Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages – OfficialSarkar

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages – OfficialSarkar

Nov 05, 2024Ravie LakshmananMalware / Blockchain An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and…

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System – OfficialSarkar

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System – OfficialSarkar

Nov 05, 2024Ravie LakshmananMobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and…

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine – OfficialSarkar

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine – OfficialSarkar

Nov 04, 2024Ravie LakshmananArtificial Intelligence / Vulnerability Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the “first real-world vulnerability” uncovered using the artificial intelligence (AI) agent. “We believe this…

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning – OfficialSarkar

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning – OfficialSarkar

Nov 04, 2024Ravie LakshmananVulnerability / Cyber Threat Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. “Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions…

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – OfficialSarkar

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – OfficialSarkar

Nov 04, 2024The Hacker NewsWeekly Recap / Cybersecurity This week was a total digital dumpster fire! Hackers were like, “Let’s cause some chaos!” and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We’re talking password-stealing bots, sneaky extensions that…

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested – OfficialSarkar

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested – OfficialSarkar

Nov 04, 2024Mohit KumarDDoS Attack / Cybercrime German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. “The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical…

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It) – OfficialSarkar

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It) – OfficialSarkar

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s six-month analysis…

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls – OfficialSarkar

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls – OfficialSarkar

Nov 04, 2024Ravie LakshmananMobile Security / Financial Fraud Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information. “FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of…

AI, Fake Hosting, and Psychological Warfare – OfficialSarkar

AI, Fake Hosting, and Psychological Warfare – OfficialSarkar

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel’s participation in the sporting event. The activity has been pinned on an entity that’s known as Emennet Pasargad, which the agencies…

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups – OfficialSarkar

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups – OfficialSarkar

Nov 01, 2024The Hacker NewsSaaS Security / Insider Threat With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams….