The Hacker News | #1 Trusted Cybersecurity News Site – Index Page (2024)

Cybercriminals Exploit Popular Software Searches to Spread FakeBat MalwareAug 19, 2024Malvertising / Cybercrime Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical report. "The infection utilizes a trojanized MSIX installer, which executes a PowerShell script to download a secondary payload." FakeBat , also called EugenLoader and PaykLoader, is linked to a threat actor named Eugenfest. The Google-owned threat intelligence team is tracking the malware under the name NUMOZYLOD and has attributed the Malware-as-a-Service (MaaS) operation to UNC4536. Attack chains propagating the malware make use of drive-by download techniques to push users searching for popular software toward bogus lookalike sites that host booby-trapped MSI installers. Some of the malware families delivered via FakeBat include IcedID, RedLine Stealer, Lumma Steale
How to Automate the Hardest Parts of Employee OffboardingAug 19, 2024SaaS Account Management According to recent research on employee offboarding , 70% of IT professionals say they've experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn't deprovisioned, a surprise bill for resources that aren't in use anymore, or a missed handoff of a critical resource or account. This is despite an average of five hours spent per departing employee on activities like finding and deprovisioning SaaS accounts. As the SaaS footprint within most organizations continues to expand, it is becoming exponentially more difficult (and time-consuming) to ensure all access is deprovisioned or transferred when an employee leaves the organization. How Nudge Security can help Nudge Security is a SaaS management platform for modern IT governance and security. It discovers every cloud and SaaS account ever created by anyone in your organization, including generative AI apps, giving you a single source of truth for depa
Why Hardsec Matters: From Protecting Critical Services to Enhancing ResilienceAug 13, 2024Cyber Defense / Compliance Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before they are recognized. With high-value assets, it's not good enough to have the protection, it's essential to have some assurance that the protection is effective. With software, that assurance is hard work, and this has led to a complimentary approach, called hardsec. What is Hardsec? Short for " Hardware Security ." Hardsec is about using hardware logic and electronics to implement a security defence, rather than through software alone - thereby providing a higher level of security assurance and resilience against both external and insider threats . Making it an essential component of comprehensive cybersecurity strategies. The Rise of Sophisticated Attacks When the impact of an attack ag
Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing AttacksAug 19, 2024Cloud Security / Threat Intelligence Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News. Examples of the services used to facilitate the en masse distribution of SMS messages include Amazon Simple Notification Service (SNS), Nexmo, Plivo, Proovl, Send99, Telesign, Telnyx, TextBelt, Twilio. It's important to note here that the activity does not exploit any inherent weaknesses in these providers. Rather, the tool uses legitimate APIs to conduct bulk SMS spam attacks. It joins tools like SNS Sender that have increasingly become a way to send bulk smishing messages and ultimately capture sensitive information from targets. Distributed via Telegram and hacking fo

SANS Institute 35th Anniversary Complimentary Cyber Bundle ($1700 Value) at Network Security 2024

The Hacker News | #1 Trusted Cybersecurity News Site – Index Page (6)SANS InstituteArtificial Intelligence / Network Security

Register to attend in-person training at Network Security 2024 and receive a complimentary cyber bundle! Bundle includes bonus SANS course AIS247, OnDemand bundle, AND @Night pass to the AI Cybersecurity Summit (Sept 8-9)!

