Author: Admin
January 21, 2025Ravi LakshmananMalware/cyber threats Ukraine’s Emergency Response Team (CERT-UA) warns of ongoing attempts by unknown threat actors to impersonate cybersecurity agencies by sending connection requests to AnyDesk. AnyDesk’s requests claim they are intended to perform an audit to assess the “security level,” CERT-UA added, warning organizations to be wary of such social engineering attempts that seek to exploit user trust. “It is important to note that CERT-UA may use remote access software such as AnyDesk under certain circumstances,” CERT-UA said. “But such actions are taken only after prior agreement with the owners of cyber defense facilities through officially approved…
January 20, 2025Ravi LakshmananAndroid / Malware The Threat actor known as Not the team has been linked to a new Android malware in a highly targeted cyberattack. The artifacts the company in question called Tanzeem (which means “organization” in Urdu) and Tanzeem Update were spotted in October and December 2024 by cybersecurity firm Cyfirma. The apps in question were found to have the same functionality, except for minor changes in the user interface. “Although the app is supposed to function as a chat app, it doesn’t work after installation and closes after obtaining the necessary permissions,” says Cyfirma. noted in…
January 20, 2025Ravi LakshmananNetwork Security / Vulnerability New research has revealed security vulnerabilities in many tunneling protocols which can allow attackers to perform a wide range of attacks. “Internet hosts that accept tunneled packets without verifying the identity of the sender can be hijacked to conduct anonymous attacks and secure access to their networks,” Top10VPN said in a collaborative study with KU Leuven professor and researcher Mathy Vanhoef. More than 4.2 million hosts, including VPN servers, ISP home routers, core Internet routers, mobile network gateways, and content delivery network (CDN) nodes, were identified as affected. China, France, Japan, the USA…
Every week seems to bring news of another data breach, and it’s no wonder why: it’s harder than ever to keep sensitive data safe. And it’s not just because companies are dealing with more data. Data flows and user roles are constantly changing, and data is stored across different technologies and in cloud environments. Not to mention that compliance requirements are becoming more stringent and sophisticated. The problem is that while the data landscape has evolved rapidly, conventional strategies for securing that data have become a thing of the past. Gone are the days when data existed in predictable places…
January 20, 2025Ravi LakshmananAttack on the supply chain / Solana Cybersecurity researchers have discovered three sets of malicious packages in the npm and Python Package Index (PyPI) repositories that have the ability to steal data and even delete sensitive data from infected systems. The list of identified packages is given below – @async-mutex/mutex, typographic variant of async-mute (npm) dexscreener, which pretends to be a library for accessing liquidity pool data from decentralized exchanges (DEX) and interacting with the DEX Screener platform (npm) solana-transaction-toolkit (npm) solana-stable-web-hooks (npm) cschokidar-next, typoscotic by chokidar (npm) achokidar-next, typosquat by chokidar (npm) achalk-next, typosquat chalk (npm)…
January 19, 2025Ravi LakshmananSocial Media / Data Privacy The popular video sharing social network TikTok is officially here got dark in the United States, 2025, as the federal ban on the supplement takes effect on January 19, 2025. “We regret that the US law banning TikTok will go into effect on January 19 and force us to make our services temporarily unavailable,” the company said in a statement. said in a pop-up message. “We are working to restore our service in the US as soon as possible, and we appreciate your support. Stay tuned.” The immediate result of the ban…
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged ties to the Salt Typhoon group and the recent compromise of a federal agency. “Cyber attackers associated with the People’s Republic of China (PRC) continue to target US government systems, including the recent attack on the Treasury Department’s information technology (IT) systems, as well as sensitive critical US infrastructure,” the Treasury Department said in a statement. said in a press release. The sanctions target Yin Kecheng, who is estimated to have been a cyber…
January 17, 2025Ravi LakshmananCyber Security / Threat Intelligence Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that has been targeting Microsoft 365 accounts to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The new phishing kit was named Sneaky 2FA by French cybersecurity company Sekoia, which discovered it in the wild in December. As of this month, nearly 100 domains have been identified as hosting Sneaky 2FA phishing pages, indicating moderate threat acceptance. “This kit is sold as Phishing as a Service (PhaaS) by Sneaky Log, a cybercrime service that operates through a fully…
January 17, 2025Ravi LakshmananFirmware Security / Vulnerability Cybersecurity researchers have discovered three security flaws in Planet Technology’s WGS-804HPT industrial switches that can be chained together to achieve remote code execution before authentication on sensitive devices. “These switches are widely used in building and home automation systems for a variety of network applications,” Tomer Goldschmidt of Claroty said in a report on Thursday. “An attacker who can remotely control one of these devices can use them to further exploit devices on the internal network and perform lateral movement.” The operational technology security firm, which conducted an extensive analysis of the firmware…
January 17, 2025Ravi LakshmananWeb Security / Botnet Cybersecurity researchers have uncovered a new campaign targeting web servers running PHP-based applications to promote gambling platforms in Indonesia. “The past two months have seen a significant number of attacks by Python-based bots, suggesting a coordinated effort to exploit thousands of web applications,” Imperva researcher Daniel Johnston said in the analysis. “These attacks appear to be related to the proliferation of gambling-related sites, potentially in response to increased government control.” The Thales-owned company said it discovered millions of requests originating from a Python client containing a command to install GSocket (aka Global Socket),…