Author: Admin
October 8, 2024Hacker newsMachine Learning / Data Security Introduction Artificial intelligence (AI) fakes and misinformation can cause concern in the tech and investment worlds, but this powerful foundational technology can benefit a variety of organizations if used correctly. In the world of cyber security, one of the most important areas of application of artificial intelligence is to complement and improve identity management systems. AI-powered identity lifecycle management is at the forefront of digital identity and is used to improve security, optimize management and improve the UX of the identity system. Advantages of an ID based on artificial intelligence AI is…
October 8, 2024Hacker newsOnline Security / Payment Fraud Is your store at risk? Learn how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life example here. The invisible threat in online shopping If this is the checkout page and not the checkout page? If it is the “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking fake checkout pages and steal their payment information, so could your store be at risk too? Learn how an innovative web security solution saved one global online retailer…
October 8, 2024Ravi LakshmananCyber threat / APT attack State institutions and industrial enterprises of Russia are the object of permanent activity of the cluster named Wake up there is. “Attackers now prefer to use the agent for the legitimate MeshCentral platform instead of the UltraVNC module that they previously used to gain remote access to systems,” Kaspersky said. saidwhich details the new campaign, which began in June 2024 and lasted until at least August. The Russian cyber security company said the campaign primarily targeted Russian government agencies, their contractors and industrial enterprises. Awaken Likho, also tracked as Core Werewolf and…
October 8, 2024Ravi LakshmananCyber attack / malware A little-known threat actor is tracked as Golden jackal has been linked to a series of cyber attacks targeting embassies and government organizations with the aim of penetrate systems with an air gap using two different custom tool sets. The victims were the embassy of South Asian countries in Belarus and the governmental organization of the European Union (EU), the Slovak cyber security company ESET reported. “GoldenJackal’s ultimate goal appears to be to steal sensitive information, especially from high-profile machines that may not be connected to the Internet,” security researcher Mathias Paroli. noted…
Ukraine has claimed responsibility for a cyber attack targeting the Russian state media company VGTRK and disrupting its operations, according to a report from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK reports confirmeddescribing it as an “unprecedented hacking attack”. However, it said there was no “significant damage” and that everything was operating normally, despite attempts to disrupt radio and television broadcasts. This is reported by the Russian publication Gazeta.ru informed that hackers wiped “everything” from the company’s servers, including backups, citing an anonymous source. A Reuters source reported that “Ukrainian hackers ‘congratulated’ Putin…
October 8, 2024Ravi LakshmananMobile Security / Privacy Qualcomm has released security updates to address nearly two dozen flaws covering proprietary and open-source components, including one that has been widely exploited in the wild. The high severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), was described as user error after release in digital signal processor (DSP) service, which may cause “memory corruption when saving memory cards of HLOS memory”. Qualcomm credits Google Project Zero researcher Seth Jenkins-Google Project Zero and Konghui Wang for reporting the flaw, and Amnesty International Security Lab for confirming the action in the wild. “There are indications…
October 7, 2024Ravi LakshmananCyber Security / Mobile Security Following similar tests in Singapore, Thailand and Brazil, Google announced that it is piloting a new security initiative that automatically blocks side-loading of potentially dangerous Android apps in India. The improved anti-fraud feature aims to keep users safe when they try to install malware from sources other than the Google Play Store, such as web browsers, messaging apps, and file managers. The program that was launched for the first time in Singapore in early February this year has already blocked nearly 900,000 high-risk installations in the Southeast Asian country, the tech giant…
October 7, 2024Ravi LakshmananCyber Security / Weekly Summary Have you ever heard of the “pig killer” scam? Or a DDoS attack so big it could melt your brain? This week’s cybersecurity roundup has it all: government crackdowns, sneaky malware, and even a dash of app store shenanigans. Get your scoop before it’s too late! ⚡ Threat of the week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies has taken action to arrest four people and take down nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation. In tandem, authorities discovered Russian citizen…
October 7, 2024Ravi LakshmananOpen Source Software Security A critical security flaw has been discovered in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow arbitrary code execution on sensitive instances. Drawback tracked as CVE-2024-47561affects all software versions prior to 1.11.4. “Schema analysis in Apache Avro’s Java SDK 1.11.3 and earlier allows malicious actors to execute arbitrary code,” project staff said in an advisory issued last week. “Users are advised to switch to version 1.11.4 or 1.12.0 that fix this issue.” Apache Avro, similar to Google Protocol Buffers (protobuff), is an open source project that provides…
October 7, 2024Ravi LakshmananIoT Security / Botnet Cybersecurity researchers have discovered a new family of botnet malware called Gorilla (aka GorillaBot) that is a leak variant Mirai botnet source code. Cybersecurity firm NSFOCUS, which discovered the activity last month, said botnet “issued more than 300,000 attack commands with shocking attack density” between September 4 and 27, 2024. Each day, at least 20,000 commands designed to carry out distributed denial-of-service (DDoS) attacks come from the botnet. on average. The botnet is said to have targeted more than 100 countries, attacking universities, government websites, telecommunications, banking, gaming and gambling sectors. China, USA,…