Tag: hackers news

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
News

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Under the pretense of false browser upgrades, a Windows backdoor known as BadSpace is being distributed via reputable but corrupted websites. To install a backdoor into the victim's machine, the threat actor uses a multi-stage assault chain that includes an infected website, a command-and-control (C2) server, a JScript downloader, and occasionally a phony browser update, according to a report from German cybersecurity company G DATA. Researchers Gi7w0rm and Kevross33 revealed the malware's details for the first time last month. The first step in the process is to hack a website, even one that uses WordPress, and then insert code that uses logic to ascertain whether a person has already visited the site read more Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Back...
China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally
News

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

By taking advantage of a known major security vulnerability between 2022 and 2023, state-sponsored threat actors supported by China were able to access 20,000 Fortinet FortiGate systems globally, suggesting that the operation had a wider effect than previously thought. The Dutch National Cyber Security Centre (NCSC) stated in a recent bulletin that the state actor behind this operation knew about the FortiGate system vulnerability at least two months before Fortinet revealed it. In just one "zero-day" period, 14,000 devices were infected by the actor alone. Numerous Western countries, international organizations, and a sizable number of defense industry businesses were the targets of the effort read more China-Backed Hackers Exploit Fortinet Flaw Infecting 20000 Systems Globally. ...
AI platform Hugging Face says hackers stole auth tokens from Spaces
News

AI platform Hugging Face says hackers stole auth tokens from Spaces

Hugging Face, an AI platform, reports that hackers were able to steal its members' authentication secrets through a vulnerability in its Spaces platform. Users of the community design and publish AI programs to Hugging Face Spaces, where other community members can demo them. Hugging Face was forewarned in a blog post that earlier this week our team discovered improper access to our Spaces platform, specifically linked to Spaces secrets. "As a consequence, we have suspicions that a subset of Spaces' secrets could have been accessed without authorization." Hugging Face claims to have emailed people affected and canceled authentication tokens in the leaked secrets read more AI platform Hugging Face says hackers stole auth tokens from Spaces. Get up to date on the latest cyber...
Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
News

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

According to information released by the MITRE Corporation, the threat actor in the cyberattack that targeted the non-profit organization in late December 2023 used rogue virtual machines (VMs) in its VMware environment to take advantage of zero-day vulnerabilities in Ivanti Connect Secure (ICS). According to MITRE researchers Lex Crumpton and Charles Clancy, the adversary used hacked vCenter Server access to establish their own rogue virtual machines (VMs) inside the VMware environment. They developed and implemented BEEFLUSH, a JSP web shell, under the Tomcat server of vCenter Server to run a Python-based tunneling tool, enabling SSH connections between VMs produced by adversaries and the ESXi hypervisor infrastructure. By hiding their malicious activity from centralized manage...
Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries
News

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

Details about Unfading Sea Haze, a previously unreported threat group that is thought to have been operational since 2018, have been made public by cybersecurity researchers. Bitdefender claimed in a report provided with The Hacker News that the intrusion targeted high-level organizations in South China Sea countries, including military and government targets. Martin Zugec, technical solutions director at Bitdefender, stated that the research found a concerning pattern that went beyond the historical background and that it had so far identified eight victims. Notably, access to infiltrated systems was frequently restored by the attackers. This exploitation draws attention to a serious weakness in the form of shoddy credential hygiene and insufficient patching procedures for expos...
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
News

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

Under the aliases Homeland Justice and Karma, respectively, an Iranian threat actor connected to the Ministry of Intelligence and Security (MOIS) has been implicated in damaging wipe attacks against Israel and Albania. The behavior is being monitored by cybersecurity company Check Point under the code name Void Manticore; Microsoft has also dubbed this code Storm-0842 (formerly DEV-0842). In a report released today, the company stated that there are obvious overlaps between the targets of Void Manticore and Scarred Manticore, as well as signs of a systematic target handoff between those two groups when choosing to carry out destructive activities against Scarred Manticore's current victims. Under the alias Homeland Justice, the threat actor has been well-known for its disruptive ...
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
News

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

Threat actors are actively using a high-severity vulnerability in the WordPress plugin LiteSpeed Cache to create rogue administrator accounts on vulnerable websites. The information was obtained via WPScan, which reported that phony admin users with the identities wpsupp‑user and wp‑configuser had been created using the vulnerability (CVE-2023-40000, CVSS score: 8.3). Patchstack discovered CVE-2023-40000, a stored cross-site scripting (XSS) vulnerability that might allow an unauthorized user to escalate privileges through carefully constructed HTTP requests. Version 5.7.0.1 was released in October 2023, fixing the vulnerability. It's important to remember that the plugin was last updated read more Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites. ...
DocGo discloses cyberattack after hackers steal patient health data
News

DocGo discloses cyberattack after hackers steal patient health data

DocGo, a mobile health company, acknowledged that it had been the victim of a cyberattack after malicious actors broke into its servers and took patient health information. DocGo is a healthcare provider that provides patients in thirty US states as well as the United Kingdom with remote monitoring, ambulance services, and mobile health solutions. DocGo disclosed that they had recently experienced a cyberattack and that they are collaborating with outside cybersecurity experts to support the investigation in a FORM 8-K filing that was submitted to the SEC on Tuesday night. According to the DocGo SEC filing, the company acted quickly to contain and respond to the situation after discovering illegal activity. These actions included informing the appropriate law authorities read mor...
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
News

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

Enhanced social engineering techniques are being used by the Iranian state-sponsored hacking group APT42 to penetrate target networks and cloud environments. According to a report released last week by Google Cloud subsidiary Mandiant, targets of the campaign include activists, academic institutions, media outlets, and non-governmental groups in the Middle East and North America. According to the business, APT42 was seen posing as journalists and event planners to establish credibility with their victims through continued communication and to provide conference invites or authentic papers. APT42 was able to obtain early access to cloud environments by harvesting credentials through the use of social engineering tactics read more APT42 Hackers Pose as Journalists to Harvest Creden...
China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices
News

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

According to recent research from attack surface management company Censys, China-linked attackers may have been responsible for the newly discovered cyber espionage campaign that targeted perimeter network devices from many vendors, including Cisco. Known as ArcaneDoor, the activity is believed to have started in July 2023, with the first attack against an anonymous target being confirmed in early January 2024. Two unique malware programs named Line Runner and Line Dancer were used in the targeted attacks, which were led by an as-yet-undocumented, presumed sophisticated state-sponsored actor and tracked as UAT4356 (aka Storm-1849). Although the initial access method that allowed the intrusions has not yet been identified, the attacker has been seen to continue using Line Runner ...