Dec 14, 2023NewsroomVulnerability / Data Breach A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. “GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website
admin
Ukraine has claimed a major scalp in the ongoing cyber-war with Russia, saying it has effectively crippled the Kremlin’s tax system. The country’s Ministry of Defense said its Defence Intelligence unit (GUR) conducted a “special operation” leading to the compromise of central servers of Russia’s Federal Taxation service (FTS), and over 2300 regional servers. These
Mobile Security A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable. Márk Szabó 11 Dec 2023 • , 3 min. read In a world of instant communication and accelerated by the ever-spreading notion that if you
Dec 13, 2023NewsroomPatch Tuesday / Windows Security Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years. Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition
Apache has warned customers of a critical remote code execution (RCE) vulnerability in its popular Struts 2 framework. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. The new vulnerability, CVE-2023-50164, has been given a maximum severity rating and affects Struts 2.0.0-2.3.37 (EOL), Struts 2.5.0-2.5.32, and Struts 6.0.0-6.3.0. “An
We Live Progress ChatGPT would probably say “Definitely not!”, but will we learn any lessons from the rush to regulate IoT in the past? Tony Anscombe 11 Dec 2023 • , 3 min. read The accelerated pace in the advancement of technology is challenging for any of us to keep up with, especially for public
Dec 12, 2023NewsroomZero Day / Vulnerability Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find
Organizations are still exposed to critical vulnerabilities in Log4j, two years after a maximum severity bug was found in the popular utility, according to Veracode. The application security vendor analyzed data from software scans over 90 days between August 15 and November 15 2023. These covered 38,278 unique applications running Log4j versions 1.1 to 3.0.0-alpha1 across
Critical Infrastructure Legacy protocols in the healthcare industry present dangers that can make hospitals extremely vulnerable to cyberattacks. Tony Anscombe 08 Dec 2023 • , 3 min. read The healthcare industry will, I am sure, remain a significant target for cybercriminals due to the huge potential it provides them to monetize their efforts through ransomware
Dec 11, 2023NewsroomData Security / Mobile Security Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. “Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while
Europe’s cybersecurity agency has warned that geopolitics is fueling a current increase in denial-of-service (DoS) attacks. ENISA analyzed 310 publicly reported DoS attacks between January 2022 and August 2023, to compile its ENISA Threat Landscape for DoS Attacks report. It claimed that two-thirds (66%) were motivated by political reasons or activist agendas, with half (50%)
Video ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins and modus operandi 08 Dec 2023 This week, ESET researchers have taken a look at a steep increase in deceptive loan apps for Android. According to ESET Research, there has been a large growth of these
Dec 09, 2023NewsroomCyber Threat / Hardware Security Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature
The UK’s privacy regulator has warned of falling public trust in AI and said any use of the technology which breaks data protection law would be met with strong enforcement action. Speaking at techUK’s Digital Ethics Summit 2023 on Wednesday, information commissioner, John Edwards, pointed to organizations using AI for “nefarious purposes” in order to
Magnetic stripe cards were all the rage 20 or so years ago, but their security was fragile, and the requirement for signatures often added to the hassle of transactions – not to mention, they lacked data encryption, making them vulnerable to skimming and cloning by criminals. Chip-based cards emerged as a successor, offering enhanced security
Dec 09, 2023NewsroomMalware / Cyberattack Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. “While GuLoader’s core functionality hasn’t changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process,” Elastic
A recent report has revealed that 40.2% of files stored on Google Drive contain sensitive data. The findings come from the latest research from data security firm Metomic, which analyzed roughly 6.5 million Google Drive files. The report, published on Wednesday, also suggested that 34.2% of the scrutinized files were shared with external contacts outside
Dec 08, 2023The Hacker NewsCryptocurrency / Cyber Crime The Russian founder of the now-defunct Bitzlato cryptocurrency exchange has pleaded guilty, nearly 11 months after he was arrested in Miami earlier this year. Anatoly Legkodymov (aka Anatolii Legkodymov, Gandalf, and Tolik), according to the U.S. Justice Department, admitted to operating an unlicensed money-transmitting business that enabled
A substantial 78% of CISOs have expressed concerns about the current unmanageability of application security (AppSec) attack surfaces, emphasizing the need for improvement. The figure comes from Application Security Posture Management (ASPM) firm Cycode’s inaugural The State of ASPM 2024 report. The research, drawn from a survey of 500 US CISOs, AppSec Directors and DevSecOps team members,
Tracking has recently become a big bogeyman. The sheer amount of data that an app or an operating system (OS) can use to identify you and collect your data is enormous, depending on the method of tracking it uses. While it’s clear why manufacturers and sellers desire more data – to tailor their products, enhance
Dec 07, 2023The Hacker NewsMalware / Security Breach A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is “able to conceal
Brand impersonation in cyber-attacks has reached new levels of sophistication, a recent research article by Abnormal Security has highlighted. Traditionally observed in financial institutions and social media sites, threat actors are now employing multi-stage attacks with a high degree of personalization. A study published by Abnormal CISO, Mike Britton, revealed a case where attackers impersonated the
Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all
Dec 06, 2023NewsroomVulnerability / Mobile Security Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under “limited, targeted exploitation” back in October 2023. The vulnerabilities are as follows – CVE-2023-33063 (CVSS score: 7.8) – Memory corruption in DSP Services during a remote call from HLOS to DSP. CVE-2023-33106 (CVSS
A recent cybersecurity report by Kaspersky has highlighted a 53% surge in daily cyber-threats targeting Microsoft Office during 2023. The report also revealed an average detection of 411,000 malicious files per day this year, indicating an overall uptick of almost 3% compared to the previous year. Kaspersky’s research signals a shift in cybercriminals’ tactics, emphasizing
Dec 05, 2023NewsroomCyber Espionage / Threat Analysis A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what’s suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is currently
The UK government has signed what it claims to be a “world-first” charter with some of the biggest technology companies on the planet, which will see the latter commit to blocking and removing fraudulent content from their platforms. Announced late yesterday, the Online Fraud Charter is a voluntary agreement for technology firms to better police fraud
Dec 04, 2023NewsroomTechnology / Firmware Security The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, “can be used by threat actors to deliver a malicious payload
Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20. The tech giant said that the two bugs in its WebKit browser engine were being actively exploited in the wild. The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and
Video Several cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology 01 Dec 2023 It has been reported recently that children are using artificial intelligence (AI) image generators to create indecent images of other children. The reports came amid a few publicized
- « Previous Page
- 1
- …
- 10
- 11
- 12
- 13
- 14
- …
- 99
- Next Page »