Author: Admin
November 5, 2024Ravi LakshmananMobile Security / Vulnerability Google warns that a security flaw affecting its Android operating system is being exploited in the wild. The vulnerability, tracked as CVE-2024-43093, was described as a privilege escalation flaw in the Android Framework component that could lead to unauthorized access to the “Android/data”, “Android/obb”, and “Android/sandbox” directories. and its subdirectories, according to a code commit message. There are currently no details on how this vulnerability is used in actual attacks, but Google admitted in its monthly newsletter that there are indications that it “may be under limited, targeted exploitation”. The tech giant also…
November 4, 2024Ravi LakshmananVulnerability / Cyber threat Cybersecurity researchers discovered six security flaws in Ollama’s artificial intelligence (AI) framework that could be exploited by an attacker to perform a variety of actions, including denial of service, model poisoning, and model theft. “Combined, these vulnerabilities could allow an attacker to perform a wide variety of malicious activities with a single HTTP request, including Denial of Service (DoS) attacks, model poisoning, model theft, and more,” Avi, researcher at Oligo Security. Lumelsky said in a report published last week. Ollama is an open source program that allows users to locally deploy and manage…
November 4, 2024Ravi LakshmananArtificial Intelligence / Vulnerability Google said it discovered a zero-day vulnerability in the open-source SQLite database engine using a Large Language Model (LLM)-enabled framework called Big dream (formerly Project Naptime). The tech giant described the development as the “first real-world vulnerability” discovered using an artificial intelligence (AI) agent. “We believe this is the first public example of an AI agent detecting a previously unknown memory security issue in widely used real-world software,” Big Sleep Team said in a blog post shared with The Hacker News. The vulnerability it’s about stack buffer underfilling in SQLite, which happens when…
November 4, 2024Mohit KumarDDoS attack / Cybercrime German law enforcement announced a flaw in a criminal service called dstat(.)cc that allowed other threat actors to easily mount distributed denial-of-service (DDoS) attacks. “The platform has made such DDoS attacks accessible to a wide range of users, even those without deep technical skills of their own,” notes the Federal Criminal Police Office (aka Bundeskriminalamt or BKA). said. “In the context of police investigations, the use of stressor services to carry out DDoS attacks has recently become increasingly known.” The BKA described dstat(.)cc as a platform that offers recommendations and assessments of stress…
As the holiday season approaches, retailers are bracing for the annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals who want to exploit vulnerabilities to their advantage. Imperva, a Thales company, recently published its annual release Guide to Cyber Security Holiday Shopping. Data from Imperva Threat Research’s six-month analysis (April 2024 – September 2024) showed that retailers should be mindful of AI-driven threats this year. As generative artificial intelligence tools and large language models (LLMs) become more common and sophisticated, cybercriminals are increasingly using these technologies to scale and refine their attacks on e-commerce…
November 4, 2024Ravi LakshmananMobile Security / Financial Fraud Cybersecurity researchers have discovered a new version of a well-known Android malware family called FakeCall which uses voice phishing techniques (aka vishing) to trick users into parting with personal information. “FakeCall is an extremely sophisticated Vishing attack that uses malware to gain almost complete control over a mobile device, including intercepting incoming and outgoing calls,” said Zimperium researcher Fernando Ortega. said in a report published last week. “Victims are tricked into calling fake phone numbers controlled by the attacker and mimicking the normal user experience on the device.” FakeCall, which is also…
U.S. and Israeli cybersecurity agencies have issued a new advisory that attributes an Iranian cyber group to the 2024 Summer Olympics and compromised a French commercial supplier of dynamic displays to show messages condemning Israel’s participation in the sporting event. The activity was anchored to an entity known as Emenet Pasargadwhich the agencies say has been operating under the name Aria Sepehr Ayandehsazan (ASA) since mid-2024. The wider cyber security community tracks it down as Cotton Sandstorm, Haywire Kitten and Marnanbridge. “The group demonstrated new prowess in its efforts to conduct cyber-enabled information operations through mid-2024 using multiple covert characters,…
November 1, 2024Hacker newsSaaS Security / Insider Threat With so many SaaS applications, many configuration options, API capabilities, endless integrations and connections between applications, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from attackers, data breaches and insider threats, creating a host of challenges for security teams. Misconfigurations are silent killers that lead to serious vulnerabilities. So how can CISOs reduce the noise? Which misconfiguration should security teams focus on first? Here are five major SaaS configuration mistakes that can lead to a security breach. #1 Misconfiguration: Support administrators have excessive privileges risk: Support…
November 1, 2024Ravi LakshmananVulnerability / Cloud Security Cybersecurity researchers have flagged a “massive” campaign aimed at getting open Git configurations to skim over credentials, clone private repositories, and even extract cloud credentials from source code. Codenamed activity THE EMERALD WHALEestimated to have collected over 10,000 private vaults and stored them in Amazon S3 storage owned by a previous victim. The bucket, consisting of at least 15,000 stolen credentials, has since been removed by Amazon. “Stolen credentials belong to Cloud Service Providers (CSPs), email providers and other services” – Sysdig said in the report. “Phishing and spam are the primary targets…
November 1, 2024Ravi LakshmananThreat Intelligence / Network Security Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 uses a botnet called Quad7 to orchestrate highly evasive password spraying attacks. The tech giant named the botnet CovertNetwork-1658, saying that password spraying operations are being used to steal credentials from numerous Microsoft customers. “Active since at least 2021, Storm-0940 gains initial access through password spraying and brute force attacks, or by exploiting or misusing network applications and services,” the Microsoft Threat Intelligence team said. said. “Storm-0940 is known to target organizations in North America and Europe, including think tanks,…