The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF

June 25, 2022The Hacker News
In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet  NIST standards . Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework — a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course  helps you understand this topic, with over 21 hours of video instruction. The training is worth a total of $295, but readers of The Hacker News can  get the course today for only $39 . Special Offer  — Normally priced at $295, this Risk Management Framework course is  now only $39 for a limited time , with lifetime access included. That's a massive 86% discount! Designed by the United States Government, the Risk Management Framework provides a complete guide to securing sensitive data. It also ensures that cybersecurity professionals comply with the various laws, directives, executive orders, and re
Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack

Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack

June 24, 2022Ravie Lakshmanan
A suspected ransomware intrusion attempt against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The  findings  come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously unknown exploit as well as a couple of anti-forensic measures adopted by the actor on the device to erase traces of their actions. The zero-day exploit in question is tracked as CVE-2022-29499 and was fixed by Mitel in April 2022 by means of a remediation script that it shared with customers. It's rated 9.8 out of 10 for severity on the CVSS vulnerability scoring system, making it a critical shortcoming. "A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA) which could allow a malic
Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

June 24, 2022Ravie Lakshmanan
A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in  Google Play Protect  — Android's built-in malware defense service — to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group (TAG)  said  in a Thursday report. Hermit, the work of an Italian vendor named RCS Lab, was  documented  by Lookout last week, calling out its modular feature-set and its abilities to harvest sensitive information such as call logs, contacts, photos, precise location, and SMS messages. Once the threat has thoroughly insinuated itself into a device, it's also equipped to record audio and make and redirect phone calls, besides abusing its permissions to accessibility services on Android to keep tabs on various foreground apps used by the victims. Its modularity also enab
Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys

June 24, 2022Ravie Lakshmanan
Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as well as the endpoint have now been taken down. "Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job," Sharma  said . The malicious code injected into "loglib-modules" and "pygrata-utils" allow the packages to harvest AWS credentials, network interface information, and environment variables and export them to a remote endpoint: "hxxp://graph.pygrata[.]com:8000/upload." Troublingly, the endpoints hosting this information in the form of hundreds of .TXT files were not secu
State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

June 24, 2022Ravie Lakshmanan
A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed  Bronze Starlight  by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0. "The ransomware could distract incident responders from identifying the threat actors' true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese threat group," the researchers  said  in a new report. "In each case, the ransomware targets a small number of victims over a relatively brief period of time before it ceases operations, apparently permanently." Bronze Starlight, active since mid-2021, is also tracked by Microsoft under the emerging threat cluster moniker DEV-0401, with the tech giant empha
New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

June 23, 2022Ravie Lakshmanan
A new malware tool that enables cybercriminal actors to build malicious Windows shortcut ( .LNK ) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder , the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support  UAC  and  Windows SmartScreen  bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities to generate .HTA and disk image (.ISO) payloads. Quantum Builder is available for lease at different price points: €189 a month, €355 for two months, €899 for six months, or as a one-off lifetime purchase for €1,500. ".LNK files are shortcut files that reference other files, folders, or applications to open them," Cyble researchers  said  in a report. "The [threat actor] leverages the .LNK files and drops malicious payloads using  LOLBins  [living-off-the-land binaries]." Early evidence of malware samples using Quantum Builder in the wild is said to da
Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

June 23, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and [Unified Access Gateway] servers," the agencies  said . "As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command-and-control (C2)." In one instance, the adversary is said to have been able to move laterally inside the victim network, obtain access to a disaster recovery network, and collect and exfiltrate sensitive law enforcement data. Log4Shell , tracked as  CVE-2021-44228  (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.