Category: Uncategorized
-
FIDO unveils new specifications to transfer passkeys
Post ContentRead More
-

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns [email protected] (The Hacker News)
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device’s unlock pattern or PIN. “This new addition enables the threat actor to operate on the device even while it is locked,” Zimperium security researcher Aazim Yaswant said in an analysis published last week. First…
-

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT [email protected] (The Hacker News)
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload. “DarkVision RAT communicates with its command-and-control (C2) server using a custom…
-

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists [email protected] (The Hacker News)
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is “installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs,” a security…
-

The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short [email protected] (The Hacker News)
In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented,…
-

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns [email protected] (The Hacker News)
China’s National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies,…
-

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates [email protected] (The Hacker News)
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma. Hijack Loader, also known as DOILoader, IDAT Loader,…
-

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites [email protected] (The Hacker News)
The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic…
-

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration [email protected] (The Hacker News)
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt…
-

5 Steps to Boost Detection and Response in a Multi-Layered Cloud [email protected] (The Hacker News)
The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on “shift-left” practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanningRead More