Microsoft Patches Zero-Day Flaw Exploited by North Korea's Lazarus GroupAug 19, 2024Vulnerability / Zero-Day A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group , a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft said in an advisory for the flaw last week. It was addressed by the tech giant as part of its monthly Patch Tuesday update. Credited with discovering and reporting the flaw are Gen Digital researchers Luigino Camastra and Milánek. Gen Digital owns a number of security and utility software brands like Norton, Avast, Avira, AVG, ReputationDefender, and CCleaner. "This flaw allowed them to gain unauthorized access to sensitive system areas," the company disclosed last week, adding it discovered the exploitation in early J
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime GroupAug 19, 2024Cybercrime / Network Security Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7 . The two clusters of potential FIN7 activity "indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively," Team Cymru said in a report published this week as part of a joint investigation with Silent Push and Stark Industries Solutions. The findings build on a recent report from Silent Push, which found several Stark Industries IP addresses that are solely dedicated to hosting FIN7 infrastructure. The latest analysis indicates that the hosts linked to the e-crime group were likely procured from one of Stark's resellers. "Reseller programs are common in the hosting industry; many of the largest VPS (virtual private server) providers offer such services," the cybersecurity company said. "Customers procuring infrastructure via resellers generally must
OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election PropagandaAug 17, 2024National Securit / AI Ethics OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election. "This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as Storm-2035," OpenAI said . "The operation used ChatGPT to generate content focused on a number of topics — including commentary on candidates on both sides in the U.S. presidential election – which it then shared via social media accounts and websites." The artificial intelligence (AI) company said the content did not achieve any meaningful engagement, with a majority of the social media posts receiving negligible to no likes, shares, and comments. It further noted it had found little evidence that the long-form articles created using ChatGPT were shared on social media platforms.
Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion CampaignAug 16, 2024Cloud Security / Application Security A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence of least privilege architecture," Palo Alto Networks Unit 42 said in a Thursday report. The campaign is notable for setting up its attack infrastructure within the infected organizations' Amazon Web Services (AWS) environments and using them as a launchpad for scanning more than 230 million unique targets for sensitive data. With 110,000 domains targeted, the malicious activity is said to have netted over 90,000 unique variables in the .env files, out of which 7,000 belonged to organizations' cloud services and 1,500 variables are linked to social media accounts. "T
Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark WebAug 16, 2024Dark Web / Data Breach A 27-year-old Russian national has been sentenced to over three years in prison in the U.S. for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp . Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to a 40-month jail term, Kavzharadze has been ordered to pay $1,233,521.47 in restitution. The defendant, who went by the online monikers TeRorPP, Torqovec, and PlutuSS, is believed to have listed over 626,100 stolen login credentials for sale on Slilpp and sold more than 297,300 of them on the illicit marketplace between July 2016 and May 2021. "Those credentials were subsequently linked to $1.2 million in fraudulent transactions," the U.S. Department of Justice (DoJ) said . "On May 27, 2021, Kavzharadze's account on Slilpp listed 240,495 login credentials fo
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC MalwareAug 16, 2024Malware / Data Theft Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC . The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading the malware using bogus sites and social media accounts. "All the active sub-campaigns host the initial downloader on Dropbox," Kaspersky researchers Elsayed Elrefaei and AbdulRhman Alfaifi said . "This downloader is responsible for delivering additional malware samples to the victim's machine, which are mostly info-stealers (DanaBot and StealC) and clippers." Of the 19 sub-campaigns identified to date, three are said to be currently active. The name "Tusk" is a reference to the word "Mammoth" used by the threat actors in log messages associated with t
Multi-Stage ValleyRAT Targets Chinese Users with Advanced TacticsAug 16, 2024Cyber Attack / Malware Chinese-speaking users are the target of an ongoing campaign that distributes a malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said . "Another noteworthy characteristic of this malware is its heavy usage of shellcode to execute its many components directly in memory, significantly reducing its file footprint in the victim's system." Details about the campaign first emerged in June 2024, when Zscaler ThreatLabz detailed attacks involving an updated version of the malware. Exactly how the latest iteration of ValleyRAT is distributed is currently not known, although previous campaigns have leveraged email messages containing URLs pointing to compressed executables. The attack sequence is a multi-stage process that starts with a first-stage loader that
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?Aug 16, 2024SaaS Security / Threat Detection SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due diligence on SaaS apps is essential to identify and mitigate these risks, ensuring the protection of your organization's sensitive data. Understanding the Importance of Due Diligence Due diligence is a critical step in evaluating the security capabilities of SaaS applications. It involves a comprehensive assessment of the app's audit log events, system and activity audits, and integration capabilities to ensure proper logging and monitoring, helping to prevent costly incidents. Here are a few reasons why due diligence is non-negotiable: Identifying Critical Audit Log Gaps: A thorough review helps ensure that essential events, such as logins, MFA verifications, and user changes, are lo
New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS SystemsAug 16, 2024Malware / Browser Security Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures. "Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat," Elastic Security Labs said in a Thursday report. The web browsers and crypto wallets targeted by the malware comprise Safari, Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, OperaGX, Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger. It's also equipped to harvest system information and data from iCloud Keychain passwords and Notes, as well as incorporate a slew of anti-analysis and anti-debugging measures to determine if it's running in a virtual environment in a
Google to Remove App that Made Google Pixel Devices Vulnerable to AttacksAug 16, 2024Mobile Security / Software Security A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary packages on the device, according to mobile security firm iVerify. "The application downloads a configuration file over an unsecure connection and can be manipulated to execute code at the system level," it said in an analysis published jointly with Palantir Technologies and Trail of Bits. "The application retrieves the configuration file from a single U.S.-based, AWS-hosted domain over unsecured HTTP, which leaves the configuration vulnerable and can make the device vulnerable." The app in question is called Verizon Retail Demo Mode ("com.customermob
SolarWinds Releases Patch for Critical Flaw in Web Help Desk SoftwareAug 15, 2024Enterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine," the company said in an advisory. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing." The flaw impacts all versions of SolarWinds Web Help Desk including and prior to 12.8.3. It has been addressed in hotfix version 12.8.3 HF 1 . The disclosure comes as Palo Alto Networks patched a high-severity vulnerability affecting Cortex XSOAR that could result in command injection and code execution.
Russian-Linked Hackers Target Eastern European NGOs and MediaAug 15, 2024Cyber Attack / Social Engineering Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER , an adversarial collective with ties to Russia's Federal Security Service (FSB), the second set of attacks have been deemed the work of a previously undocumented threat cluster codenamed COLDWASTREL. Targets of the campaigns also included prominent Russian opposition figures-in-exile, officials and academics in the US think tank and policy space, and a former U.S. ambassador to Ukraine, according to a joint investigation from Access Now and the Citizen Lab. "Both kinds of attacks were highly tailored to better deceive members of the target organizations," Access Now said . "The m
Identity Threat Detection and Response Solution GuideAug 15, 2024Identity Security / Threat Detection The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments. Identity Threat Detection and Response solutions help organizations better detect suspicious or malicious activity in their environment. ITDR solutions give security teams the ability to help teams answer the question "What's happening right now in my environment - what are my identities doing in my environments." Human and Non-Human Identities As outlined in the ITDR Solution Guide, comprehensive ITDR solutions cover both human and non-human identities. Human identities entail the workforce (employees), guests (contractors), and vendors. Non-human identities include tokens, keys, service accounts, and bots. Multi- environment ITDR solutions c
The Hacker News | #1 Trusted Cybersecurity News Site – Index Page (2024)

