Author: Admin
September 13, 2024Ravi LakshmananVirtual Reality / Vulnerability Details have emerged of a patched security flaw affecting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow attackers to infer data entered on the device’s virtual keyboard. Attack, dubbing GAZEploitwas assigned the CVE ID CVE-2024-40865. “A New Attack That Can Infer Eye Biometrics from an Avatar Image to Recover Text Typed Using Gaze-Controlled Typing,” by a team of researchers at the University of Florida said. “The GAZEploit attack exploits a vulnerability inherent in gaze-controlled text input when users share a virtual avatar.” After a responsible disclosure, Apple fixed the…
While cyber threats are becoming more sophisticated, the number one attack vector for unauthorized access remains fraudulent credentials (Verizon DBIR, 2024). Addressing this problem addresses more than 80% of your enterprise risks, and a solution is possible. However, most tools available on the market today cannot offer complete protection against this attack vector because they are designed to provide probabilistic protection. Learn more about Beyond Identity’s features that enable us to build deterministic defenses. The problem: Phishing and credential theft Phishing attacks trick users into revealing their credentials through fraudulent websites or messages sent via SMS, email, and/or voice calls.…
September 13, 2024Ravi LakshmananCyber attack / Crime British authorities on Thursday announced the arrest of a 17-year-old man in connection with a cyberattack on Transport for London (TfL). “A 17-year-old male has been arrested on suspicion of breaching the Computer Misuse Act in connection with an attack on TfL on 1 September,” the UK’s National Crime Agency (NCA) said. said. The teenager, from Walsall, is said to have been arrested on September 5, 2024 following an investigation that was launched following the incident. Law enforcement agencies reported that the unnamed person was questioned and later released on bail. “Attacks on…
September 13, 2024Ravi LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have discovered a new variant of an Android banking trojan called TrickMo that comes with new capabilities to evade analysis and display fake login screens to obtain victims’ banking credentials. “Mechanisms include using malformed ZIP files in conjunction with JSONPacker,” Cleafy security researchers Michele Raviello and Alessandro Stryna said. “In addition, the application is installed through a dropper program that uses the same anti-analysis mechanisms.” “These features are designed to avoid detection and prevent cybersecurity professionals from analyzing and destroying malware.” TrickMo, first caught in the wild by CERT-Bund in…
September 13, 2024Ravi LakshmananEnterprise Security / Vulnerability Cybersecurity researchers have discovered a new malware campaign targeting Linux environments to conduct illegal cryptocurrency mining. The activity that makes the Oracle Weblogic server stand out is to deliver duplicate malware Hadukenaccording to cloud security firm Aqua. “When Hadooken is launched, it removes the Tsunami malware and deploys a crypto miner,” security researcher Assaf Moran said. Attack chains exploit known security system vulnerabilities and misconfigurations, such as weak credentials, to gain initial foothold and execute arbitrary code on sensitive instances. This is achieved by running two almost identical payloads, one written in Python…
September 12, 2024Ravi LakshmananDevSecOps / Vulnerability On Wednesday, GitLab released security updates to address 17 vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue tracked as CVE-2024-6678 has a CVSS score of 9.9 out of a maximum of 10.0 “An issue has been discovered in GitLab CE/EE that affects all versions from 8.14 to 17.1.7, from 17.2 to 17.2.5, and from 17.3 to 17.3.2, which allows an attacker to run the pipeline as an arbitrary user under certain circumstances “, the company said in the notice. The vulnerability, along with…
September 12, 2024Ravi LakshmananMobile Security / Financial Fraud Bank customers in the Central Asian region have been targeted by a new strain of code-named Android malware My class from at least November 2024 for the purpose of collecting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the threat in May 2024, said the malware was being distributed through a network of Telegram channels created by threat actors masquerading as legitimate applications related to banking, payment systems and government services. or daily utilities. “The attacker has a network of affiliates motivated by financial gain that distributes the…
September 12, 2024Ravi LakshmananRegulatory Compliance / Data Protection Ireland’s Data Protection Commission (DPC) has announced it has launched a “cross-border legislative investigation” into Google’s core artificial intelligence (AI) model to determine whether the tech giant followed the region’s data protection rules when handling the personal data of European users. “The statutory inquiry concerns whether Google has fulfilled any obligations it may have had to carry out an assessment under Article 35(2) of the General Data Protection Regulation (Data Protection Impact Assessment) before engaging in the processing of personal data of EU/EEA data subjects related to the development of their foundational…
September 12, 2024Ravi LakshmananMalware/IoT Security Nearly 1.3 million Android TV boxes running outdated versions of the operating system and owned by users in 197 countries have been infected by a new malware called Vo1d (aka Void). “This is a backdoor that places its components in the system storage and is capable of secretly downloading and installing third-party software at the command of attackers,” Russian anti-virus vendor Doctor Web said. said in a report released today. Most of the infections were found in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria and Indonesia. It is currently unknown what…
September 12, 2024Ravi LakshmananCryptocurrency / Network Security Selenium Grid instances exposed on the Internet are targeted by attackers for illegal cryptocurrency mining and proxyjacking companies. “Selenium Grid is a server that makes it easy to run tests in parallel across browsers and versions,” Cado Security researchers Tara Gould and Nate Beal said in an analysis published today. “However, Selenium Grid’s default configuration lacks authentication, making it vulnerable to exploits by threats.” The misuse of public Selenium Grid instances to deploy cryptominers was previously reported by cloud security company Wiz in late July 2024 as part of a cluster of activity…