Category: TheHackersNews

A new cyber espionage group named Gelsemium has been linked to a supply chain attack targeting the NoxPlayer Android emulator that was disclosed earlier this year. The findings come from a systematic analysis of multiple campaigns undertaken by the APT crew, with evidence of the earliest attack dating back all the way to 2014 under… Continue reading NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers

In response to malicious actors targeting US federal IT systems and their supply chain, the President released the “Executive Order on Improving the Nation’s Cybersecurity (Executive Order).” Although directed at Federal departments and agencies, the Executive Order will likely have a ripple effect through the Federal technology supply stream. Private companies and enterprises will look… Continue reading What It Means for Cloud and SaaS Security

The cyber assault on Air India that came to light last month lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41. Group-IB dubbed the campaign “ColunmTK” based on the names of the command-and-control… Continue reading Chinese Hackers Believed to be Behind SITA, Air India Data Breach

Google’s upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. “FLoC is premised on a compelling idea: enable ad targeting without exposing users to risk,” said Eric… Continue reading Mozilla Says Google’s New Ad Tech—FLoC—Doesn’t Protect User Privacy

Multiple critical security flaws have been disclosed in Samsung’s pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users’ consent and take control of the devices. “The impact of these bugs could have allowed an attacker to access and edit the victim’s contacts, calls, SMS/MMS, install arbitrary apps… Continue reading Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users

Organizations’ cybersecurity capabilities have improved over the past decade, mostly out of necessity. As their defenses get better, so do the methods, tactics, and techniques malicious actors devise to penetrate their environments. Instead of the standard virus or trojan, attackers today will deploy a variety of tools and methods to infiltrate an organization’s environment and… Continue reading Live Cybersecurity Webinar — Deconstructing Cobalt Strike

A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as CVE-2021-3560 (CVSS score: 7.8), the flaw affects polkit versions between 0.113 and 0.118 and was discovered by GitHub security researcher Kevin Backhouse, who… Continue reading 7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

Cybersecurity researchers on Thursday took the wraps off a new cyberespionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017. Dubbed “BackdoorDiplomacy,” the campaign involves targeting weak points in internet-exposed devices such as web servers to perform a… Continue reading New Cyber Espionage Group Targeting Ministries of Foreign Affairs

The U.S. Department of Justice (DoJ) Thursday said it disrupted and took down the infrastructure of the marketplace for stolen login credentials known as “Slilpp” as part of an international law enforcement operation. Over a dozen individuals have been charged or arrested in connection with the illegal marketplace. The cyber crackdown, which involved the joint… Continue reading U.S. Authorities Shut Down Slilpp—Largest Marketplace for Stolen Logins

An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, “Prometheus” is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organizations in… Continue reading Emerging Ransomware Targets Dozens of Businesses Worldwide