#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

The Hacker News | #1 Trusted Cybersecurity News Site

Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps

Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps

Dec 08, 2022 Mobile Security / Android Malware
Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as  ERMAC ,  Erbium ,  Aurora , and  Laplas , according to a  ThreatFabric report  shared with The Hacker News. "This campaign resulted in thousands of victims," the Dutch cybersecurity company said, adding, "Erbium stealer successfully exfiltrated data from more then 1,300 victims." The ERMAC infections commence with a fraudulent website that claims to offer Wi-Fi authorization software for Android and Windows that, when installed, comes with features to steal seed phrases from crypto wallets and other sensitive data. ThreatFabric said it also found a number of malicious apps that were trojanized versions of legitimate apps like Instagram, with the operators using them as droppers to deliver the obfuscated malicious payload. The rogue apps, dubbed Zombin
COVID-bit: New COVert Channel to Exfiltrate Data from Air-Gapped Computers

COVID-bit: New COVert Channel to Exfiltrate Data from Air-Gapped Computers

Dec 08, 2022 Data Protection / Computer Security
An unconventional data exfiltration method leverages a previously undocumented covert channel to leak sensitive information from air-gapped systems. "The information emanates from the air-gapped computer over the air to a distance of 2 m and more and can be picked up by a nearby insider or spy with a mobile phone or laptop," Dr. Mordechai Guri , the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel and the head of Offensive-Defensive Cyber Research Lab, said in a  new paper  shared with The Hacker News. The mechanism, dubbed  COVID-bit , leverages malware planted on the machine to generate electromagnetic radiation in the 0-60 kHz frequency band that's subsequently transmitted and picked up by a stealthy receiving device in close physical proximity. This, in turn, is made possible by exploiting the dynamic power consumption of modern computers and manipulating the momentary loads on CPU cores. COVID-bit is the 
Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections

Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections

Dec 08, 2022 Data Protection / E2E Encryption
Apple on Wednesday  announced  a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted (E2EE) data backups in its iCloud service. The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and message backups, iCloud Drive, Notes, Photos, Reminders, Voice Memos, Safari Bookmarks, Siri Shortcuts, and Wallet Passes. The iPhone maker said the only major iCloud data categories that are still not protected by E2EE are Mail, Contacts, and Calendar because of the "need to interoperate with the global email, contacts, and calendar systems" that use legacy technologies. Advanced Data Protection's E2EE protections for iCloud also mean that users' personal data can only be decrypted on their trusted devices, which retain the encryption keys. "If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help
Best Year-End Cybersecurity Deals from Uptycs, SANS Institute, and Bitdefender

Best Year-End Cybersecurity Deals from Uptycs, SANS Institute, and Bitdefender

Dec 08, 2022 XDR Solution / Endpoint Security
Looking to up your cybersecurity game in the new year? Do not just buy electronics this vacation season, improve your cybersecurity! The end of the year is a great time to re-evaluate your cybersecurity strategy and make some important investments in protecting your personal and professional data. Cyber threats are constantly evolving and becoming more sophisticated, so it's important to stay on top of your security game. Investing in cybersecurity is not just about protecting your business from potential threats. It's also about gaining a competitive edge and earning the trust of your customers. In today's connected world, customers expect companies to prioritize their security. By investing in cybersecurity, you can show your customers that you value their data and their loyalty. One of the best ways to do this is to take advantage of year-end offers from top cybersecurity companies. Many of these companies offer special discounts on their products and services at thi
Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

Dec 08, 2022 Patch Management / Zero-Day
An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent  Itaewon Halloween crowd crush  to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by  ScarCruft , which is also called APT37, InkySquid, Reaper, and Ricochet Chollima. "The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists, and human rights activists," TAG  said  in a Thursday analysis. The new findings illustrate the threat actor's continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like  BLUELIGHT and Dolphin , the latter of which was disclosed by Slovak cybersecurity firm ESET late last month. Another key tool in its arsenal is  RokRat , a Windows-based remo
Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack

Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack

Dec 08, 2022 APT Attack / Data Security
An Iranian advanced persistent threat (APT) actor known as  Agrius  has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, referred to as Fantasy by ESET, is believed to have been delivered via a supply-chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022. Victims include HR firms, IT consulting companies, and a diamond wholesaler in Israel; a South African entity working in the diamond industry; and a jeweller based in Hong Kong. "The Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware, as Apostle originally did, ESET researcher Adam Burgher  disclosed  in a Wednesday analysis. "Instead, it goes right to work wiping data." Apostle was  first documented  by SentinelOne in May 2021 as a wiper-turned-ransomware that was deployed in destructive attacks ag
Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

Dec 07, 2022 Cyber Crime / Ransomware
The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments, manufacturing, retail, and legal services, according to an  analysis of leak site data  by Palo Alto Networks Unit 42. The cybersecurity company called Vice Society one of the "most impactful ransomware gangs of 2022." Of the 100 organizations affected in total, 35 cases have been reported from the U.S., followed by 18 in the U.K., seven in Spain, six each in Brazil and France, four each in Germany and Italy, and three cases in Australia. Active since May 2021, Vice Society stands apart from other ransomware crews in that it does not use a ransomware variant of its own, rather relying on pre-existing ransomware binaries such as HelloKitty and Zeppelin that are sold on underground forums.
How XDR Helps Protect Critical Infrastructure

How XDR Helps Protect Critical Infrastructure

Dec 07, 2022 SIEM / XDR / Threat intelligence
Critical infrastructure is important for societal existence, growth, and development. Societies are reliant on the services provided by critical infrastructure sectors like telecommunication, energy, healthcare, transportation, and information technology. Safety and security are necessary for the optimal operation of these critical infrastructures. Critical infrastructure is made up of digital and non-digital assets. Organizations must stay ahead of cybersecurity threats to prevent failures caused by cyber attacks on critical infrastructure. Finding ways to protect digital assets in an ever-changing landscape filled with threats is a continuous activity. Organizations must also employ efficient security solutions and best practices to stay protected and reduce the chances of compromise. Security solutions help secure and improve the visibility of an organization's threat landscape. Different solutions use different concepts and approaches. An important concept that has risen recently
Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities

Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities

Dec 07, 2022 Spear Phishing / Cyber Espionage
The China-linked nation-state hacking group referred to as  Mustang Panda  is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which  analyzed  a RAR archive file titled "Political Guidance for the new EU approach towards Russia.rar." Some of the targeted countries include Vietnam, India, Pakistan, Kenya, Turkey, Italy, and Brazil. Mustang Panda is a prolific cyber-espionage group from China that's also tracked under the names Bronze President, Earth Preta, HoneyMyte, RedDelta, and Red Lich. It's believed to be active since at least July 2018, per Secureworks'  threat profile , although indications are that the threat actor has been targeting entities worldwide as early as 2012. Mustang Panda is known to heavily rely on sending weaponized attachments via phishing emails to achieve initial infection, with the intrusions eventually le
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.