power of staying informed and prepared. Dive into this week's recap, and let's uncover the risks, the solutions, and the small steps we can all take to stay a...
Expert Insights / Articles Videos
Cybersecurity Resources