Author: Admin
December 2, 2024Ravi LakshmananMalware / cryptocurrency Taiwanese manufacturing, healthcare and information technology businesses have been targeted by a new SmokeLoader malware distribution campaign. “SmokeLoader is well known for its versatility and advanced evasion techniques, and its modular design allows for a wide range of attacks” – Fortinet FortiGuard Labs said in a report shared with The Hacker News. “While SmokeLoader mainly serves as a loader to deliver other malware, in this case it is carrying out the attack itself by loading plugins from its (command and control) server.” SmokeLoaderfirst touted on cybercrime forums in 2011, the malware downloader is primarily…
December 3, 2024Ravi LakshmananMalware / phishing attack A newly discovered malware campaign was found to be targeting private users, retailers and businesses serving primarily in Russia to deliver NetSupport RAT and BurnsRAT. Company, dubbing Horns and hooves from Kaspersky, from the beginning of March 2023. more than 1,000 people were injured. The ultimate goal of these attacks is to use the access provided by these Trojans to install malicious hijackers such as Rhadomantis and Medusa. “In recent months, there has been a surge in mailings with similar email attachments in the form of a ZIP archive containing JScript scripts,” security…
December 2, 2024Hacker newsAI Security / Data ProtectionArtificial Intelligence (AI) is no longer a distant dream – it is here, changing the way we live. From ordering coffee to diagnosing illnesses, it’s everywhere. But while you’re building the next big AI-powered app, hackers are already thinking of ways to break it. Every application of artificial intelligence is an opportunity and a potential risk. The stakes are huge: data leaks, downtime, and even security threats if security isn’t built in. With the rapid adoption of artificial intelligence, securing your projects is no longer a must – it’s a necessity. Join Litian…
December 2, 2024Ravi LakshmananMobile Security / Financial Fraud According to new findings from McAfee Labs, more than a dozen Android malware discovered in the Google Play Store, which have been downloaded more than 8 million times, contain malware known as SpyLoan. “These PUP (Potentially Unwanted Programs) apps use social engineering tactics to get users to provide sensitive information and grant additional permissions to mobile apps, which can lead to extortion, harassment, and financial loss,” security researcher Fernando Ruiz said in an analysis published last week. The newly discovered apps aim to offer quick loans with minimal requirements to attract unsuspecting…
December 2, 2024Ravi LakshmananFinancial Fraud / Cryptocurrency A global law enforcement operation resulted in the arrest of more than 5,500 financial crime suspects and the seizure of more than $400 million in virtual assets and government-backed currencies. Governments from 40 countries, territories and regions took part in the coordinated exercises as part of the latest wave Operation HAECHI-Vwhich took place between July and November 2024, Interpol reported. “The consequences of cybercrime can be devastating: people lose their savings, businesses are destroyed, and trust in digital and financial systems is undermined,” said INTERPOL Secretary-General Valdesi Urquiza. said in the statement. “The…
November 30, 2024Mohit KumarRansomware / Cybercrime A Russian cybercriminal wanted in the US in connection with the LockBit and Hive ransomware operations has been arrested by the country’s law enforcement agencies. According to A news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev was accused of developing malware designed to encrypt files and demand a ransom in exchange for a decryption key. “Currently, the investigators have collected enough evidence, the criminal case with the indictment signed by the prosecutor has been sent to the court of the Central District of the city of Kaliningrad for review on the…
November 29, 2024Ravi LakshmananMisinformation / Artificial Intelligence The Moscow-based campaign, hit by US sanctions earlier this year, has been linked to another influence-peddling operation designed to turn public opinion against Ukraine and undermine Western support from at least December 2023. The covert campaign, carried out by the Social Design Agency (SDA), uses artificial intelligence (AI)-enhanced videos and fake websites impersonating authoritative news sources to target audiences in Ukraine, Europe and the US. She got a name Operation Undercut. by Insikt Group Recorded Future. “This operation is in tandem with other companies such as Doubledesigned to discredit Ukraine’s leadership, question the…
November 29, 2024Ravi LakshmananAI Security / Cloud Security Microsoft has fixed four security flaws affecting its artificial intelligence (AI), cloud, enterprise resource planning and partner center offerings, including one it said was being exploited in the wild. A vulnerability marked “Exploitation Discovered” is present CVE-2024-49035 (CVSS score: 8.7), an elevation of privilege flaw at partner.microsoft(.)com. “An improper access control vulnerability in partner.microsoft(.)com could allow an unauthenticated attacker to elevate network privileges,” the tech giant said in an advisory released this week. Microsoft credited Gautam Perry, Apoorva Wadhwa and an anonymous researcher for reporting the flaw, but did not reveal any…
November 29, 2024Ravi LakshmananCybercrime / Cloud Security Cyber security researchers warn of malicious email campaigns that use phishing as a service (PhaaS) a set of tools named Rockstar 2FA to steal Microsoft 365 credentials. “This campaign uses an AitM (adversary-in-the-middle) attack that allows attackers to intercept user credentials and session cookies, meaning that even users with multi-factor authentication (MFA) enabled can still be vulnerable,” — Diane, Trustwave Researcher. Solomon and John Kevin Adriano said. Rockstar 2FA is rated as an updated version DadSec (aka Phoenix) phishing kit. Microsoft tracks the developers and distributors of the Dadsec PhaaS platform under an…
November 29, 2024Ravi LakshmananCorporate Espionage / National Security A 59-year-old US citizen who immigrated from the People’s Republic of China (PRC) was awarded up to four years in prison for conspiring to spy for the country and passing confidential information about his employer to China’s top civilian intelligence service. Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a liaison to the Ministry of State Security (MSS) as recently as August 2012, working on their behalf to obtain information of interest to the Chinese government. Lee worked at telecommunications giant Verizon and later at information technology…