Mobile Security Firms Fortify Defenses as App Attacks Accelerate
Better cybersecurity may soon come to a mobile app you use in time to defend against a rising wave of data breaches, malware assaults, and AI-powered bot attacks. The post Mobile Security Firms Fortify Defenses as App Attacks Accelerate appeared first on TechNewsWorld.
Spoutible – 207,114 breached accounts
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt...
New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw Go to Source The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise...
New Linux glibc flaw lets attackers get root on major distros
Article URL: https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/ Comments URL: https://news.ycombinator.com/item?id=39250076 Points: 8 # Comments: 0
Exclusive: Apple’s Phil Schiller says alternative app stores expose iPhone users to major risks. He’s right
Exclusive: Apple’s Phil Schiller says alternative app stores expose iPhone users to major risks. He’s right Go to Source Next month, in EU member states, third-party app stores will appear on the iPhone for the first time in the...
DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since...
Interpol’s latest cybercrime intervention dismantles ransomware, banking malware servers
Efforts part of internationally coordinated operations carried out in recent months Interpol has arrested 31 people following a three-month operation to stamp out various types of cybercrime.…
31 People Arrested in Global Cybercrime Crackdown
Law enforcement in 50 countries partner to take down ransomware, banking malware, and phishing threats. The post 31 People Arrested in Global Cybercrime Crackdown appeared first on SecurityWeek.
INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs
An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023...
FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force...
HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by...
Hashtag Trending Feb.1-Software issues hit automakers; Poor performance linked to RTO mandates?; Microsoft continues to push Edge over Chrome
Hashtag Trending Feb.1-Software issues hit automakers; Poor performance linked to RTO mandates?; Microsoft continues to push Edge over Chrome Go to Source Software problems are hitting automakers hard, Tesla’s shares take a hit as...
Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web...
Ars Technica used in malware campaign with never-before-seen obfuscation
Article URL: https://arstechnica.com/security/2024/01/ars-technica-used-in-malware-campaign-with-never-before-seen-obfuscation/ Comments URL: https://news.ycombinator.com/item?id=39210603 Points: 12 # Comments: 5
Microsoft says Palworld is the biggest ever third-party Game Pass launch
Microsoft says Palworld is the biggest ever third-party Game Pass launch Go to Source Palworld, the viral “Pokémon with guns” game that launched in Early Access to mixed reviews, has already sold 19 million copies. Developer...
FBI confirms it issued remote kill command to blow out Volt Typhoon’s botnet
Remotely disinfects Cisco and Netgear routers to block Chinese critters China's Volt Typhoon attackers used "hundreds" of outdated Cisco and NetGear routers infected with malware in an attempt to break into US critical infrastructure facilities, according to the...
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks
Evidence mounts of an exploit gatekept within Russia's borders Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems.…
GNU C Library Vulnerability Leads to Full Root Access
Researchers at Qualys call attention to a vulnerability in Linux’s GNU C Library (glibc) that allows full root access to a system. The post GNU C Library Vulnerability Leads to Full Root Access appeared first on SecurityWeek.
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has...
Apple and Google Just Patched Their First Zero-Day Flaws of the Year
Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation,...
Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security...
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's...
Microsoft’s legal department allegedly silenced an engineer who raised concerns about DALL-E 3
Microsoft’s legal department allegedly silenced an engineer who raised concerns about DALL-E 3 Go to Source A Microsoft manager claims OpenAI’s DALL-E 3 has security vulnerabilities that could allow users to generate violent or...
Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives
A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and seizure warrants in the states of São Paulo,...
Xbox president thinks Apple’s EU App Store plan is ‘a step in the wrong direction’
Xbox president thinks Apple's EU App Store plan is 'a step in the wrong direction' Go to Source Apple recently announced the changes it's making to the App Store in order to comply with the European Union's Digital Markets Act (DMA)...
New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility
Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler...
Galaxy S24 Ultra review:: Samsung’s AI reinforcements have arrived
For nearly a decade the Galaxy Note was the undisputed king of Android phones. But when the OG phablet line was retired in 2020, that title passed on to the Ultra. While the hardware inside the most expensive Galaxy S model is as dominant as ever, over the past few...
Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords
Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords Go to Source A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when...
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix,...