Category: Uncategorized
-

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks [email protected] (The Hacker News)
A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has Read More
-

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud [email protected] (The Hacker News)
Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that’s behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. “Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate,” the company said in its latest Cyber Signals report. “We’ve seen some examples whereRead More
-

Report: The Dark Side of Phishing Protection [email protected] (The Hacker News)
The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them – through email protection, firewall rules and employee education – phishing attacks are still a very risky attack vector. A new report by LayerX explores the state…
-

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI [email protected] (The Hacker News)
Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users’ credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle (AitM) phishing, “uses Cloudflare Workers to act as a reverse proxy server for aRead More
-

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets [email protected] (The Hacker News)
The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. “This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist,” the BlackBerry Research and Intelligence Team said in a technical reportRead More
-

Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data [email protected] (The Hacker News)
Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate’s platform customers,”Read More
-
Attempts to Regulate AI’s Hidden Hand in Americans’ Lives Flounder in US Statehouses Associated Press
Only one of seven bills aimed at preventing AI’s penchant to discriminate when making consequential decisions — including who gets hired, money for a home or medical care — has passed. The post Attempts to Regulate AI’s Hidden Hand in Americans’ Lives Flounder in US Statehouses appeared first on SecurityWeek. Read More
-

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack [email protected] (The Hacker News)
The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. “The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access,” MITRERead…
-

Fake Antivirus Websites Deliver Malware to Android and Windows Devices [email protected] (The Hacker News)
Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. “Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devicesRead More
-
JAVS Courtroom Audio-Visual Software Installer Serves Backdoor Ionut Arghire
Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover. The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek. Read More
