#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

The Hacker News | #1 Trusted Cybersecurity News Site

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

Feb 01, 2023 Gaming / Cyber Attack
A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the  ICE London 2023  gaming industry trade fair event that's scheduled next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name  Ice Breaker , stating the intrusions employ clever social engineering tactics to deploy a JavaScript backdoor. The attack sequence proceeds as follows: The threat actor poses as a customer while initiating a conversation with a support agent of a gaming website and urges the individual on the other end to open a screenshot image hosted on Dropbox. Security Joes said that the threat actor is "well-aware of the fact that the customer service is human-operated." Clicking the malicious link sent in the chat leads to the retrieval of an LNK payload or, alternatively, a VBScript file as a backup option, the former of which is configured to download and run an MSI package containin
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

Feb 01, 2023 Enterprise Security
A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the  Google Admin console , including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," Google  states  in its documentation. That's where the  exploit  – dubbed Shady Hacking 1nstrument Makes Machine Enrollment Retreat aka  SH1MMER  – comes in, allowing users to bypass these admin restrictions. The method is also a reference to shim, a Return Merchandise Authorization (RMA) disk image used by service center technicians to reinstall the operating system and run diagnosis and repair programs. The Google-signed  shim image  is a "combination of existing Chrome OS  factory bundle  components" – namely a release image, a toolkit, and the firmware, amon
cyber insurance

external linkEliminating SaaS Shadow IT is Now Available via a Free Self-Service Product

websitewww.wing.securitySaaS Security / Shadow IT
This new product provides IT and Security visibility into the risky SaaS apps employees are using.
Auditing Kubernetes with Open Source SIEM and XDR

Auditing Kubernetes with Open Source SIEM and XDR

Feb 01, 2023 SIEM / Kubernetes
Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure. What is Kubernetes? Kubernetes is an open source container management solution that automates the deployment and scaling of containers and also manages the life cycle of containers. It organizes containers into logical units for simple management and discovery. Kubernetes extends how we scale containerized applications so that we may use a truly persistent infrastructure. You can build cloud-native applications based on microservices with Kubernetes. Enthusiasts view Kubernetes as the cornerstone of application m
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

Feb 01, 2023 Payment Security / Risk
The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as  Prilex  have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky  said  it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its criminal scheme a notch higher. Having evolved out of ATM-focused malware into PoS malware over the years since going operational in 2014, the threat actor steadily incorporated new features that are designed to facilitate credit card fraud, including a technique called  GHOST transactions . While contactless payments have taken off in a big way, in part due to the COVID-19 pandemic, the underlying motive behind the new functionality is to disable the feature so as to force the user to insert the card into the PIN pad. To that end, the latest version of Prilex, which Kaspersky discover
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Feb 01, 2023 Enterprise Security / Authentication
Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious  OAuth  applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting permissions to the fraudulent apps," the tech giant  said . "This phishing campaign targeted a subset of customers primarily based in the U.K. and Ireland." Consent phishing is a  social engineering attack  wherein users are tricked into granting permissions to malicious cloud applications, which can then be weaponized to gain access to legitimate cloud services and sensitive user data. The Windows maker said it became aware of the campaign on December 15, 2022. It has since alerted affected customers via email, with the company noting that the threat actors abused the conse
Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Feb 01, 2023 Server and Cloud Security
Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after  three security vulnerabilities  were brought to light in the same product. Firmware security firm Eclypsium  said  the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, collectively tracked as  BMC&C , could act as springboard for cyber attacks, enabling threat actors to obtain remote code execution and unauthorized device access with superuser permissions. The two new flaws in question are as follows - CVE-2022-26872  (CVSS score: 8.3) - ​​Password reset interception via API CVE-2022-40258  (CVSS score: 5.3) - Weak password hashes for Redfish and API Specifically, MegaRAC has been found to use the MD5 hashing algorithm with a global salt for older devices, or  SHA-512 with per user salts  on newer appliances, potentially allowing a threat actor to crack the
You Don't Know Where Your Secrets Are

You Don't Know Where Your Secrets Are

Jan 31, 2023 Secret Management / DevSecOps
Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases. It might sound ridiculous at first: keeping secrets is an obvious first thought when thinking about security in the development lifecycle. Whether in the cloud or on-premise, you know that your secrets are safely stored behind hard gates that few people can access. It is not just a matter of common sense since it's also an essential compliance requirement for security audits and certifications. Developers working in your organization are well-aware that secrets should be handled with special care. They have put in place specific tools and procedures to correctly create, communicate, and rotate human or machine credentials. Still, do you know where your secrets are?
New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

Jan 31, 2023 Cyber War / Malware
The Russia-affiliated Sandworm used yet another wiper malware strain dubbed  NikoWiper  as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on  SDelete , a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET  revealed  in its latest APT Activity Report shared with The Hacker News. The Slovak cybersecurity firm said the attacks coincided with  missile strikes  orchestrated by the Russian armed forces aimed at the Ukrainian energy infrastructure, suggesting overlaps in objectives. The disclosure comes merely days after ESET attributed Sandworm to a Golang-based data wiper known as  SwiftSlicer  that was deployed against an unnamed Ukrainian entity on January 25, 2023. The advanced persistent threat (APT) group linked to Russia's foreign military intelligence agency GRU has also been implicated in a partially successful attack targeting national
Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

Jan 31, 2023 Threat Detection / Malware
A shellcode-based  packer  dubbed  TrickGate  has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically," Check Point Research's Arie Olshtein  said , calling it a "master of disguises." Offered as a service to other threat actors since at least late 2016, TrickGate helps conceal payloads behind a layer of wrapper code in an attempt to get past security solutions installed on a host. Packers can also function as crypters by encrypting the malware as an obfuscation mechanism. "Packers have different features that allow them to circumvent detection mechanisms by appearing as benign files, being difficult to reverse engineer, or incorporating sandbox evasion tec
More Resources