Author: Admin
September 12, 2024Ravi LakshmananRegulatory Compliance / Data Protection Ireland’s Data Protection Commission (DPC) has announced it has launched a “cross-border legislative investigation” into Google’s core artificial intelligence (AI) model to determine whether the tech giant followed the region’s data protection rules when handling the personal data of European users. “The statutory inquiry concerns whether Google has fulfilled any obligations it may have had to carry out an assessment under Article 35(2) of the General Data Protection Regulation (Data Protection Impact Assessment) before engaging in the processing of personal data of EU/EEA data subjects related to the development of their foundational…
September 12, 2024Ravi LakshmananMalware/IoT Security Nearly 1.3 million Android TV boxes running outdated versions of the operating system and owned by users in 197 countries have been infected by a new malware called Vo1d (aka Void). “This is a backdoor that places its components in the system storage and is capable of secretly downloading and installing third-party software at the command of attackers,” Russian anti-virus vendor Doctor Web said. said in a report released today. Most of the infections were found in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria and Indonesia. It is currently unknown what…
September 12, 2024Ravi LakshmananCryptocurrency / Network Security Selenium Grid instances exposed on the Internet are targeted by attackers for illegal cryptocurrency mining and proxyjacking companies. “Selenium Grid is a server that makes it easy to run tests in parallel across browsers and versions,” Cado Security researchers Tara Gould and Nate Beal said in an analysis published today. “However, Selenium Grid’s default configuration lacks authentication, making it vulnerable to exploits by threats.” The misuse of public Selenium Grid instances to deploy cryptominers was previously reported by cloud security company Wiz in late July 2024 as part of a cluster of activity…
Iraq’s government networks have been targeted by a “sophisticated” campaign of cyberattacks by an Iranian state-run threat actor known as Oil rig. The attacks targeted Iraqi organizations such as the Prime Minister’s Office and the Ministry of Foreign Affairs, according to a new analysis by cybersecurity firm Check Point. OilRig, also known as APT34, Crambus, Cobalt Gypsy, GreenBug, Hazel Sandstorm (formerly EUROPIUM), and Helix Kitten, is an Iranian cyber group affiliated with Iran’s Ministry of Intelligence and Security (MOIS). Active since at least 2014, the group has a track record of conducting phishing attacks in the Middle East to deliver…
September 12, 2024Hacker newsThreat Intelligence / Cybercrime Cato CTRL (Cyber Threats Research Lab) released its Cato CTRL SASE Threat Report Q2 2024. The report highlights key findings based on an analysis of a staggering 1.38 trillion network flows across more than 2,500 Cato clients worldwide between April and June 2024. Highlights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights based on thorough analysis of network traffic data. Three top ideas for businesses are as follows.1) IntelBroker: A constant threat in the cyber underground During an in-depth investigation of the hacker community and…
September 12, 2024Ravi LakshmananWeb Security / Content Management WordPress.org has announced a new account security measure that requires accounts with the ability to update plugins and themes to enable mandatory two-factor authentication (2FA). The execution expected to enter into force on 1 October 2024. “Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide,” the developers of the self-hosted, open-source content management system (CMS). said. “The security of these accounts is important to prevent unauthorized access and to maintain the security and trust of the WordPress.org community.” In addition to…
September 11, 2024Ravi LakshmananNetwork Security / Hacking The operators of the mysterious Quad7 botnet thrive by hacking several brands of SOHO routers and VPN devices using a combination of known and unknown security flaws. According to a new report from French cybersecurity company Sekoia, devices from TP-LINK, Zyxel, Asus, Axentra, D-Link and NETGEAR are the targets. “Quad7 botnet operators appear to be evolving their toolkit by introducing new backdoors and exploring new protocols to improve stealth and evade the tracking capabilities of their Operational Relay Blocks (ORBs),” researchers Felix Hame, Pierre-Antoine D. . , and Charles M. said. Quad7, also…
The “Simplified Chinese-speaking actor” has been linked to a new company targeting several countries in Asia and Europe with the ultimate goal of performing search engine optimization (SEO) with a ranking. The black hat SEO cluster has been codenamed DragonRank from Cisco Talos, with a victimological trail scattered across Thailand, India, Korea, Belgium, the Netherlands and China. “DragonRank uses the target’s web application services to deploy a web shell and uses it to collect system information and launch malware such as PlugX and BadIIS, which work with various credential harvesting utilities,” security researcher Joey Chen said. The attacks led to…
September 11, 2024Ravi LakshmananCybercrime / Hacking The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean for their alleged involvement in illegal cyber activities in the country. This happened after a group of about 160 law enforcement officers conducted a series of simultaneous raids in several locations on September 9, 2024. The six men, aged between 32 and 42, are suspected of being linked to a “global syndicate” that conducts malicious cyber activities. During the operation, electronic devices and cash were confiscated. Those arrested include a 42-year-old Chinese national from Bidadari Park Drive, who…
Imagine a world where you never have to remember another password. Sounds like a dream come true for both end users and IT teams, right? But as the old saying goes, “If it sounds too good to be true, it probably is.” If your organization is like many others, you may be planning to switch to passwordless authentication. But the reality is that the passwordless security approach has its own merits Source link