Author: Admin
August 27, 2024Ravi LakshmananBrowser Vulnerability / Security Google discovered a security flaw that was fixed as part of a security update rolled out last week its Chrome browser was actively exploited in the wild. Tracked as CVE-2024-7965The vulnerability was described as an inconsistent implementation bug in the V8 JavaScript engine and WebAssembly. “A flawed implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit a heap corruption via a crafted HTML page,” it said. description about the bug in the NIST National Vulnerability Database (NVD). The security researcher, who goes by the online pseudonym…
August 27, 2024Ravi LakshmananAI Security / Vulnerability Details have emerged about a patched vulnerability in Microsoft 365 Copilot that could allow the theft of sensitive user information using a technique called ASCII smuggling. “ASCII smuggling is a new technique that uses special Unicode characters that represent ASCII but are not actually visible in the user interface,” security researcher Johann Rehberger said. “This means that an attacker can get the (large language model) user rendering of invisible data and embed it in clickable hyperlinks. This technique basically prepares data for hijacking!” The entire attack combines a number of attack techniques to…
August 26, 2024Ravi LakshmananGDPR / Data Protection The Dutch data protection authority (DPA) has fined Uber a record 290 million euros ($324 million) for allegedly failing to comply with European Union (EU) data protection standards when sending sensitive driver data to the US “The Dutch DPA found that Uber transferred the personal data of European taxi drivers to the United States (US) and failed to adequately protect the data in relation to these transfers,” the agency said in a statement. said. The data protection watchdog said the move was a “serious” breach of the General Data Protection Regulation (GDPR). In…
August 26, 2024Ravi LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw affecting firewalls that, if successfully exploited, could allow attackers to gain unauthorized access to devices. Vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), was described as an incorrect access control error. “An improper access control vulnerability has been identified in SonicWall SonicOS management access, which could potentially lead to unauthorized access to resources and, under certain conditions, lead to a firewall failure,” the company said in a statement. said in an advisory issued last week. “This issue affects SonicWall Firewall Gen 5 and Gen…
August 26, 2024Hacker newsData Security / Compliance Nowadays, sensitive and important data moves through everyday business channels that offer only a basic level of security and encryption, and companies often overlook the risks. Case in point: Disney suffered a staggering data breach from a hacking group known as NullBulge, which obtained more than 1.2 terabytes of data from internal Disney Slack messaging channels. As a result of the hack, confidential information was exposed, including: details about unreleased projects, computer code, login details and passwords, and Intellectual Property (IP) and Trade Secrets. The Slack breaches also affected companies such as Uber,…
Cybersecurity researchers are warning of security risks in the machine learning (ML) software supply chain after discovering more than 20 vulnerabilities that could be used to target MLOps platforms. Described as internal and implementation-based flaws, these vulnerabilities can have serious consequences ranging from executing arbitrary code to downloading malicious datasets. MLOps platforms offer the ability to develop and execute an ML model pipeline with a model registry that acts as a repository used to store and train ML models. These models can then be embedded in the application or allowed to be requested by other clients using an API (aka…
August 26, 2024Ravi LakshmananSoftware Security / Vulnerability Two security vulnerabilities were discovered in the open source code Trakar A GPS tracking system that can potentially be used by unauthenticated attackers to achieve remote code execution under certain circumstances. Both vulnerabilities are traversal flaws and could be weapons if guest logging is enabled, which is the default configuration for Traccar 5, said Horizon3.ai researcher Naveen Sankavali. A brief description of the disadvantages is as follows – CVE-2024-24809 (CVSS Score: 8.5) – Traversing the path: ‘dir/../../filename’ and downloading an unsafe type file indefinitely CVE-2024-31214 (CVSS Score: 9.7) – Unrestricted file download vulnerability…
August 26, 2024Ravi LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have discovered new Android malware that can transfer victims’ contactless payment data from physical credit and debit cards to a device controlled by attackers to conduct fraudulent transactions. A Slovak cybersecurity company is tracking a new malware called NGate, saying it has observed a malware campaign targeting three banks in the Czech Republic. Researchers Łukasz Štefanka and Jakub Osmani the malware “has the unique ability to transmit data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted phone. said in the analysis.…
August 25, 2024Ravi LakshmananFinancial Fraud / Cybercrime Cybersecurity researchers have discovered a new stealth piece of Linux malware that uses an unconventional method to keep infected systems safe and hide credit card skimmer code. The malware, which is attributed to a financially motivated threat, has been codenamed sedexp by the Aon Stroz Friedberg incident response team. “This sophisticated threat, active since 2022, hides in plain sight, providing attackers with recoil capabilities and advanced stealth tactics,” researchers Zachary Reichert, Danielle Stein, and Joshua Pivirotta said. Not surprisingly, attackers are constantly improvising and improving their craft, and have turned to new methods…
August 25, 2024Ravi LakshmananLaw enforcement / digital privacy Pavel Durau, the founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, French television network TF1 reported. It is believed that Durov was detained as part of a preliminary investigation. TF1 said the investigation focused on the lack of content moderation on the instant messaging service, which authorities did not dispute, turning the app into a haven for a variety of criminal activities, including drug trafficking, child pornography, money laundering and fraud. The practical approach to moderation in Telegram was a point of contentionfueling cybercrime…