The Hacker News | #1 Trusted Cybersecurity News Site

Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That's the daunting question many SMBs are forced to ask. Amidst your everyday challenges, the answer seems obvious: forgo investing in a robust cybersecurity solution for the time being. However, the alternative is to cross your fingers and hope hackers don't find you. That, of course, isn't the most prudent strategy, as the uncomfortable truth is threat actors now see your organization as a quick path to profit. Therefore, if your defenses are weak—or just not there—these digital crooks are likely to disrupt your operations, access sensitive data, and extort a heavy ransom. In this article, we'll explore the financial burdens

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data," mobile security firm Oversecured  said  in a report shared with The Hacker News. The 20 shortcomings impact different apps and components like - Gallery (com.miui.gallery) GetApps (com.xiaomi.mipicks) Mi Video (com.miui.videoplayer) MIUI Bluetooth (com.xiaomi.bluetooth) Phone Services (com.android.phone) Print Spooler (com.android.printspooler) Security (com.miui.securitycenter) Security Core Component (com.miui.securitycore) Settings (com.android.settings) ShareMe (com.xiaomi.midrop) System Tracing (com.android.traceur), and Xiaomi Cloud (com.miui.cloudservice) Some of the notable flaws include a

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed  Cuckoo  by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are indications that the binary is hosted on sites like dumpmedia[.]com, tunesolo[.]com, fonedog[.]com, tunesfun[.]com, and tunefab[.]com that claim to offer free and paid versions of applications dedicated to ripping music from streaming services and converting it into the MP3 format. The disk image file downloaded from the websites is responsible for spawning a bash shell to gather host information and ensuring that the compromised machine is not located in Armenia, Belarus, Kazakhstan, Russia, Ukraine. The malicious binary is executed only if the locale check is successful. It also establishes persist

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as  APT28 , drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some unnamed entities in the country have been attacked using a security flaw in Microsoft Outlook that came to light early last year. "Cyber attacks targeting political entities, state institutions and critical infrastructure are not only a threat to national security, but also disrupt the democratic processes on which our free society is based," the MFA  said . The security flaw in question is  CVE-2023-23397 , a now-patched critical privilege escalation bug in Outlook that could allow an adversary to access Net-NTLMv2 hashes and then use them to authenticate themselves by means of a relay attack. G

In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, " Uncovering Contemporary DDoS Attack Tactics—How to Fight Back ," featuring the expertise of Andrey Slastenov, Head of Security at Gcore. What You Will Learn: Understanding the Threat:  Explore the escalated risks DDoS attacks pose to your business, including recent advancements in attack strategies like IoT botnets and amplification tactics. Real-World Consequences:  Hear firsthand accounts of businesses that faced these attacks and the impacts on their operations and reputation. Proactive Defense Strategies:  Learn actionable steps to enhance your cybersecurity posture and effectively mitigate po

Threat actors have been increasingly weaponizing  Microsoft Graph API  for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom,  said  in a report shared with The Hacker News. Since January 2022, multiple nation-state-aligned hacking groups have been observed using Microsoft Graph API for C&C. This includes threat actors tracked as  APT28 ,  REF2924 ,  Red Stinger ,  Flea ,  APT29 , and  OilRig . The first known instance of Microsoft Graph API abuse prior to its wider adoption dates back to June 2021 in connection with an activity cluster dubbed  Harvester  that was found using a custom implant known as Graphon that utilized the API to communicate with Microsoft infrastructure. Symantec said it recently detected the use of the same technique against an unnamed organization in Ukraine, wh

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage. LayerX has recently released a new guide, " Let There Be Light: Eliminating the Risk of Shadow SaaS " for security and IT teams, which addresses this gap. The guide explains the challenges of shadow SaaS, i.e., the use of unauthorized SaaS apps for work purposes, and suggests practices and controls that can mitigate them. The guide also compares various security controls that attempt to address this risk (CASB, SASE, Secure Browser Extension) and explains how each one operates and its efficacy. Consequently, the guide is a must-read for all security leaders at modern organizations. Here are the main highlights:

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. "The DPRK [Democratic People's Republic of Korea] leverages these spear-phishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets' private documents, research, and communications," the NSA  said . The technique specifically concerns exploiting improperly configured DNS Domain-based Message Authentication, Reporting, and Conformance ( DMARC ) record policies to conceal social engineering attempts. In doing so, the threat actors can send spoofed emails as if they are from a legit

Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times  over the past two years . "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google,  said . The search giant notes that passkeys are already used for authentication on Google Accounts more often than legacy forms of two-factor authentication, such as SMS one-time passwords (OTPs) and app based OTPs combined. In addition, the company said it's expanding  Cross-Account Protection , which alerts of suspicious events with third-party apps and services connected to a user's Google Account, to include more apps and services. Google is also expected to support the use of passkeys for high-risk users as part of its Advanced Protection Program (APP), which aims to safeguard people from