Author: nlqip
Oct 08, 2024The Hacker NewsWeb Security / Payment Fraud Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a…
Read More
Oct 08, 2024Ravie LakshmananCyber Threat / APT Attack Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. “The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems,” Kaspersky said,…
Read More
ESET researchers discovered a series of attacks on a governmental organization in Europe using tools capable of targeting air-gapped systems. The campaign, which we attribute to GoldenJackal, a cyberespionage APT group that targets government and diplomatic entities, took place from May 2022 to March 2024. By analyzing the toolset deployed by the group, we were…
Read More
Oct 08, 2024Ravie LakshmananCyber Attack / Malware A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization,…
Read More
Microsoft Edge Canary has been updated with an interesting feature called Copilot Vision, but it’s still in testing. The current implementation of Copilot in Microsoft Edge is quite helpful as it allows you to quickly send content to the Copilot sidebar, but it still has certain limitations. For example, it’s not good at understanding what…
Read More
Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an “unprecedented hacker attack.” However, it said “no significant damage” was caused and that…
Read More
Oct 08, 2024Ravie LakshmananMobile Security / Privacy Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal…
Read More
MoneyGram has confirmed that hackers stole customers’ personal information and transaction data in a September cyberattack that caused a five-day outage. The company first detected the attack on September 27th, causing it to shut down IT systems, preventing MoneyGram customers from accessing or transferring money to other users. In a new data breach notification published…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-110 DATE(S) ISSUED: 10/07/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of…
Read More
Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs over 14,000 people and has…
Read More