The Hacker News | #1 Trusted Cybersecurity News Site

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R. "The suspects are strongly suspected of working for a Chinese secret service since an unspecified date before June 2022," the Generalbundesanwalt  said . Thomas R. is believed to have acted as an agent for China's Ministry of State Security (MSS), gathering information about innovative technologies in Germany that could be used for military purposes. The defendant also sought the help of a married couple, Herwig F. and Ina F., who run a Düsseldorf-based business that established connections with the scientific and research community in Germany. This materialized in the form of an agreement with an unnamed German university to conduct a study for an unnamed Chinese contractor regarding the

The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of  commercial spyware  or who are immediately family members of those involved in such businesses. "These individuals have facilitated or derived financial benefit from the misuse of this technology, which has targeted journalists, academics, human rights defenders, dissidents and other perceived critics, and U.S. Government personnel," the department  said . The names of those subjected to visa restrictions were not disclosed, but the move comes more than two months after the U.S. government said it's  enacting a new policy  that enforces visa constraints on people engaging in practices that could threaten privacy and freedom of expression. It also aims to counter the misuse and proliferation of commercial spyware that has been put to use by authoritarian governments to spy on civil society members, i

The Russia-linked nation-state threat actor tracked as  APT28  weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for privilege escalation (CVE-2022-38028, CVSS score: 7.8). It was  addressed  by Microsoft as part of updates released in October 2022, with the U.S. National Security Agency (NSA) credited for reporting the flaw at the time. According to new findings from the tech giant's threat intelligence team,  APT28  – also called Fancy Bear and Forest Blizzard (formerly Strontium) – weaponized the bug in attacks targeting Ukrainian, Western European, and North American government, non-governmental, education, and transportation sector organizations. "Forest Blizzard has used the tool [...] to exploit the CVE-2022-38028 vu

The threat actor known as  ToddyCat  has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in the Asia-Pacific region. "To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as much as possible, and provide several alternative means to continuously access and monitor systems they attack," security researchers Andrey Gunkin, Alexander Fedotov, and Natalya Shornikova  said . ToddyCat was  first documented  by the company in June 2022 in connection with a series of cyber attacks aimed at government and military entities in Europe and Asia since at least December 2020. These intrusions leveraged a passive backdoor dubbed Samurai that allows 

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance of our networks, exploited one of our Virtual Private Networks (VPNs) through two Ivanti Connect Secure zero-day vulnerabilities, and skirted past our multi-factor authentication using session hijacking," Lex Crumpton, a defensive cyber operations researcher at the non-profit,  said  last week. The attack entailed the  exploitation  of CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), which could be weaponized by threat actors to bypass authentication and run arbitrary commands on the infected system. Upon gaining initial access, the threat actors moved late

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to another Cyber Extortion operation with the same victim) or stolen data that has been travelling and re-(mis-)used. Either way, for the victims neither is good news.  But first thing's first, let's explore the current threat landscape, dive into one of our most recent research focuses on the dynamics of this ecosystem; and then explore our dataset on Law Enforcement activities in this space. Might the re-occurrence that we observe be foul play by threat actors and thus show how desperately they are trying to regain the trust of their co-offenders after disruption efforts by Law Enforcement? Or are th

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair  said  in an analysis, which was  presented  at the Black Hat Asia conference last week. "During this conversion process, a known issue exists in which the function removes trailing dots from any path element and any trailing spaces from the last path element. This action is completed by most user-space APIs in Windows." These so-called MagicDot paths allow for rootkit-like functionality that's accessible to any unprivileged user, who could then weaponize them to carry out a series of malicious actions without having admin permissions and remain undetected. They include the ab

Microsoft has revealed that North Korea-linked state-sponsored cyber actors have begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective," the tech giant  said  in its latest report on East Asia hacking groups. The company specifically highlighted a group named  Emerald Sleet  (aka Kimusky or TA427), which has been observed using LLMs to bolster spear-phishing efforts aimed at Korean Peninsula experts. The adversary is also said to have relied on the latest advancements in AI to research vulnerabilities and conduct reconnaissance on organizations and experts focused on North Korea, joining  hacking crews from China , who have turned to AI-generated content for influence operations. It further employed LLMs to troubleshoot technical issues, conduct basic scripting tasks, and draft content for spear-phishing