Follow The Hacker News, filter it, and define how you want to receive the news (via Email, RSS, Telegram, WhatsApp etc.) https://follow.it/thehackernews Wed, 22 Mar 2023 04:58:53 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv664rYZ8kajqSKg Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic. "Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar]]> Tue, 21 Mar 2023 17:01:28 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv664rYZ8kajqSKg https://api.follow.it/track-rss-story-click/v3/r5i3nxwv667fm4CAodRHnQ Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLab Security Emergency response Center (ASEC) said in a report. ShellBot is installed on servers that]]> Tue, 21 Mar 2023 13:41:36 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv667fm4CAodRHnQ https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666DOL-kKyvtYg H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… You. That is, if you're in charge of cybersecurity for a small-to-midsize enterprise (SME). Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and]]> Tue, 21 Mar 2023 13:28:18 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666DOL-kKyvtYg https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665Jo7Qd-SrqqA As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The ]]> Tue, 21 Mar 2023 11:54:29 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665Jo7Qd-SrqqA https://api.follow.it/track-rss-story-click/v3/r5i3nxwv6661QvCNj6ji5A Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the]]> Tue, 21 Mar 2023 08:55:57 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv6661QvCNj6ji5A https://api.follow.it/track-rss-story-click/v3/r5i3nxwv667mikFGaUn4tA A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families," Check]]> Mon, 20 Mar 2023 15:39:18 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv667mikFGaUn4tA https://api.follow.it/track-rss-story-click/v3/r5i3nxwv667cvqfPPXU3eQ A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu (]]> Mon, 20 Mar 2023 14:26:52 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv667cvqfPPXU3eQ https://api.follow.it/track-rss-story-click/v3/r5i3nxwv6657cGuupvkavA This article has not been generated by ChatGPT.  2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in]]> Mon, 20 Mar 2023 12:44:13 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv6657cGuupvkavA https://api.follow.it/track-rss-story-click/v3/r5i3nxwv664-krS6SCiY2g The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora based on code-level similarities. It's worth noting that the use]]> Mon, 20 Mar 2023 12:26:23 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv664-krS6SCiY2g https://api.follow.it/track-rss-story-click/v3/r5i3nxwv664gwAxh3yJzEQ The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A ]]> Mon, 20 Mar 2023 07:51:03 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv664gwAxh3yJzEQ https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665wtIKdZFydlw The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments.]]> Sat, 18 Mar 2023 13:30:05 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665wtIKdZFydlw https://api.follow.it/track-rss-story-click/v3/r5i3nxwv6658sPlrjshSQg U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill." "At one point, investigators were seen]]> Sat, 18 Mar 2023 07:59:11 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv6658sPlrjshSQg https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666D5aQrTdrbrg U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,"]]> Sat, 18 Mar 2023 07:17:59 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666D5aQrTdrbrg https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666MVqg7aZoiog An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said.]]> Fri, 17 Mar 2023 20:15:55 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666MVqg7aZoiog https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665N-0jAmvJiUg Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do]]> Fri, 17 Mar 2023 14:11:53 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665N-0jAmvJiUg https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666ZogUmod8qqg A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a]]> Fri, 17 Mar 2023 14:07:06 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666ZogUmod8qqg https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666j_U3nXk3nfQ In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of]]> Fri, 17 Mar 2023 12:46:41 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv666j_U3nXk3nfQ https://api.follow.it/track-rss-story-click/v3/r5i3nxwv667dWpQGBtzqmA Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of]]> Fri, 17 Mar 2023 12:22:15 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv667dWpQGBtzqmA https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665F6u1Iom4iug The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The]]> Fri, 17 Mar 2023 09:06:12 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665F6u1Iom4iug https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665It-D49b0xXQ Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123]]> Fri, 17 Mar 2023 08:53:30 +0200 https://api.follow.it/track-rss-story-click/v3/r5i3nxwv665It-D49b0xXQ