Author: Admin
August 1, 2024Ravi LakshmananData Encryption / Browser Security Google has announced that it is adding a new layer of protection to its Chrome browser through so-called application-bound encryption to prevent information-stealing malware from hijacking cookies on Windows systems. “On Windows Chrome uses the Data Protection API (DPAPI) that protects data at rest from other system users or cold boot attacks.” — Will Harris of the Chrome Security Team said. “However, DPAPI does not protect against malware capable of executing code on behalf of a logged-in user, which is used by information thieves.” Application-bound encryption is an improvement over DPAPI in…
August 1, 2024Ravi LakshmananInternet fraud / Malicious advertising Facebook users are being targeted by an e-commerce fraud network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malicious advertising tricks. Recorded Future’s Payment Fraud Intelligence team, which discovered the company on April 17, 2024, named it ERIAKOS due to its use of the same content delivery network (CDN) as oss.eriakos(.)com. “These fraudulent sites were only accessible via mobile devices and advertising baits, a tactic designed to evade automated detection systems,” the company said in a statement. saidnoting that the network included 608 fraudulent…
July 31, 2024Ravi LakshmananDevelopment of malware / programs The threat actors behind the current malware campaign targeting software developers have demonstrated new malware and tactics as they expand their focus to Windows, Linux and macOS systems. Activity cluster, dubbing DEV#POPER and linked to North Korea, has been found to have singled out victims in South Korea, North America, Europe and the Middle East. “This form of attack is an advanced form of social engineering designed to manipulate people into revealing sensitive information or taking actions they might not normally take,” Securonix researchers Dan Yuzwick and Tim Peck said in a…
July 31, 2024Ravi LakshmananWeb Security / Compliance Certification authority (CA) DigiCert has warned that it will revoke a subset of SSL/TLS certificates within 24 hours due to an oversight in how it verifies that a digital certificate is issued to a legitimate domain owner. The company said it will revoke certificates that do not have proper domain control checks (CVD). “Before issuing a certificate to a customer, DigiCert verifies the customer’s control or ownership of the domain name for which it is requesting a certificate using one of several methods approved by the CA/Browser Forum (CABF),” this said. One way…
Here’s an introduction to FUDdy: We all know that phishing attacks are growing in scale and sophistication, that artificial intelligence is enabling more sophisticated attacks that evade traditional defenses, and the never-ending shortage of cybersecurity talent means we’re all struggling , to provide a full complement of security teams. Given this reality, security teams must be able to monitor and respond to threats effectively and efficiently. Obviously, you can’t let real threats go unnoticed, but you also can’t afford to waste time on false positives. In this post, we’ll look at some of the ways Material securityA unique approach to…
July 31, 2024Ravi LakshmananCyber attack / threat intelligence Japanese organizations are being targeted by a Chinese nation-state threat that uses a family of malware such as LODEINFO and NOOPDOOR to collect sensitive information from compromised hosts while remaining undetected in some cases for periods of two to three years . Israeli cybersecurity firm Cybereason is tracking a company called Spear Cuckooattributing it as being associated with a well-known intrusion suite called APT10, which is also known as Bronze Riverside, ChessMaster, Cicada, Cloudhopper, MenuPass, MirrorFace, Purple Typhoon (formerly Potassium), and Stone Panda. “The actors behind NOOPDOOR not only used LODEINFO during…
July 31, 2024Ravi LakshmananCyber espionage / threat intelligence Companies in Russia and Moldova have been targeted by a phishing campaign organized by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm FACCT, which said the infection chains lead to the deployment of malware called DDSownloader. Activity was observed this month as well, it added. XDSpy is a menacing actor of uncertain origin who was the first uncovered By the Belarusian Computer Emergency Response Team, CERT.BY, in February 2020. Next analysis by ESET attributed to group to attacks to steal information since 2011, assigned to government…
July 31, 2024Ravi LakshmananMobile Security / Malware Since at least February 2022, a new malware campaign has been observed using malicious Android apps to steal users’ SMS messages as part of a large-scale campaign. The malware, which spans more than 107,000 unique samples, is designed to intercept one-time passwords (OTPs) used for online account verification to commit identity fraud. “Of these 107,000 malware samples, more than 99,000 of these apps are/were unknown and not available in public repositories,” according to mobile security company Zimperium. said in a report shared with The Hacker News. “This malware monitored OTP messages for more…
July 31, 2024Ravi LakshmananPrivacy / Social Media Meta, the parent company of Facebook, Instagram and WhatsApp, has agreed to a record $1.4 billion settlement with the US state of Texas over allegations it illegally collected the biometric data of millions of users without their permission, in one of the largest fines levied by regulators. against the tech giant. “This historic settlement demonstrates our commitment to standing up to the world’s largest technology companies and holding them accountable for violating the law and the privacy rights of Texans,” said Attorney General Ken Paxton said. “Any misuse of Texans’ confidential data will…
There’s no doubting Paes’ commitment. He’s well aware of the undertaking and is excited about the opportunities in front of him and Indonesian Nation Team–currently ranked 134th in the world. “What I want to achieve is putting Indonesia on the soccer map,” he said. “It’s a huge country, 300 million people and their number one sport is football, or soccer. If you see the amount of support that they get, the potential that is there, it’s just time to fulfill that potential. “And off the field, I also want to be leading by example and have a huge impact there.…