The Hacker News Daily Updates

"North Korean hackers turn to credential harvesting in latest wave of cyberattacks."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 25 January 2023, 1411 UTC.   Content provided by email subscription to "The Hacker News Daily Updates."

Source: https://mail.google.com/mail/u/0/#category/updates/FMfcgzGrcPDrQxXQKDwbDZWdWmRbgBKh ("The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

Security Basics Quick Reference Guide Businesses worldwide are at risk for security breaches. Download Now Sponsored

LATEST NEWS Jan 25, 2023

North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy. The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community ... Read More

LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. ... Read More

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as ... Read More

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation," SentinelOne said in an analysis published today. A ... Read More

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38 (aka BlueNoroff, Copernicium, and Stardust Chollima), the latter of which is a North Korean ... Read More

Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium Vulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an Asset, and when a given ... Read More

Emotet Malware Makes a Comeback with New Evasion Techniques The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that's distributed ... Read More

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on ... Read More

Security Basics Quick Reference Guide Businesses worldwide are at risk for security breaches. Download Now Sponsored

This email was sent to kh6jrm@gmail.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India