FAQs

What is the #1 cybersecurity threat today? ›

1. Social Engineering. Social engineering remains one of the most dangerous hacking techniques employed by cybercriminals, largely because it relies on human error rather than technical vulnerabilities.

Is the hacker news legit? ›

As an independent outlet, we offer balanced and thorough insights into the cybersecurity sector, trusted by professionals and enthusiasts alike.

What is the hacker news? ›

Hacker News (HN) is a social news website focusing on computer science and entrepreneurship. It is run by the investment fund and startup incubator Y Combinator.

What is the best cyber security website in your opinion? ›

The 27 Best Cybersecurity Sites in 2024
  • The Last Watchdog on Privacy & Security. ...
  • The Security Ledger. ...
  • The State of Security. ...
  • Threatpost. ...
  • Troy Hunt. ...
  • UpGuard. ...
  • WeLiveSecurity. ...
  • Wired. Wired is a popular news website that covers an array of topics from business and culture to design, gear science, security, and transportation.

What is the biggest threat online? ›

Malware has become one of the most significant external threat to systems. Malware can cause widespread damage and disruption, and requires huge efforts within most organizations. Spyware, a malware intended to violate privacy, has also become a major concern to organizations.

What are the top 3 security threats? ›

Defending against cyberthreats is a critical and ongoing process that requires a proactive and multifaceted approach. Social engineering, third-party exposure, cloud vulnerabilities, ransomware, and IoT are the top threats that organizations should focus on to protect their data, systems, and reputations.

Who owns Hacker News? ›

Y Combinator owns and funds HN.

