0 Comments
Mar 13, 2024The Hacker NewsApp Security / Cyber Security One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own—this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats
0 Comments
A recent study conducted by Kaspersky Security Assessment experts has revealed the most prevalent vulnerabilities in corporate web applications developed in-house. Spanning the years between 2021 and 2023, the study identified numerous flaws, predominantly in the realms of access control and data protection, across a significant number of applications. Of particular concern were vulnerabilities related
0 Comments
Security researchers have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN.  The flaws, identified as CVE-2023-46805 and CVE-2023-21887, were quickly exploited by multiple threat actors, leading to various malicious activities. Tracking these exploits, the Check Point Research (CPR) team said it encountered a cluster of activities attributed
0 Comments
Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that’s propagated via phishing emails bearing PDF attachments. “This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware,” Fortinet FortiGuard Labs researcher Cara Lin said. The attack chain involves the
0 Comments
A sophisticated cyber-espionage campaign by the China-aligned APT group Evasive Panda (also known as BRONZE HIGHLAND and Daggerfly) has been observed targeting Tibetans across various countries and territories.  The operation, which has been ongoing since at least September 2023, exploits both a targeted watering hole tactic and a supply-chain compromise involving trojanized installers of Tibetan
0 Comments
Video Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor 08 Mar 2024 This week, ESET researchers released their analysis of how an Advanced Persistent Threat (APT) group targeted Tibetans via watering hole and supply-chain attacks. The cyberespionage campaign –
0 Comments
Mar 08, 2024The Hacker NewsSecrets Management / Access Control In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We’re all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let’s dispense with
0 Comments
UnitedHealth Group has published a timeline to restore Change Healthcare’s systems following the BlackCat/ALPHV ransomware attack, which has led to delays to patient care across the US. The healthcare conglomerate, which owns Change Healthcare, said it expects key pharmacy and payment systems to be restored and available by March 18. In the meantime, UnitedHealth is
0 Comments
A novel phishing campaign leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols, new research from Darktrace has revealed. The attack highlights the growing exploitation of legitimate popular services to trick targets into downloading malware and revealing log in credentials. The findings also show how attackers are becoming adept at evading standard security
0 Comments
ESET researchers discovered a cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans through a targeted watering hole (also known as a strategic web compromise), and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for Windows and macOS to compromise website
0 Comments
Mar 08, 2024NewsroomInteroperability / Encryption Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with
0 Comments
Cybersecurity researchers have uncovered a new cyber-threat involving fraudulent Skype, Google Meet and Zoom websites aimed at spreading malware.  The campaign, uncovered in December 2023 by Zscaler’s ThreatLabz, saw perpetrators distributing the SpyNote remote access Trojan (RAT) to Android users and NjRAT and DCRat to Windows users. These malicious URLs and files were identified on
0 Comments
Mar 07, 2024NewsroomVulnerability / Web Security Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity
0 Comments
The TA4903 group has been observed engaging in extensive spoofing of both US government agencies and private businesses across various industries. While primarily targeting organizations within the United States, TA4903 occasionally extends its reach globally through high-volume email campaigns. The overarching objective of these campaigns, as reported by Proofpoint in a new advisory published today, is
0 Comments
Mar 06, 2024NewsroomServer Security / Cryptocurrency Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code,
0 Comments
The hacking group GhostSec has seen a significant increase in its malicious activities over the past year, according to research conducted by Cisco Talos.  This surge includes the emergence of GhostLocker 2.0, a new variant of ransomware developed by the group using the Golang programming language.  GhostSec, in collaboration with the Stormous ransomware group, has
0 Comments
Mar 05, 2024NewsroomMalware / Cyber Threat North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The threat actor gained access to
0 Comments
Researchers have developed a computer worm that targets generative AI (GenAI) applications to potentially spread malware and steal personal data. The new paper details the worm dubbed “Morris II,” which targets GenAI ecosystems through the use of adversarial self-replicating prompts, leading to GenAI systems delivering payloads to other agents. Once unleashed, the worm is stored
0 Comments
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a “key tool for onboarding and managing these money mules,” CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel said in a report. Details about the scam
0 Comments
The UK Home Office has breached data protection law by using electronic tags to monitor migrants, according to the Information Commissioner’s Office (ICO). The regulator said the government department failed to sufficiently assess the privacy intrusion of the continuous collection of individuals’ location information. It noted that 24/7 access to people’s movement is likely to
0 Comments
Mar 02, 2024NewsroomCybercrime / Social Engineering The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the
0 Comments
Read more on Ivanti vulnerabilities: Eight government agencies from the Five Eyes countries (Australia, Canada, New Zealand, the UK, and the US) issued an urgent warning on February 29 about the active exploitation of Ivanti product vulnerabilities. Specifically, the joint advisory assessed that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure
0 Comments
US President Joe Biden has warned that Chinese manufactured automobiles could be used to steal sensitive data of US citizens and critical infrastructure. The White House statement announced it will be conducting an investigation into the impact of “connected vehicles” containing technology from China on US national security. “I have directed my Secretary of Commerce