Author: Admin
October 7, 2024Ravi LakshmananData Privacy / Advertising The European Supreme Court has ruled that Meta Platforms must limit the use of personal data obtained from Facebook to serve targeted ads, even if users consent to the use of their information for advertising purposes. The move could have serious implications for advertising companies. region “A social internet network such as Facebook cannot use all personal data obtained for the purpose of targeted advertising without time limits and without distinction by type of data,” the Court of Justice of the European Union (CJEU) said. said in a ruling on Friday. In other…
October 5, 2024Ravi LakshmananData Privacy / Mobile Security Apple released iOS and iPadOS updates to address two security issues, one of which could allow a user’s passwords to be read aloud. VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, was described as a logic issue in the new Passwords app that affects many iPhones and iPads. Security researcher Bistreet Dah is credited with discovering and reporting the flaw. “User’s saved passwords can be read aloud with VoiceOver,” Apple said in an advisory issued this week, adding that it was addressed with improved verification. The following devices are affected by the…
October 4, 2024Ravi LakshmananPhishing Attack / Cybercrime Microsoft and the US Department of Justice (DoJ) announced Thursday the seizure of 107 Internet domains used by state-sponsored threat actors with ties to Russia to facilitate fraud and abuse in the country. “The Russian government launched this scheme to steal sensitive information from Americans by using seemingly legitimate email accounts to trick victims into revealing credentials.” said Deputy Attorney General Lisa Monaco. The activity was attributed to the actor’s threat under the title COLDRIVERwhich is also known as Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), Dancing Salome, Gossamer Bear, Iron…
October 4, 2024Ravi LakshmananWebsite Security / Vulnerability A serious new security flaw has been discovered in the LiteSpeed Cache plugin for WordPress that could allow attackers to execute arbitrary JavaScript code under certain conditions. Drawback tracked as CVE-2024-47374 (CVSS score: 7.2), was described as a conserved intersite script (XSS) vulnerability that affects all versions of the plugin up to and including 6.5.0.2. This was addressed in version 6.5.1 on September 25, 2024 after responsible disclosure by Patchstack Alliance researcher TaiYou. “This could allow any unauthenticated user to steal sensitive information before, in this case, escalating privileges on a WordPress site…
Cloudflare has revealed that it mitigated a record distributed denial of service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. A web infrastructure and security company said he fended off “more than a hundred hyper-volume L3/4 DDoS attacks for a month, many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (Tbps).” Hyper-volume L3/4 DDoS attacks have been ongoing since early September 2024, the report said, adding that they targeted numerous customers in the financial services, Internet and telecommunications industries. The activity has not been attributed to any specific threat. The…
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risks. It breaks down the complex task of managing security threats into five distinct steps: scoping, detection, prioritization, validation, and mobilization. Each of these steps plays a critical role in identifying, remediating and mitigating vulnerabilities – before attackers can exploit them. on paper CTEM sounds great. But where the rubber meets the road – especially for CTEM newbies – implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice may seem overwhelming at first. However, with the right tools and…
October 3, 2024Ravi LakshmananMobile Security / Technology Google has revealed the various security fences that have been built into its latest Pixel devices to counter the growing threat posed by mainstream security attacks. A cellular baseband (such as a modem) refers to a processor on a device that is responsible for handling all connections, such as LTE, 4G, and 5G, to a mobile cell tower or base station over a radio interface. “This feature inherently involves handling external input that may come from untrusted sources,” said Sherk Chang and Stefan Chen of the Pixel team, as well as Roger Piqueros…
For years, the security of a company’s systems has been synonymous with the security of its “perimeter.” There was what was safe “inside” and a dangerous outside world. We’ve built robust firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls will keep our data and systems safe. The problem is that we no longer operate within the confines of physical premises and controlled networks. Data and applications now reside in distributed cloud environments and data centers that users and devices can access from anywhere on the planet. The walls crumbled and the perimeter dissolved, opening…
October 3, 2024Ravi LakshmananLinux / Malware Linux servers are being targeted by an ongoing campaign that delivers stealthy malware called perfect with the main purpose of launching cryptocurrency miner and hacking software. “Perfctl is particularly elusive and persistent, using several sophisticated techniques,” Aqua security researchers Assaf Morag and Idan Reviva said in a report shared with The Hacker News. “When a new user logs into a server, they immediately stop all ‘noisy’ activity, lying dormant until the server is idle again. Once executed, it deletes the binary and continues to run quietly in the background as a service.” It should…
October 3, 2024Ravi LakshmananCyber espionage / threat intelligence Threat actors linked to North Korea have been spotted delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and possibly other Southeast Asian countries. Activity, duplicate COVERED#SLEEP by Securonix, is considered handiwork APT37who is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima, Ruby Sleet and ScarCruft. Active since at least 2012, the controversial outfit is believed to be part of North Korea’s Ministry of State Security (MSS). Like other North Korea-linked state groups, including the Lazarus Group and Kimsuky, they vary in…