Author: Admin
September 4, 2024Hacker newsSaaS Security / Browser Security Account hijacking attacks have become one of the most persistent and damaging threats to SaaS cloud environments. However, despite significant investment in traditional security measures, many organizations continue to struggle to prevent these attacks. A new report, “Why account hijacking attacks still succeed and why your browser is your secret weapon for stopping them” states that the browser is the primary battleground where account hijacking attacks are deployed and therefore where they must be neutralized. The report also provides effective recommendations to reduce the risk of account hijacking. Below are some of…
September 4, 2024Ravi LakshmananGDPR / Privacy The Dutch Data Protection Authority (DPA) has fined facial recognition firm Clearview AI €30.5 million ($33.7 million) for violating the General Data Protection Regulation (GDPR) in the European Union (EU) by creating “illegal database”. with billions of photos of faces,” including citizens of the Netherlands. “Facial recognition is a very intrusive technology that you can’t just apply to anyone in the world,” Dutch DPA chairman Aleid Wolfsen said in a statement to the press. “If there is a picture of you on the Internet – doesn’t that concern all of us? – then you…
September 4, 2024Ravi LakshmananMalware / Network Security A new malware campaign is spoofing Palo Alto Networks’ GlobalProtect VPN software to deliver a variant of WikiLoader (aka WailingCrab) using a search engine optimization (SEO) campaign. The malware observed in June 2024 is a departure from previously observed tactics where malware was distributed via traditional phishing emails, Unit 42 researchers Mark Lim and Tom Marsden note said. WikiLoader, documented for the first time Proofpoint in August 2023 was attributed to a threat known as TA544 with email attacks using the Danabot and Ursnif malware to deploy. Then in April of this year,…
September 3, 2024Ravi LakshmananEndpoint Security / Malware Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that bears similarities to the now-defunct Black Cat (aka ALPHV) operation. “The Cicada3301 ransomware appears to primarily target small and medium-sized businesses (SMBs), likely through opportunistic attacks that use vulnerabilities as an initial access vector,” cybersecurity firm Morphisec said. said in a technical report shared with The Hacker News. Written in Rust and able to target both Windows and Linux/ESXi hosts, Cicada3301 first appeared in June 2024 inviting potential partners to join their ransomware-as-a-service (RaaS) platform through an advertisement…
September 3, 2024Ravi LakshmananRansomware/Malware A hacktivist group known as Mare’s head was linked to cyber attacks aimed exclusively at organizations located in Russia and Belarus. “Head Mare uses more advanced methods to gain initial access,” Kaspersky said in an analysis of the group’s tactics and tools on Monday. “For example, attackers took advantage of a relatively recent one CVE-2023-38831 a vulnerability in WinRAR that allows an attacker to execute arbitrary code on the system via a specially crafted archive. This approach allows the group to more efficiently deliver and mask malicious payloads.” Head Mare, which has been active since 2023,…
Mobile users in Brazil are being targeted by a new malware campaign that is delivering a new Android banking trojan called Rocinante. “This malware family is able to perform keylogging using the Accessibility Service and can also steal identifying information from its victims using phishing screens, impersonating various banks,” Dutch security firm ThreatFabric said. said. “Finally, it can use all of this filtered information to perform Device Control (DTO) by using Accessibility Service privileges to achieve full remote access to the infected device.” Some of the known malware targets include financial institutions such as Itaú Shop, Santander, with fake programs…
In the digital realm, secrets (API keys, private keys, username/password combinations, etc.) are the keys to the kingdom. But what if those keys were accidentally left exposed in the very tools we use to collaborate every day? A single secret can wreak havoc Imagine this: it’s an ordinary Tuesday in June 2024. Your development team is knee-deep in sprints, Jira tickets are flying, and Slack is buzzing with the usual mix of cat memes and code snippets. What you don’t know is that there’s a ticking time bomb hidden in all this digital chatter – a public account that gives…
Eight vulnerabilities have been discovered in Microsoft’s macOS apps that an attacker could exploit to gain elevated privileges or gain access to sensitive data by circumventing the operating system’s permission-based model, which revolves around transparency, consent and control (TCC) framework. “If successful, the adversary could gain any privileges already granted to the affected Microsoft application,” Cisco Talos said. said. “For example, an attacker can send emails from a user’s account without the user noticing, record audio clips, take photos, or record videos without any interaction with the user.” The vulnerabilities cover various programs such as Outlook, Teams, Word, Excel, PowerPoint,…
September 3, 2024Ravi LakshmananInsider Threat / Network Security A 57-year-old man from the US state of Missouri was arrested in connection with a failed data extortion campaign targeting his former employer. Daniel Rhine, of Kansas City, Missouri, was charged with one count of extortion for threatening to damage a protected computer, one count of willful damage to a protected computer and one count of wire fraud. He was arrested in the state on August 27, 2024, after attempting to extort an unnamed industrial company headquartered in Somerset County, New Jersey, where he worked as a major infrastructure engineer. According to…
Threat actors associated with RansomHub The ransomware group has encrypted and stolen data from at least 210 victims since its inception in February 2024, the US government said. Victims span a variety of sectors, including water and sanitation, information technology, government services and facilities, health and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation and communications. . “RansomHub is a Ransomware-as-a-Service variant formerly known as Cyclops and Knight that has proven to be an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV).” government institutions…