What websites get hacked the most? ›

Here are a few of the most targeted kinds of websites:
  • E-commerce websites. Often hackers can find vulnerabilities within an e-commerce website, especially ones using common coding or shopping cart software. ...
  • Small businesses. ...
  • News outlets. ...
  • Healthcare. ...
  • Government. ...
  • Financial services. ...
  • Non-profit. ...
  • Online retailers.

How many users does Hacker News have? ›

It is estimated that Hacker News attracts more than 3 million views per day and greater than 300,000 daily users. Simply put, a lot of people read it and getting to the front page of Hacker News will often mean many thousands of users to your website or product.

What is the most powerful hacker? ›

7 of the Most Famous Hackers in History: Would Your Cyber Security Hold Up?
  • Kevin Mitnick. Kevin Mitnick became “the world's most famous hacker” after stealing computer code from tech companies like Nokia and Motorola. ...
  • Anonymous. ...
  • Astra. ...
  • Gary McKinnon. ...
  • Steve Wozniak. ...
  • Gummo. ...
  • Adrian Lamo.

Who are modern day hackers? ›

Today's modern-day hackers are nothing short of skilled professionals, and they fall into a few different categories based on their motives and how they perform their attacks. In fact, not all hackers are criminals — some are actually hired to stop criminals in their tracks.

Who is considered a hacker in today's world? ›

A hacker is a person who breaks into a computer system. The reasons for hacking can be many: installing malware, stealing or destroying data, disrupting service, and more. Hacking can also be done for ethical reasons, such as trying to find software vulnerabilities so they can be fixed.

What is the number 1 cyber crime? ›

Phishing attacks can take many shapes. Bulk phishing, smishing, and business e-mail compromise (BEC) are the most common types. In 2022, 85 percent of the surveyed worldwide organizations reported encountering bulk phishing attacks, while roughly three in four were targeted by smishing scams.

Who has best cyber security in the world? ›

Top Cybersecurity Companies to Know
  • McAfee.
  • CrowdStrike.
  • Deepwatch.
  • Rapid7.
  • KnowBe4.
  • Ping Identity.
  • Duo Security.
  • BAE Systems.

What is the number one cyber security company? ›

The top 5 cybersecurity companies in the U.S. by market capitalization
CompanyTickerMarket cap
Palo Alto Networks Inc.PANW$109.59 billion
CrowdStrike Holdings Inc.CRWD$90.15 billion
Fortinet Inc.FTNT$45.58 billion
Zscaler Inc.ZS$30.62 billion
1 more row

What is the cyber threat level in the US? ›

Today's Cyber Threat Level

The Cyber Alert Level remains at Blue (Guarded) due to the continued threat posed by various malicious groups targeting government networks and new critical security patches released by Microsoft.

What is the current trend in cyber security? ›

Cybersecurity trends are increasing day by day, fueled by responses to rising cyber threats, evolving long-term security goals, and innovative new technologies. These cybersecurity trends are driving organizations to adopt zero trust principles, least privilege access, and continuous verifications more frequently.

What are the major threats to cyber security? ›

What are the main types of cybersecurity threats?
  • Malware attack.
  • Social engineering attacks.
  • Software supply chain attacks.
  • Advanced persistent threats (APT)
  • Distributed denial of service (DDoS)
  • Man-in-the-middle attack (MitM)
  • Password attacks.
Feb 1, 2023

What are the top 5 security threats for social media? ›

The top five social media security threats are phishing, social engineering, information disclosure, fake accounts, and malware.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Merrill Bechtelar CPA

Last Updated:

Views: 5699

Rating: 5 / 5 (70 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Merrill Bechtelar CPA

Birthday: 1996-05-19

Address: Apt. 114 873 White Lodge, Libbyfurt, CA 93006

Phone: +5983010455207

Job: Legacy Representative

Hobby: Blacksmithing, Urban exploration, Sudoku, Slacklining, Creative writing, Community, Letterboxing

Introduction: My name is Merrill Bechtelar CPA, I am a clean, agreeable, glorious, magnificent, witty, enchanting, comfortable person who loves writing and wants to share my knowledge and understanding with you.