New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals — The Hacker News

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment SATA or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder...

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware — The Hacker News

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps,...

FBI Warns of Fake Cryptocurrency Apps Stealing Millions from Investors

The U.S. Federal Bureau of Investigation FBI has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investme...

New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks

With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopt mitigations released by AMD and Intel, posing a firmware supply chain threat. Dubbed FirmwareBleed by Binarly, the information...

Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand — The Hacker News

Thai activists involved in the country's pro-democracy protests have had their smartphones infected with NSO Group's infamous Pegasus government-sponsored spyware. At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been targeted between October...

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability

Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system a...

Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch — The Hacker News

With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies' biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an overabundan...

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers PLCs and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the...

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking

Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to...

Google Removes "App Permissions" List from Play Store for New "Data Safety" Section

Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which...

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system,...

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment,...

5 Key Things We Learned from CISOs of Smaller Enterprises Survey

New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy however "normal" may look, CISOs at small and medium-size enterprises 500 – 10,000 employees were asked to share their cybersecurity challenges and...

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

A group of academics from the New Jersey Institute of Technology NJIT has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target i.e.,...

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Thre...

Mantis Botnet Behind the Largest HTTPS DDoS Attack Targeting Cloudflare Customers

The botnet behind the largest HTTPS distributed denial-of-service DDoS attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS...

Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to WikiLeaks

Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency CIA, has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified...

State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key...

A Simple Formula for Getting Your IT Security Budget Approved

Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the...

Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices

Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain...

Pakistani Hackers Targeting Indian Students in Latest Malware Campaign

The advanced persistent threat APT group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network ...

New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue ...

U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens' Sensitive Data

The U.S. Federal Trade Commission FTC warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice ...

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers ...

Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication MFA. "The attackers then used the stolen credentials and session...

5 Questions You Need to Ask About Your Firewall Security

Often, organizations think of firewall security as a one-and-done type of solution. They install firewalls, then assume that they are "good to go" without investigating whether or not these solutions are actually protecting their systems in the best way possible. "Set it and forget it!" Instead o...

Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware

Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 a...

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel XLM 4.0 to trick...

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity...

TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach

Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch, comes a day after...

Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies

Businesses know they need to secure their client-side scripts. Content security policies CSPs are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours or days in manual code...

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for...

Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs

GitHub Actions and Azure virtual machines VMs are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an...

What It Takes to Tackle Your SaaS Security

It's not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc., are amazing for enabling the hybrid workforce and hyper-productivity in businesses today. However, there are three main challenges that have arisen stemming from this evolution: 1 While SaaS apps include a...

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged. According to a report from The Block published last week citing two people familiar with the matter, a...

PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects

The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication 2FA condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update,...

Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortine...

Researchers Warn of Raspberry Robin's Worm Targeting Windows Users

Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims ...

Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets

LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. "The affiliates that use LockBit's services conduct their attacks according to their preference and use different tools...

Microsoft Temporarily Rolls Back Plan to Block Office VBA Macros by Default

Five months after announcing plans to disable Visual Basic for Applications VBA macros by default in the Office productivity suite, Microsoft appears to have rolled back its plans. "Based on feedback received, a rollback has started," Microsoft employee Angela Robertson said in a July 6 comment...

Why Developers Hate Changing Language Versions

Progress powers technology forward. But progress also has a cost: by adding new capabilities and features, the developer community is constantly adjusting the building blocks. That includes the fundamental languages used to code technology solutions. When the building blocks change, the code behi...

Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign

A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are...

TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine

In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align...

North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations

In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in...

Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign

Researchers have disclosed what they say could be an attempt to kick-off a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue...

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions ...

The Age of Collaborative Security: What Tens of Thousands of Machines Witness

Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec. What can tens of thousands of machines tell us about illegal hacker activities? Do you remember that scene in Batman - The Dark Knight, where Batman uses a system that aggregates...

Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow

Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system. The malware gets its name from one of the filenames that's utilized to temporarily store the output ...

Cisco and Fortinet Release Security Patches for Multiple Products

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco...

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

The U.S. Department of Commerce's National Institute of Standards and Technology NIST has chosen the first set of quantum-resistant encryption algorithms that are designed to "withstand the assault of a future quantum computer." The post-quantum cryptography PQC technologies include the...