The Hacker News

Subscribe to The Hacker News feed
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
Updated: 52 min 9 sec ago

New Malware Families Found Targeting VMware ESXi Hypervisors

Fri, 09/30/2022 - 10:42
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access
Categories: Cyber Security News

Cyber Attacks Against Middle East Governments Hide Malware in Windows logo

Fri, 09/30/2022 - 07:52
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410
Categories: Cyber Security News

New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

Fri, 09/30/2022 - 06:20
A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains
Categories: Cyber Security News

Why Organisations Need Both EDR and NDR for Complete Network Protection

Fri, 09/30/2022 - 06:10
Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches. Why Modern Organisations Need EDR According to the 2020 global risk report by Ponemon Institute, smartphones,
Categories: Cyber Security News

North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks

Fri, 09/30/2022 - 06:02
A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is
Categories: Cyber Security News

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

Fri, 09/30/2022 - 05:01
Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is
Categories: Cyber Security News

WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation

Fri, 09/30/2022 - 00:25
Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. The
Categories: Cyber Security News

Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware

Thu, 09/29/2022 - 10:15
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep
Categories: Cyber Security News

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

Thu, 09/29/2022 - 08:00
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out
Categories: Cyber Security News

Five Steps to Mitigate the Risk of Credential Exposure

Thu, 09/29/2022 - 07:45
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.  While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, the
Categories: Cyber Security News

Swachh City Platform Suffers Data Breach Leaking 16 Million User Records

Thu, 09/29/2022 - 06:12
A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report shared by security firm CloudSEK
Categories: Cyber Security News

Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks

Thu, 09/29/2022 - 05:56
Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. "Key activities are data leaking and selling, including officials' phone numbers and emails, and maps of sensitive locations," Israeli cybersecurity firm Check Point said in
Categories: Cyber Security News

Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems

Wed, 09/28/2022 - 10:00
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through
Categories: Cyber Security News

Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware

Wed, 09/28/2022 - 08:36
A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for €
Categories: Cyber Security News

Improve your security posture with Wazuh, a free and open source XDR

Wed, 09/28/2022 - 08:15
Organizations struggle to find ways to keep a good security posture. This is because it is difficult to create secure system policies and find the right tools that help achieve a good posture. In many cases, organizations work with tools that do not integrate with each other and are expensive to purchase and maintain. Security posture management is a term used to describe the process of
Categories: Cyber Security News

Hackers Using PowerPoint Mouseover Trick to Infect System with Malware

Wed, 09/28/2022 - 06:09
The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a
Categories: Cyber Security News

Facebook Shuts Down Covert Political 'Influence Operations' from Russia and China

Wed, 09/28/2022 - 04:45
Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior (CIB) so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic, the Russian network primarily targeted Germany, France, Italy, Ukraine and the U.K. with themes
Categories: Cyber Security News

Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

Wed, 09/28/2022 - 01:03
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and
Categories: Cyber Security News

Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures

Tue, 09/27/2022 - 09:54
The Ukrainian government on Monday warned of "massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said. "By the cyberattacks, the enemy will try to increase the effect of missile strikes on
Categories: Cyber Security News

New NullMixer Malware Campaign Stealing Users' Payment Data and Credentials

Tue, 09/27/2022 - 09:19
Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety
Categories: Cyber Security News