Author: Admin
October 8, 2024Ravi LakshmananMalware / Cybercrime Users looking for cheats for the game are tricked into downloading Lua-based malware, which is able to secure the infected systems and deliver additional payloads. “These attacks benefit from the popularity of Lua game engine add-ons among the student gaming community,” Shmuel Uzan, researcher at Morphisec. said a new report published today adds that “this strain of malware is widespread in North America, South America, Europe, Asia and even Australia.” There were details about the company documented for the first time OALabs in March 2024, in which users downloaded a malware downloader written in…
October 8, 2024Ravi LakshmananZero-Day / Vulnerability Ivanti has warned that three new security vulnerabilities affecting its Cloud Service Appliance (CSA) are being actively exploited in the wild. According to the Utah-based software services provider, the zero-day flaws were used as a weapon in conjunction with another CSA flaw that the company patched last month. Successful exploitation of these vulnerabilities could allow an authenticated attacker with administrative privileges to bypass restrictions, execute arbitrary SQL statements, or receive remote code execution. “We are aware of a limited number of customers running CSA patch 4.6 518 and earlier that have been exploited where…
October 8, 2024Hacker newsMachine Learning / Data Security Introduction Artificial intelligence (AI) fakes and misinformation can cause concern in the tech and investment worlds, but this powerful foundational technology can benefit a variety of organizations if used correctly. In the world of cyber security, one of the most important areas of application of artificial intelligence is to complement and improve identity management systems. AI-powered identity lifecycle management is at the forefront of digital identity and is used to improve security, optimize management and improve the UX of the identity system. Advantages of an ID based on artificial intelligence AI is…
October 8, 2024Hacker newsOnline Security / Payment Fraud Is your store at risk? Learn how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life example here. The invisible threat in online shopping If this is the checkout page and not the checkout page? If it is the “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking fake checkout pages and steal their payment information, so could your store be at risk too? Learn how an innovative web security solution saved one global online retailer…
October 8, 2024Ravi LakshmananCyber threat / APT attack State institutions and industrial enterprises of Russia are the object of permanent activity of the cluster named Wake up there is. “Attackers now prefer to use the agent for the legitimate MeshCentral platform instead of the UltraVNC module that they previously used to gain remote access to systems,” Kaspersky said. saidwhich details the new campaign, which began in June 2024 and lasted until at least August. The Russian cyber security company said the campaign primarily targeted Russian government agencies, their contractors and industrial enterprises. Awaken Likho, also tracked as Core Werewolf and…
October 8, 2024Ravi LakshmananCyber attack / malware A little-known threat actor is tracked as Golden jackal has been linked to a series of cyber attacks targeting embassies and government organizations with the aim of penetrate systems with an air gap using two different custom tool sets. The victims were the embassy of South Asian countries in Belarus and the governmental organization of the European Union (EU), the Slovak cyber security company ESET reported. “GoldenJackal’s ultimate goal appears to be to steal sensitive information, especially from high-profile machines that may not be connected to the Internet,” security researcher Mathias Paroli. noted…
Ukraine has claimed responsibility for a cyber attack targeting the Russian state media company VGTRK and disrupting its operations, according to a report from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK reports confirmeddescribing it as an “unprecedented hacking attack”. However, it said there was no “significant damage” and that everything was operating normally, despite attempts to disrupt radio and television broadcasts. This is reported by the Russian publication Gazeta.ru informed that hackers wiped “everything” from the company’s servers, including backups, citing an anonymous source. A Reuters source reported that “Ukrainian hackers ‘congratulated’ Putin…
October 8, 2024Ravi LakshmananMobile Security / Privacy Qualcomm has released security updates to address nearly two dozen flaws covering proprietary and open-source components, including one that has been widely exploited in the wild. The high severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), was described as user error after release in digital signal processor (DSP) service, which may cause “memory corruption when saving memory cards of HLOS memory”. Qualcomm credits Google Project Zero researcher Seth Jenkins-Google Project Zero and Konghui Wang for reporting the flaw, and Amnesty International Security Lab for confirming the action in the wild. “There are indications…
October 7, 2024Ravi LakshmananCyber Security / Mobile Security Following similar tests in Singapore, Thailand and Brazil, Google announced that it is piloting a new security initiative that automatically blocks side-loading of potentially dangerous Android apps in India. The improved anti-fraud feature aims to keep users safe when they try to install malware from sources other than the Google Play Store, such as web browsers, messaging apps, and file managers. The program that was launched for the first time in Singapore in early February this year has already blocked nearly 900,000 high-risk installations in the Southeast Asian country, the tech giant…
October 7, 2024Ravi LakshmananCyber Security / Weekly Summary Have you ever heard of the “pig killer” scam? Or a DDoS attack so big it could melt your brain? This week’s cybersecurity roundup has it all: government crackdowns, sneaky malware, and even a dash of app store shenanigans. Get your scoop before it’s too late! ⚡ Threat of the week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies has taken action to arrest four people and take down nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation. In tandem, authorities discovered Russian citizen…