Author: Admin
October 1, 2024Hacker newsGenerative artificial intelligence / Data protection Since its inception, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more efficient software development, financial analysis, business planning and customer engagement. However, such agility in business is associated with significant risks, in particular with the possibility of leakage of confidential data. As organizations try to balance productivity gains with security concerns, many are forced to choose between the unrestricted use of GenAI and its complete ban. A new LayerX e-guide titled 5 effective measures to prevent data leakage through generative artificial intelligence tools designed to help organizations…
In the past year, more than 140,000 phishing sites linked to a phishing-as-a-service (PhaaS) platform called Sniper Dz have been discovered, indicating that it is being used by a large number of cybercriminals to steal credentials. “For would-be phishers, Sniper Dz offers an online admin panel with a directory of phishing pages,” Palo Alto Networks Unit 42 researchers Shehroz Faruqi, Howard Tong, and Alex Starov said in the technical report. “Phishers can either host these phishing pages on infrastructure owned by Sniper Dz or download Sniper Dz phishing templates to host on their own servers.” Perhaps even more profitable is…
Cybersecurity researchers have discovered a new hacking campaign targeting the Docker Engine API to co-opt instances to join a malicious Docker Swarm controlled by a threat actor. This allowed attackers to “exploit Docker Swarm’s orchestration features for command and control (C2) purposes,” Datadog researchers Matt Muir and Andy Gearon said in the analysis. Levers of attack Docker for initial access to deploy a cryptocurrency miner on the cracked containers, and to obtain and execute additional payloads responsible for doing lateral push to linked hosts running Docker, Kubernetes, or SSH. In particular, this involves identifying unauthenticated and exposed Docker API endpoints…
October 1, 2024Ravi LakshmananCorporate Security / Financial Fraud The US Department of Justice (DoJ) has charged a 39-year-old British national with running a trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook, of London, was arrested last week and is expected to be extradited to the U.S. to face charges of securities fraud, wire fraud and five counts of computer fraud. According to court documents, Westbrook allegedly ran a fraudulent scheme between January 2019 and May 2020 that allowed him to gain millions by gaining unauthorized access to Microsoft 365 accounts belonging to corporate executives.…
September 30, 2024Ravi LakshmananCyber Security / Weekly Summary Hold on to your hats folks, because the world of cyber security is far from quiet! We dodged a bullet last week when we discovered vulnerabilities in CUPS that could open the door to remote attacks. Google’s move to Rust is yielding big results by addressing memory-related vulnerabilities in Android. But it wasn’t all good news – Kaspersky’s forced exit from the US market left users with more questions than answers. And don’t even get me started on the Kia cars that could be stolen with just a license plate! Let’s unpack…
Six different automatic capacitance sensor (ATG) systems from five manufacturers were found to have critical security vulnerabilities that could expose them to remote attacks. “These vulnerabilities pose a significant real-world risk as they can be exploited by attackers to cause widespread damage, including physical damage, environmental hazards, and economic losses,” Bitsight researcher Pedro Umbelino said in a report published last week. To make matters worse, the analysis found that thousands of ATGs are exposed to the Internet, making them a lucrative target for attackers looking to launch disruptive and disruptive attacks on gas stations, hospitals, airports, military bases and other…
September 30, 2024Ravi LakshmananGDPR / data privacy Ireland’s Data Protection Commission (DPC) fined Meta €91 million ($101.56 million) as part of an investigation into a security breach in March 2019, when the company revealed it had mistakenly stored user passwords in clear text on its systems. investigation, DPC is started next month found that the social media giant violated four different articles of the European Union’s General Data Protection Regulation (GDPR). To that end, the DPC accused Meta of failing to notify the DPC of the data breach in a timely manner, to document the breach of personal data relating…
September 28, 2024Ravi LakshmananCryptocurrency / Mobile Security Cybersecurity researchers discovered a malicious Android app in the Google Play Store that allowed threat actors to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The malicious program identified by Check Point appeared to be legitimate WalletConnect open source protocol to force unsuspecting users to download it. “Fake reviews and consistent branding have helped the app get over 10,000 downloads, ranking high in search results,” the cybersecurity firm said. said in the analysis, adding that this is the first time a cryptocurrency drain program has targeted mobile…
The US federal prosecutor’s office on Friday dropped criminal charges against three Iranian citizens who are believed to be working with the Islamic Revolutionary Guard Corps (IRGC) to target current and former officials in order to steal sensitive data. The Department of Justice (DoJ) charged 36-year-old Masoud Jalili, 34-year-old Seyed Ali Aghamiri, and 37-year-old Yasser (Yasser) Balaghi in a conspiracy with other known and unknown figures undermine the US electoral process. Supposedly they have hacked in accounts current and former US officials, members of the media, non-governmental organizations and individuals associated with political campaigns in the US. None of the…
September 27, 2024Ravi LakshmananSoftware Security / Vulnerability Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. Problems, company saidwere resolved in version 24.0.1, released on September 20, 2024. The company has not yet released any details about the flaws, other than listing their CVE IDs – CVE-2024-46905 (CVSS score: 8.8) CVE-2024-46906 (CVSS score: 8.8) CVE-2024-46907 (CVSS score: 8.8) CVE-2024-46908 (CVSS score: 8.8) CVE-2024-46909 (CVSS score: 9.8) and CVE-2024-8785 (CVSS score: 9.8) Security researcher Sina Heirkach of the Summoning Team is credited with discovering and reporting the first four flaws.…