Aug 10, 2024Ravie LakshmananBrowser Security / Online Fraud An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more … [Read more...] about New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
data breach
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
Aug 09, 2024Ravie LakshmananVulnerability / Network Security Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in … [Read more...] about Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
University Professors Targeted by North Korean Cyber Espionage Group
Aug 08, 2024Ravie LakshmananCyber Attack / Cyber Espionage The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error … [Read more...] about University Professors Targeted by North Korean Cyber Espionage Group
New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
Aug 07, 2024Ravie LakshmananLinux / Vulnerability Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. "Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably," a … [Read more...] about New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore
Aug 06, 2024Ravie LakshmananEmail Security / Financial Fraud INTERPOL said it devised a "global stop-payment mechanism" that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam. The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. It refers to a type of … [Read more...] about INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
Aug 05, 2024Ravie LakshmananThreat Intelligence / Vulnerability Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in … [Read more...] about Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
DOJ and FTC Sue TikTok for Violating Children’s Privacy Laws
Aug 03, 2024Ravie LakshmananPrivacy / Data Protection The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for "flagrantly violating" children's privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share … [Read more...] about DOJ and FTC Sue TikTok for Violating Children’s Privacy Laws
Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool
Aug 03, 2024Ravie LakshmananDDoS Attack / Server Security Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS … [Read more...] about Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool
APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack
Aug 02, 2024Ravie LakshmananCyber Espionage / Malware A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and … [Read more...] about APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack
Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique
Aug 01, 2024Ravie LakshmananVulnerability / Threat Intelligence Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, … [Read more...] about Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique