The Hacker News | #1 Trusted Cybersecurity News Site

Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand.  On the other end of this fencing match: risk. From IP leakage and data privacy risks to the empowering of cybercriminals with AI tools, generative AI presents enterprises with concrete concerns. For example, the mass availability of AI tools was the second most-reported Q2 risk among senior enterprise risk executives — appearing in the top 10 for the first time — according to a  Gartner survey .  In this escalating AI arms race, how can enterprises separate fact from hype and comprehensively manage generative AI risk while accelerating productivity?  Register here and join Zscaler's Will Seaton, Product Marketing Manager, ThreatLabz, to: Uncover the  tangible risks of generative AI  — both for employee AI usage and by threat actors b

Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them?  83% of compromised passwords  would satisfy the password complexity and length requirements of compliance standards. That's because bad actors already have access to billions of stolen credentials that can be used to compromise additional accounts by reusing those same credentials. To strengthen password security, organizations need to look beyond complexity requirements and block the use of compromised credentials. Need stolen credentials? There's a market for that Every time an organization gets breached or a subset of customers' credentials is stolen, there's a high possibility all those passwords end up for sale on the dark web. Remember the  Dropbox and LinkedIn hack  that resulted in 71 million and 117 million stolen passwords? There is an underground market that sells those credentials to hackers which they can then use in cre

Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed  EvilBamboo  to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy browser-based exploits against targeted users," Volexity security researchers Callum Roxan, Paul Rascagneres, and Thomas Lancaster said in a report published last week. "Partly through impersonating existing popular communities, the attacker has built communities on online platforms, such as Telegram, to aid in distribution of their malware." EvilBamboo, formerly tracked by the cybersecurity firm under the name Evil Eye, has been linked to multiple attack waves  since at least 2019 , with the threat actor leveraging watering hole attacks to deliver spyware targeting Android and iOS devices. It's also known as Earth Empusa and POISON CARP. The intrusions directed agai

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims' machines, each cluster is characterized by distinct tools, modus operandi, and infrastructure," Palo Alto Networks Unit 42 researchers Lior Rochberger, Tom Fakterman, and Robert Falcone  said  in an exhaustive three-part report. The attacks, which targeted different governmental entities such as critical infrastructure, public healthcare institutions, public financial administrators and ministries, have been attributed with moderate confidence to three disparate clusters tracked as  Stately Taurus  (aka Mustang Panda),  Alloy Taurus  (aka Granite Typhoon), and  Gelsemium . Mustang Panda Uses TONESHELL Variant and ShadowPad "The attackers conducted a cyberespionage operation th

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed  Deadglyph  employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET  said  in a  new report  shared with The Hacker News. "This combination is unusual because malware typically uses only one programming language for its components. This difference might indicate separate development of those two components while also taking advantage of unique features of the distinct programming languages they utilize." It's also suspected that the use of different programming languages is a deliberate tactic to hinder analysis, making it a lot more challenging to navigate and debug. Unlike other traditional backdoors of its kind, the commands are received from an actor-controlled server in the form of additi

The  three zero-day flaws  addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called  Predator  targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly  stated his plans  to run for President in the 2024 Egyptian elections," the Citizen Lab  said , attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool. According to a joint investigation conducted by the Canadian interdisciplinary laboratory and Google's Threat Analysis Group (TAG), the mercenary surveillance tool is said to have been delivered via links sent on SMS and WhatsApp. "In August and September 2023, Eltantawy's Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called  BBTok , particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number," Check Point  said  in research published this week. The payloads are generated by a custom server-side PowerShell script and are unique for each victim based on the operating system and country, while being delivered via phishing emails that leverage a variety of file types. BBTok is a Windows-based banking malware that  first surfaced  in 2020. It's equipped with features that run the typical trojan gamut, allowing it to enumerate and kill processes, issue remote commands, manipulate keyboard, and serve fake login pages for banks operating in the two countries. The attack cha

Thorough, independent tests are a vital resource for analyzing provider's capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual  MITRE Engenuity ATT&CK Evaluation .  This testing is critical for evaluating vendors because it's virtually impossible to evaluate cybersecurity vendors based on their own performance claims. Along with vendor reference checks and proof of value evaluations (POV) — a live trial — the MITRE results add additional objective input to holistically assess cybersecurity vendors. Let's dive into the 2023 MITRE ATT&CK Evaluation results. In this blog, we'll unpack MITRE's methodology to test security vendors against real-world threats, offer our interpretation of the results and identify top takeaways emerging from Cynet's evaluation. How does MITRE Engenuity test vendors during the evaluation? The MITRE ATT&CK Evaluation is performed by MITRE Engenuity

Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as  OilRig  in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential Manager. "Both backdoors were deployed by VBS droppers, presumably spread via spear-phishing emails," ESET security researcher Zuzana Hromcová  said  in a Thursday analysis. OilRig (aka APT34, Cobalt Gypsy, Hazel Sandstorm, and Helix Kitten) is the name assigned to an  intrusion set  affiliated with Iran's Ministry of Intelligence and Security (MOIS). Active since 2014, the threat actor has used a wide range of tools at its disposal to carry out information theft. Earlier this February, Trend Micro  discovered  OilRig's use of a simple backdoor to steal users' credential

Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider  said  that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647  (CVSS score: 7.5) - A deserialization flaw in the Google Gson package impacting Patch Management in Jira Service Management Data Center and Server CVE-2023-22512  (CVSS score: 7.5) - A DoS flaw in Confluence Data Center and Server CVE-2023-22513  (CVSS score: 8.5) - A RCE flaw in Bitbucket Data Center and Server CVE-2023-28709  (CVSS score: 7.5) - A DoS flaw in Apache Tomcat server impacting Bamboo Data Center and Server The flaws have been addressed in the following versions - Jira Service Management Server and Data Center (versions 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0, or later) Confluence Server and Data Center (v

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991  - A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation. CVE-2023-41992  - A security flaw in Kernel that could allow a local attacker to elevate their privileges. CVE-2023-41993  - A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content. Apple did not provide additional specifics barring an acknowledgement that the "issue may have been actively exploited against versions of iOS before iOS 16.7." The updates are available for the following devices and operating systems - iOS 16.7 and iPadOS 16.7  - iPhone 8 and later, iPad Pro (all models), iP