Author: Admin
October 9, 2024Hacker newsSaaS Security / Identity Security Social media accounts help shape a brand’s identity and reputation. These public forums interact directly with customers as they are a hub for communication, sharing content and answering questions. However, despite the high role of these accounts, many organizations do not pay attention to the security of social media accounts. Many lack safeguards to prevent unauthorized access, a situation that no organization wants, as it can quickly lead to reputational damage and financial loss. With such high exposure, the need to have a deep understanding of social media risks, as well as…
October 9, 2024Ravi LakshmananVulnerability / Zero-Day Microsoft released security updates to fix everything 118 vulnerabilities through its software portfolio, two of which are actively used in the wild. Of the 118 deficiencies, three are rated critical, 113 are important, and two are of moderate severity. The Patch Tuesday update does not include 25 additional disadvantages which the tech giant has been considering in its Chromium-based Edge browser for the past month. Five vulnerabilities are listed as public knowledge at the time of release, with two of them being actively exploited as zero-day – CVE-2024-43572 (CVSS Score: 7.8) – Microsoft Management…
October 9, 2024Ravi LakshmananEnterprise Security / Identity Theft Microsoft is a warning cyberattack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox, which are widely used in enterprise environments as a defense evasion tactic. The companies’ end goals are wide and varied, allowing threat actors to compromise identities and devices and compromise business email (BEC) attacks that ultimately lead to financial fraud, data theft, and lateral movement to other endpoints. Veanization of legitimate Internet services (LIS) is an increasingly popular risk vector adopted by adversaries to connect to legitimate network traffic in ways that often bypass…
October 8, 2024Ravi LakshmananMalware / Cybercrime Users looking for cheats for the game are tricked into downloading Lua-based malware, which is able to secure the infected systems and deliver additional payloads. “These attacks benefit from the popularity of Lua game engine add-ons among the student gaming community,” Shmuel Uzan, researcher at Morphisec. said a new report published today adds that “this strain of malware is widespread in North America, South America, Europe, Asia and even Australia.” There were details about the company documented for the first time OALabs in March 2024, in which users downloaded a malware downloader written in…
October 8, 2024Ravi LakshmananZero-Day / Vulnerability Ivanti has warned that three new security vulnerabilities affecting its Cloud Service Appliance (CSA) are being actively exploited in the wild. According to the Utah-based software services provider, the zero-day flaws were used as a weapon in conjunction with another CSA flaw that the company patched last month. Successful exploitation of these vulnerabilities could allow an authenticated attacker with administrative privileges to bypass restrictions, execute arbitrary SQL statements, or receive remote code execution. “We are aware of a limited number of customers running CSA patch 4.6 518 and earlier that have been exploited where…
October 8, 2024Hacker newsMachine Learning / Data Security Introduction Artificial intelligence (AI) fakes and misinformation can cause concern in the tech and investment worlds, but this powerful foundational technology can benefit a variety of organizations if used correctly. In the world of cyber security, one of the most important areas of application of artificial intelligence is to complement and improve identity management systems. AI-powered identity lifecycle management is at the forefront of digital identity and is used to improve security, optimize management and improve the UX of the identity system. Advantages of an ID based on artificial intelligence AI is…
October 8, 2024Hacker newsOnline Security / Payment Fraud Is your store at risk? Learn how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life example here. The invisible threat in online shopping If this is the checkout page and not the checkout page? If it is the “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking fake checkout pages and steal their payment information, so could your store be at risk too? Learn how an innovative web security solution saved one global online retailer…
October 8, 2024Ravi LakshmananCyber threat / APT attack State institutions and industrial enterprises of Russia are the object of permanent activity of the cluster named Wake up there is. “Attackers now prefer to use the agent for the legitimate MeshCentral platform instead of the UltraVNC module that they previously used to gain remote access to systems,” Kaspersky said. saidwhich details the new campaign, which began in June 2024 and lasted until at least August. The Russian cyber security company said the campaign primarily targeted Russian government agencies, their contractors and industrial enterprises. Awaken Likho, also tracked as Core Werewolf and…
October 8, 2024Ravi LakshmananCyber attack / malware A little-known threat actor is tracked as Golden jackal has been linked to a series of cyber attacks targeting embassies and government organizations with the aim of penetrate systems with an air gap using two different custom tool sets. The victims were the embassy of South Asian countries in Belarus and the governmental organization of the European Union (EU), the Slovak cyber security company ESET reported. “GoldenJackal’s ultimate goal appears to be to steal sensitive information, especially from high-profile machines that may not be connected to the Internet,” security researcher Mathias Paroli. noted…
Ukraine has claimed responsibility for a cyber attack targeting the Russian state media company VGTRK and disrupting its operations, according to a report from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK reports confirmeddescribing it as an “unprecedented hacking attack”. However, it said there was no “significant damage” and that everything was operating normally, despite attempts to disrupt radio and television broadcasts. This is reported by the Russian publication Gazeta.ru informed that hackers wiped “everything” from the company’s servers, including backups, citing an anonymous source. A Reuters source reported that “Ukrainian hackers ‘congratulated’ Putin…