Author: Admin

September 13, 2024Ravi LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have discovered a new variant of an Android banking trojan called TrickMo that comes with new capabilities to evade analysis and display fake login screens to obtain victims’ banking credentials. “Mechanisms include using malformed ZIP files in conjunction with JSONPacker,” Cleafy security researchers Michele Raviello and Alessandro Stryna said. “In addition, the application is installed through a dropper program that uses the same anti-analysis mechanisms.” “These features are designed to avoid detection and prevent cybersecurity professionals from analyzing and destroying malware.” TrickMo, first caught in the wild by CERT-Bund in…

Read More

September 13, 2024Ravi LakshmananEnterprise Security / Vulnerability Cybersecurity researchers have discovered a new malware campaign targeting Linux environments to conduct illegal cryptocurrency mining. The activity that makes the Oracle Weblogic server stand out is to deliver duplicate malware Hadukenaccording to cloud security firm Aqua. “When Hadooken is launched, it removes the Tsunami malware and deploys a crypto miner,” security researcher Assaf Moran said. Attack chains exploit known security system vulnerabilities and misconfigurations, such as weak credentials, to gain initial foothold and execute arbitrary code on sensitive instances. This is achieved by running two almost identical payloads, one written in Python…

Read More

September 12, 2024Ravi LakshmananDevSecOps / Vulnerability On Wednesday, GitLab released security updates to address 17 vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue tracked as CVE-2024-6678 has a CVSS score of 9.9 out of a maximum of 10.0 “An issue has been discovered in GitLab CE/EE that affects all versions from 8.14 to 17.1.7, from 17.2 to 17.2.5, and from 17.3 to 17.3.2, which allows an attacker to run the pipeline as an arbitrary user under certain circumstances “, the company said in the notice. The vulnerability, along with…

Read More

September 12, 2024Ravi LakshmananMobile Security / Financial Fraud Bank customers in the Central Asian region have been targeted by a new strain of code-named Android malware My class from at least November 2024 for the purpose of collecting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the threat in May 2024, said the malware was being distributed through a network of Telegram channels created by threat actors masquerading as legitimate applications related to banking, payment systems and government services. or daily utilities. “The attacker has a network of affiliates motivated by financial gain that distributes the…

Read More

September 12, 2024Ravi LakshmananRegulatory Compliance / Data Protection Ireland’s Data Protection Commission (DPC) has announced it has launched a “cross-border legislative investigation” into Google’s core artificial intelligence (AI) model to determine whether the tech giant followed the region’s data protection rules when handling the personal data of European users. “The statutory inquiry concerns whether Google has fulfilled any obligations it may have had to carry out an assessment under Article 35(2) of the General Data Protection Regulation (Data Protection Impact Assessment) before engaging in the processing of personal data of EU/EEA data subjects related to the development of their foundational…

Read More

September 12, 2024Ravi LakshmananMalware/IoT Security Nearly 1.3 million Android TV boxes running outdated versions of the operating system and owned by users in 197 countries have been infected by a new malware called Vo1d (aka Void). “This is a backdoor that places its components in the system storage and is capable of secretly downloading and installing third-party software at the command of attackers,” Russian anti-virus vendor Doctor Web said. said in a report released today. Most of the infections were found in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria and Indonesia. It is currently unknown what…

Read More

September 12, 2024Ravi LakshmananCryptocurrency / Network Security Selenium Grid instances exposed on the Internet are targeted by attackers for illegal cryptocurrency mining and proxyjacking companies. “Selenium Grid is a server that makes it easy to run tests in parallel across browsers and versions,” Cado Security researchers Tara Gould and Nate Beal said in an analysis published today. “However, Selenium Grid’s default configuration lacks authentication, making it vulnerable to exploits by threats.” The misuse of public Selenium Grid instances to deploy cryptominers was previously reported by cloud security company Wiz in late July 2024 as part of a cluster of activity…

Read More

Iraq’s government networks have been targeted by a “sophisticated” campaign of cyberattacks by an Iranian state-run threat actor known as Oil rig. The attacks targeted Iraqi organizations such as the Prime Minister’s Office and the Ministry of Foreign Affairs, according to a new analysis by cybersecurity firm Check Point. OilRig, also known as APT34, Crambus, Cobalt Gypsy, GreenBug, Hazel Sandstorm (formerly EUROPIUM), and Helix Kitten, is an Iranian cyber group affiliated with Iran’s Ministry of Intelligence and Security (MOIS). Active since at least 2014, the group has a track record of conducting phishing attacks in the Middle East to deliver…

Read More

September 12, 2024Hacker newsThreat Intelligence / Cybercrime Cato CTRL (Cyber ​​​​Threats Research Lab) released its Cato CTRL SASE Threat Report Q2 2024. The report highlights key findings based on an analysis of a staggering 1.38 trillion network flows across more than 2,500 Cato clients worldwide between April and June 2024. Highlights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights based on thorough analysis of network traffic data. Three top ideas for businesses are as follows.1) IntelBroker: A constant threat in the cyber underground During an in-depth investigation of the hacker community and…

Read More

September 12, 2024Ravi LakshmananWeb Security / Content Management WordPress.org has announced a new account security measure that requires accounts with the ability to update plugins and themes to enable mandatory two-factor authentication (2FA). The execution expected to enter into force on 1 October 2024. “Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide,” the developers of the self-hosted, open-source content management system (CMS). said. “The security of these accounts is important to prevent unauthorized access and to maintain the security and trust of the WordPress.org community.” In addition to…

Read More