Author: Admin
November 14, 2024Ravi LakshmananArtificial Intelligence / Cryptocurrency Google has discovered that attackers are using techniques such as landing page cloaking to spoof, pretending to be legitimate sites. “Masking is specifically designed to prevent systems and moderation teams from viewing content that violates policy, allowing them to deploy scams directly to users,” Laurie Richardson, vice president and head of trust and security at Google. said. “Landing pages often mimic well-known sites and create a sense of need to manipulate users into purchasing fake or unreal products.” Masking refers to practice providing various content to search engines such as Google and users…
November 14, 2024Hacker newsData Privacy/Compliance Advertising on TikTok is an obvious choice for any company trying to reach a younger market, especially if it’s a travel company: 44% of Gen Z Americans say they use the platform to plan vacations. But one online travel site targeting young vacationers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured the TikTok pixel on one of its regional sites. Intriguing a new case study shows how the cybersecurity company that discovered the problem prevented a data breach from turning into a costly flood. For a complete case…
November 14, 2024Ravi LakshmananCryptojacking / Threat Intelligence Threat actors have been found to be using a new technique that abuses macOS extended file attributes to smuggle a new malware called RustyAttr. A Singaporean cyber security company has attributed to new activity with moderate credibility for the notorious North Korea-linked Lazarus Group, citing infrastructural and tactical overlaps seen with previous campaigns, including RustBucket. Extended attributes refer to additional metadata associated with files and directories that can be extracted using a special command called xattr. They are often used to store information beyond standard attributes such as file size, timestamps, and permissions.…
November 14, 2024Ravi LakshmananMalware / Vulnerability A recently patched security flaw affecting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russian-linked actor in cyberattacks against Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), is an NTLM hash disclosure spoofing vulnerability that can be exploited to steal a user’s NTLMv2 hash. It was patched up from Microsoft earlier this week. “Minimal user interaction with a malicious file, such as selecting (single-click), inspecting (right-clicking), or performing actions other than opening or executing, could trigger this vulnerability,” Microsoft said in its advisory. Israeli cybersecurity firm ClearSky, which…
November 13, 2024Ravi LakshmananThreat Intelligence / Cyber Espionage A threat entity linked to Hamas has expanded its malicious cyber operations beyond espionage to launch subversive attacks exclusively targeting Israeli organizations. The activity associated with the group named THE MASTERSalso targeting the Palestinian Authority, Jordan, Iraq, Saudi Arabia and Egypt, according to the Check Point analysis. “The (Israel-Hamas) conflict has not disrupted WIRTE’s operations, and they continue to use recent developments in the region in their espionage operations,” the company said in a statement. said. “In addition to espionage, the threat actor has recently engaged in at least two waves of…
Romanian cybersecurity firm Bitdefender has released a free decryptor to help victims recover data encrypted by the ShrinkLocker ransomware. The decoder is the result of a comprehensive analysis of ShrinkLocker’s inner workings, allowing researchers to discover “a specific window of opportunity to recover data immediately after the protectors are removed from BitLocker-encrypted drives.” ShrinkLocker was first documented in May 2024 Kaspersky discovered that the malware was using Microsoft’s proprietary BitLocker utility to encrypt files as part of ransomware attacks targeting Mexico, Indonesia and Jordan. Bitdefender, which investigated the ShrinkLocker incident targeting an unnamed healthcare company in the Middle East, said…
November 13, 2024Hacker newsBrowser Security / SaaS Security The rise of SaaS and cloud-based work environments has significantly changed the cyber risk landscape. With more than 90% of organizational network traffic passing through browsers and web applications, companies are facing serious new cybersecurity threats. This includes phishing attacks, data leaks, and malicious extensions. As a result, the browser also becomes a vulnerability that needs to be protected. LayerX has released a comprehensive guide titled “Start your browser’s security program” This detailed guide serves as a road map for CISOs and security teams looking to secure their organization’s browser operations; including…
November 13, 2024Ravi LakshmananCloud Security / Vulnerability A security analysis of cloud platform OvrC found 10 vulnerabilities that could be linked to allow potential attackers to remotely execute code on connected devices. “Attackers who successfully exploit these vulnerabilities could gain access, control, and compromise OvrC-enabled devices; some of which include smart power supplies, cameras, routers, home automation systems, and more,” Uri Katz, researcher at Claroty. said in the technical report. Snap One’s OvrC, pronounced “oversee,” is touted as a “revolutionary support platform” that allows homeowners and businesses to remotely manage, configure, and troubleshoot IoT devices on their network. According to…
November 13, 2024Ravi LakshmananCyber espionage / malware An Iranian threat actor known as TA455 has been spotted taking a leaf out of a North Korean hacking group’s playbook to set up its own version “Dream Job” company. targeting the aerospace industry, offering fake jobs from at least September 2023. “The company distributed the SnailResin malware, which activates the SlugResin backdoor,” Israeli cybersecurity firm ClearSky said. said in Tuesday’s analysis. TA455, also tracked by Mandiant as, owned by Google UNC1549 and Yellow Dev 13, rated as a subcluster within APT35which is known as CALANQUE, Charming Kitten, CharmingCypress, ITG18, Mint Sandstorm (formerly…
November 13, 2024Ravi LakshmananVulnerability / Patch Tuesday Microsoft revealed on Tuesday that two security flaws affect Windows NT LAN Manager (NTLM) and Task Scheduler are heavily exploited in the wild. Among the security vulnerabilities 90 security errors the tech giant addressed this as part of its November 2024 Patch Tuesday update. Of the 90 flaws, four were rated Critical, 85 were rated Important, and one was rated Moderate. Fifty-two of the patched vulnerabilities are remote code execution flaws. Corrections in addition to 31 vulnerability Microsoft fixed the issue in its Chromium-based Edge browser after releasing the October 2024 Patch Tuesday…