The Hacker News
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals.
- Deadglyph: New Advanced Backdoor with Distinctive Malware Tacticsby info@thehackernews.com (The Hacker News) on September 23, 2023 at 11:10 am
Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. “Deadglyph’s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly,” ESET said in a new report shared with The Hacker News. “This combination
- New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spywareby info@thehackernews.com (The Hacker News) on September 23, 2023 at 6:12 am
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. “The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections,” the
- New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banksby info@thehackernews.com (The Hacker News) on September 22, 2023 at 2:48 pm
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. “The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number,”
- How to Interpret the 2023 MITRE ATT&CK Evaluation Resultsby info@thehackernews.com (The Hacker News) on September 22, 2023 at 10:50 am
Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation. This testing is critical for evaluating vendors because it’s virtually impossible to evaluate cybersecurity vendors based on their own
- Iranian Nation-State Actor OilRig Targets Israeli Organizationsby info@thehackernews.com (The Hacker News) on September 22, 2023 at 9:25 am
Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential
Security Magazine
Security magazine provides security industry news and trends on video surveillance, cyber security, physical security, security guards, access management and more for security executives and the security industry.
- Risk management legislation introduced to House of Representativeson September 22, 2023 at 3:08 pm
The National Risk Management Act, designed to strengthen the defense of critical infrastructure, was introduced to the U.S. House of Representatives.
- S&P 500 companies find gaps in their cybersecurity leadershipon September 22, 2023 at 2:18 pm
A report found that S&P 500 organizations have gaps in their cybersecurity leadership (CISOs and/or CIOs) when it comes to risk mitigation.
- 57% of LockBit victims were organizations with 200 employees or feweron September 22, 2023 at 1:40 pm
A Trend Micro Incorporated report found that many ransomware actors are targeting smaller organizations that have 200 or fewer employees.
- Best practices for effectively securing sensitive dataon September 22, 2023 at 12:09 pm
In response to data privacy regulations and cybersecurity threats, organizations have to reexamine their data policies and rein in how data is accessed, processed, analyzed and shared.
- 97% of organizations take over a month to respond to bot attackson September 21, 2023 at 8:56 pm
A recent report by Netacea analyzed the affect of bot attacks and found that the average business loses 4.3%, of online revenues every year to bots.
Threatpost
The first stop for security news.
- Student Loan Breach Exposes 2.5M Recordsby Nate Nelson on August 31, 2022 at 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keyloggerby Nate Nelson on August 30, 2022 at 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmsby Nate Nelson on August 29, 2022 at 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Riseby Nate Nelson on August 26, 2022 at 4:44 pm
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Camerasby Nate Nelson on August 25, 2022 at 6:47 pm
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Security Weekly
Connecting the Security Industry with the Security Community