Follow The Hacker News, filter it, and define how you want to receive the news (via Email, RSS, Telegram, WhatsApp etc.) https://follow.it/thehackernews Sat, 29 Jan 2022 03:36:30 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutd2p74nqhnGvg Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication (MFA), thereby making it possible for the adversary to take]]> Fri, 28 Jan 2022 13:10:59 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutd2p74nqhnGvg https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteG2lu6rlfpyg 2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers' world. Now, more than ever, it's important for enterprises to step up cybersecurity measures. They can do this through several pieces of technology, such as an open-source security platform like Wazuh.  Wazuh is a free and open source]]> Fri, 28 Jan 2022 12:48:25 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteG2lu6rlfpyg https://api.follow.it/track-rss-story-click/v3/Fdfy9khMute2Px4_XGqQEA The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North]]> Fri, 28 Jan 2022 11:24:28 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMute2Px4_XGqQEA https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutf3WDlmYVsiTg A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said. "Their efforts are aimed at breaking the typical flow recorded by sandboxes and making detection]]> Fri, 28 Jan 2022 11:00:56 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutf3WDlmYVsiTg https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutfgdSSRmFbd-Q Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340]]> Fri, 28 Jan 2022 07:20:36 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutfgdSSRmFbd-Q https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutfuMB-4vkYAqw Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest]]> Fri, 28 Jan 2022 07:07:13 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutfuMB-4vkYAqw https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteIxLvTevbQaw There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn’t take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You’d think that this issue no longer]]> Thu, 27 Jan 2022 14:50:56 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteIxLvTevbQaw https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteviF3YLi3GWA A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest]]> Thu, 27 Jan 2022 14:37:34 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteviF3YLi3GWA https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutc16M28bVcJ2w Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. "]]> Thu, 27 Jan 2022 12:15:12 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutc16M28bVcJ2w https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutd6sI5Z-QVd4A A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted]]> Thu, 27 Jan 2022 09:08:01 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutd6sI5Z-QVd4A https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutczfEVuTm0s7g Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to]]> Thu, 27 Jan 2022 08:32:46 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutczfEVuTm0s7g https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutf3Kw7o18_4xA The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets]]> Wed, 26 Jan 2022 15:40:48 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutf3Kw7o18_4xA https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteoieWycBNjMg An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a]]> Wed, 26 Jan 2022 15:33:05 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteoieWycBNjMg https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutdzFN4Y2iU0aA Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Thee new framework, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users' browsing history for a given week into a handful of]]> Wed, 26 Jan 2022 09:55:13 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutdzFN4Y2iU0aA https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutdCyOtwpKywCw A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's]]> Wed, 26 Jan 2022 07:39:33 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutdCyOtwpKywCw https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutcWhVWK2MVBAA Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a command-and-control (C2) server and is split into as many as six stages to stay as hidden as possible, Trellix,]]> Tue, 25 Jan 2022 16:04:56 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutcWhVWK2MVBAA https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutc5bbEMPy1DNA A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with "strong technical capabilities," calling out the campaign's overlaps to that of a similar]]> Tue, 25 Jan 2022 14:32:25 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutc5bbEMPy1DNA https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutenWK6-x31rHQ The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer said in a report. "In most cases, these]]> Tue, 25 Jan 2022 14:12:43 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutenWK6-x31rHQ https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteYYiDERnWyhQ The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being detected by security software, Italian cybersecurity firm Cleafy said in]]> Tue, 25 Jan 2022 09:22:14 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMuteYYiDERnWyhQ https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutdpzExG2S1p1w A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans (RATs) and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks. "The malware uses multiple obfuscation techniques to evade antivirus, sandboxing, and analysis," enterprise security company Proofpoint ]]> Tue, 25 Jan 2022 08:47:00 +0200 https://api.follow.it/track-rss-story-click/v3/Fdfy9khMutdpzExG2S1p1w