News

Mar 06, 2023Ravie LakshmananCyber Crime / Ransomware Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware. The operation, which took place on February 28, 2023, was carried out with support from the Dutch National Police (Politie) and the U.S.

Mar 04, 2023Ravie LakshmananBanking Security / Cyber Crime A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. “The ATM malware is hidden inside another not-malicious-looking program,” Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring interaction via

Mar 04, 2023The Hacker NewsSaaS Security / Cyber Security This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees’ SaaS usage through a completely free, self-service product that operates

The White House on Thursday released its long-awaited National Cybersecurity Strategy, sharing the Biden-Harris Administration’s vision for securing the United States’ digital ecosystem. The 39-page document covers all aspects of cybersecurity, from the role of vendors in vulnerabilities to ransomware, the role of U.S.-based infrastructure in cybercrime, cyber insurance and more. In a statement included

Mar 03, 2023Ravie LakshmananEnterprise Security / IoT A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read.

Incident response is a critical component of enterprise security. Knowing how to deal with unplanned and potentially disruptive events that affect the security and integrity of an organization’s IT infrastructure can mean the difference between survival and going out of business. In order to successfully handle incident response, it is important to have the proper

Mar 02, 2023Ravie LakshmananLinux / Cyber Threat The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed

Mar 01, 2023Ravie LakshmananEndpoint Security / Cyber Threat A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape. “This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot

Threat actors are shifting away from traditional ransomware and toward malware-free cyber attacks, according to a new report from CrowdStrike. The cybersecurity vendor this week published its “2023 Global Threat Report,” which annually compiles CrowdStrike’s research related to cybercrime, or “eCrime,” from the previous year. Major topics covered in the 2023 report include malware-free extortion

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves from malicious

Decentralized identity has been getting attention as a way of addressing the shortcomings of centralized identity. But what does decentralized identity really mean? And how would managing centralized identities differ from managing decentralized identities? Learn about centralized vs. decentralized identity management, as well as the advantages and disadvantages of each from two viewpoints: organizations that

Feb 27, 2023Ravie LakshmananBrowser Security / Malware A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. “These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games,”

Feb 24, 2023The Hacker NewsCybersecurity Webinar / SaaS Security Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it’s clear that SaaS apps are a prime target for cyberattacks. The vast amounts of valuable information stored in these apps make them a

Incident response planning and the development of incident handling procedures are core to any effective information security program. As enterprise cloud use becomes more ubiquitous, it’s more important than ever to include the cloud in the incident response process. What is cloud incident response? Incident response, in general, encompasses plans, processes and controls that help

Feb 24, 2023Ravie LakshmananMobile Security / Firmware Google said it’s working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what’s called the application processor (AP), it’s just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular

Feb 24, 2023Ravie LakshmananPrivacy / Data Safety An investigation into data safety labels for Android apps available on the Google Play Store has uncovered “serious loopholes” that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies

Feb 23, 2023Ravie LakshmananCryptocurrency / Malware An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems’ resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security

Ransomware continues to be a major problem for organizations around the world, but defenders seem to be getting better, according to new research published by IBM’s X-Force. IBM on Wednesday released its 2023 Threat Intelligence Index, an annual report dedicated to the findings of IBM’s X-Force threat intelligence team during its incident response engagements the

Feb 22, 2023Ravie LakshmananExploitation Framework / Cyber Threat An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an

Feb 21, 2023Ravie LakshmananCyber Threat Intelligence A new information stealer called Stealc that’s being advertised on the dark web could emerge as a worthy competitor to other malware of its ilk. “The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars, and RedLine stealers,” SEKOIA said

The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malware such as dneSpy and agfSpy. Previously documented intrusions have entailed

Russian cyber attacks against both Ukraine and its NATO partners will increase, according to new research published Thursday by Google’s Threat Analysis Group. The report, titled “Fog of War: How the Ukraine conflict transformed the cyber threat landscape,” offered insights involving the Russian invasion from two of Google’s groups — TAG as well as Trust

Feb 19, 2023Ravie LakshmananNetwork Security / Firewall Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list

Feb 18, 2023Ravie LakshmananAuthentication / Online Security Twitter has announced that it’s limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors,” the company said. “We will no longer allow

Feb 17, 2023Ravie LakshmananIoT Security / Cyber Attack A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different

The next chapter of the internet’s evolution isn’t just about a highly decentralized architecture; it will bring with it a host of security implications. These early days of so-called Web 3.0 have brought a surge in funding, development and hype, but also fraud and cybersecurity incidents. As the broader market grapples with the potential and

Feb 16, 2023Ravie LakshmananCyber Attack / Ransomware More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine. The findings come from attack surface management firm Censys, which discovered “two hosts with strikingly similar ransom notes dating

Feb 15, 2023The Hacker NewsSecOps / DevOps In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new

One thing is clear. The “business value” of data continues to grow, making it an organization’s primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization

A new ESXiArgs ransomware variant that encrypts additional data has already compromised more than 1,200 servers since Wednesday, according to new research by cybersecurity vendor Censys. The large-scale ransomware campaign has targeted vulnerable VMware ESXi servers since last week. ESXiArgs attacks are not only ongoing but the ransomware has also evolved to make it more