Author: Admin
November 5, 2024Ravi LakshmananMobile Security / Cyber Attack More than 1,500 Android devices have been infected with a new strain of Android banking malware called ToxicPanda, which allows threat actors to conduct fraudulent banking transactions. “ToxicPanda’s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called device fraud (ODF),” Cleafy researchers Michele Raviello, Alessandro Strina and Federico Valentini said in Monday’s analysis. “It aims to bypass banking countermeasures used to enforce identity verification and user authentication, combined with behavioral detection techniques used by banks to detect suspicious money transfers.” ToxicPanda is…
AI detects vulnerabilities I was write about the ability for artificial intelligence to automatically detect code vulnerabilities since at least 2018. This is an ongoing area of research: AI scanning source code, AI finding zero days in the wild, and everything in between. AI isn’t very good at this yet, but it’s getting better. Here are some anecdotal information from this summer: From July 2024, ZeroPath takes a new approach, combining deep program analysis with competitive AI agents for verification. Our methodology identified many critical vulnerabilities in production systems, including several that traditional static application security testing (SAST) tools were…
Zero Trust security changes the way organizations handle security by eliminating conditional trust with continuous analysis and validation of access requests. Unlike perimeter-based security, users in an environment are not automatically trusted after gaining access. Zero Trust security encourages continuous monitoring of each device and user, providing persistent protection after successful user authentication. Why companies use Zero Trust security Companies use Zero Trust security to protect against sophisticated and increasingly sophisticated cyber threats. This addresses the limitations of traditional perimeter-based security models, which include a lack of east-west traffic security, implicit insider trust, and a lack of visibility. Traditional Security…
November 5, 2024Ravi LakshmananVulnerability / Data Security Taiwanese network attached storage (NAS) manufacturer Synology has fixed a critical security flaw that affects DiskStation and BeePhotos and could lead to remote code execution. Tracked as CVE-2024-10443 and duplicated RISK: STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking competition by security researcher Rick de Jager. RISK:STATION is “an unauthenticated zero-click vulnerability that allows attackers to gain root-level code execution on popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices,” a Dutch company said. The zero-click nature of the vulnerability means that it does…
November 5, 2024Ravi LakshmananData Leak / Cybercrime Canadian law enforcement agencies arrested a person suspected of committing a a series of hacks in the wake of the Snowflake cloud storage platform breach earlier this year. The individual in question, Alexander “Conor” Movka (aka Judische and Waifu), was detained on October 30, 2024, on a preliminary arrest warrant requested by the US There was development reported for the first time Bloomberg and confirmed 404 mass media. The exact nature of the charges against Movka is still unknown. In June 2024 Snow White opened that a “limited number” of his customers were…
November 5, 2024Ravi LakshmananMalware / Blockchain An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to force them to run cross-platform malware. According to independent findings, the attack is characterized by the use of Ethereum smart contracts to distribute the addresses of command and control (C2) servers. Checkmarx, Typeand Socket published in the last few days. This activity was first noted on October 31, 2024, although it is said to have occurred at least a week ago. At least 287 typosquat packages have been published in the npm package registry.…
November 5, 2024Ravi LakshmananMobile Security / Vulnerability Google warns that a security flaw affecting its Android operating system is being exploited in the wild. The vulnerability, tracked as CVE-2024-43093, was described as a privilege escalation flaw in the Android Framework component that could lead to unauthorized access to the “Android/data”, “Android/obb”, and “Android/sandbox” directories. and its subdirectories, according to a code commit message. There are currently no details on how this vulnerability is used in actual attacks, but Google admitted in its monthly newsletter that there are indications that it “may be under limited, targeted exploitation”. The tech giant also…
November 4, 2024Ravi LakshmananVulnerability / Cyber threat Cybersecurity researchers discovered six security flaws in Ollama’s artificial intelligence (AI) framework that could be exploited by an attacker to perform a variety of actions, including denial of service, model poisoning, and model theft. “Combined, these vulnerabilities could allow an attacker to perform a wide variety of malicious activities with a single HTTP request, including Denial of Service (DoS) attacks, model poisoning, model theft, and more,” Avi, researcher at Oligo Security. Lumelsky said in a report published last week. Ollama is an open source program that allows users to locally deploy and manage…
November 4, 2024Ravi LakshmananArtificial Intelligence / Vulnerability Google said it discovered a zero-day vulnerability in the open-source SQLite database engine using a Large Language Model (LLM)-enabled framework called Big dream (formerly Project Naptime). The tech giant described the development as the “first real-world vulnerability” discovered using an artificial intelligence (AI) agent. “We believe this is the first public example of an AI agent detecting a previously unknown memory security issue in widely used real-world software,” Big Sleep Team said in a blog post shared with The Hacker News. The vulnerability it’s about stack buffer underfilling in SQLite, which happens when…
November 4, 2024Mohit KumarDDoS attack / Cybercrime German law enforcement announced a flaw in a criminal service called dstat(.)cc that allowed other threat actors to easily mount distributed denial-of-service (DDoS) attacks. “The platform has made such DDoS attacks accessible to a wide range of users, even those without deep technical skills of their own,” notes the Federal Criminal Police Office (aka Bundeskriminalamt or BKA). said. “In the context of police investigations, the use of stressor services to carry out DDoS attacks has recently become increasingly known.” The BKA described dstat(.)cc as a platform that offers recommendations and assessments of stress…