The Hacker News | #1 Trusted Cybersecurity News Site

Law enforcement agencies have officially seized control of the notorious  BreachForums  platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the Federal Bureau of Investigation (FBI).  The operation is the result of a collaborative effort from authorities in Australia, Iceland, New Zealand, Switzerland, the U.K., the U.S., and Ukraine. The FBI has also taken control of the  Telegram channel  operated by Baphomet, who became the administrator of the forum following the  arrest  of his predecessor Conor Brian Fitzpatrick (aka  pompompurin ) in March last year. It's worth noting a prior iteration of BreachForums, hosted at breached.vc/.to/.co and managed by pompompurin, was seized by law enforcement in late June 2023. "This Telegram chat is under the control of the FBI," a message poste

Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft. These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding they are expected to be available via an update to Google Play services for devices running Android versions 10 and later. One new feature is private space, which allows users to host their sensitive apps in a dedicated area in their phones such that it can be hidden and locked with a separate PIN. Google is also adding an extra layer of protection by requiring users to enter their PIN, password, or biometric information before altering sensitive device settings such as disabling  Find My Device  or extending screen timeout, or even for accessing critical account and device settings. This comprises attempts to change the device PIN, turn off theft protection, or access passkeys. Anoth

Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the  Play Integrity API  that third-party app developers can take advantage of to secure their applications against malware. "Developers can check if there are other apps running that could be capturing the screen, creating overlays, or controlling the device," Dave Kleidermacher, vice president of engineering for Android security and privacy,  said . "This is helpful for apps that want to hide sensitive information from other apps and protect users from scams." Additionally, the Play Integrity API can be used to check if  Google Play Protect  is active and if the user's device is free of known malware before performing sensitive actions or handling sensitive data. Google, with Android 13, introduced a feature called  restricted settings  that by default blocks sideloaded apps from accessing

An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous Bear), citing tactical overlaps with prior campaigns identified as orchestrated by the group. "LunarWeb, deployed on servers, uses HTTP(S) for its C&C [command-and-control] communications and mimics legitimate requests, while LunarMail, deployed on workstations, is persisted as an Outlook add-in and uses email messages for its C&C communications," security researcher Filip Jurčacko  said . An analysis of the Lunar artifacts shows that they may have been used in targeted attacks since early 2020, or even earlier. Turla, assessed to be affiliated with Russia's Federal S

Here's How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional metrics like safety and automation to address criticism of lacking granularity while presenting a revised scoring system for a more comprehensive evaluation. It further emphasizes the importance of considering environmental and threat metrics alongside the base score to assess vulnerabilities accurately. Why Does It Matter? The primary purpose of the CVSS is to evaluate the risk associated with a vulnerability. Some vulnerabilities, particularly those found in network products, present a clear and significant risk as unauthenticated attackers can easily exploit them to gain remote control over affected systems. These vulnerabilities have frequently been exploited over the years, often ser

A malware botnet called  Ebury  is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain. "Ebury actors have been pursuing monetization activities [...], including the spread of spam, web traffic redirections, and credential stealing," security researcher Marc-Etienne M.Léveillé  said  in a deep dive analysis. "[The] operators are also involved in cryptocurrency heists by using AitM and credit card stealing via network traffic eavesdropping, commonly known as server-side web skimming." Ebury was first documented over a decade ago as part of a campaign codenamed  Operation Windigo  that targeted Linux servers to deploy the malware, alongside other backdoors and scripts like Cdorked and Calfbot to redirect web traffic and send spam

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure – with relative ease. Transitioning from VMware vSphere to Microsoft Azure requires careful planning and execution to ensure a smooth migration process. In this guide, we'll walk through the steps involved in moving your virtualized infrastructure to the cloud giant, Microsoft Azure. Whether you're migrating your entire data center or specific workloads, these steps will help you navigate the transition effectively. 1. Assess Your Environment: Before diving into the migration process, assess your current VMware vSphere environment thoroughly. Identify all virtual machines (VMs), dependencies, and resource

Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That's the daunting question many SMBs are forced to ask. Amidst your everyday challenges, the answer seems obvious: forgo investing in a robust cybersecurity solution for the time being. However, the alternative is to cross your fingers and hope hackers don't find you. That, of course, isn't the most prudent strategy, as the uncomfortable truth is threat actors now see your organization as a quick path to profit. Therefore, if your defenses are weak—or just not there—these digital crooks are likely to disrupt your operations, access sensitive data, and extort a heavy ransom. In this article, we'll explore the financial burdens

A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was  redacted in the verdict , it's known that Alexey Pertsev, a 31-year-old Russian national, has been  awaiting trial  in the Netherlands on money laundering charges. Pertsev, one of the developers of Tornado Cash, was  arrested  in Amsterdam in August 2022 days after the U.S. Treasury Department  sanctioned  the service for allowing malicious actors such as the Lazarus Group to launder and cash out their proceeds. In addition to the imprisonment, the defendant is expected to forfeit cryptocurrency assets worth €1.9 million (~$2.05 million) and a Porsche car that had been previously seized. "The defendant declared that it was never his intention to break the law or to facilitate criminal activities," a summary of the ruling  said . "With Tornado Cash, he wanted to offer a l

Microsoft has addressed a total of  61 new security flaws  in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to  30 vulnerabilities  resolved in the Chromium-based Edge browser over the past month, including two recently disclosed zero-days ( CVE-2024-4671  and  CVE-2024-4761 ) that have been tagged as exploited in attacks. The two security shortcomings that have been weaponized in the wild are below - CVE-2024-30040  (CVSS score: 8.8) - Windows MSHTML Platform Security Feature Bypass Vulnerability CVE-2024-30051  (CVSS score: 7.8) - Windows Desktop Window Manager ( DWM ) Core Library Elevation of Privilege Vulnerability "An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious

Multiple security flaws have been  disclosed  in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and 13.5.2, respectively, the Broadcom-owned virtualization services provider said. A brief description of each of the flaws is below - CVE-2024-22267  (CVSS score: 9.3) - A use-after-free vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host CVE-2024-22268  (CVSS score: 7.1) - A heap buffer-overflow vulnerability in the Shader functionality that could be exploited by a malicious actor with non-administrative access to a virtual machine with 3D gr