Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild – OfficialSarkar

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild – OfficialSarkar

Oct 09, 2024Ravie LakshmananVulnerability / Zero-Day Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday…

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks – OfficialSarkar

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks – OfficialSarkar

Oct 09, 2024Ravie LakshmananEnterprise Security / Identity Theft Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities…

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines – OfficialSarkar

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines – OfficialSarkar

Oct 08, 2024Ravie LakshmananMalware / Cybercrime Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. “These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community,” Morphisec researcher Shmuel Uzan said in a…

Three Critical Ivanti CSA Vulnerabilities Actively Exploited – OfficialSarkar

Three Critical Ivanti CSA Vulnerabilities Actively Exploited – OfficialSarkar

Oct 08, 2024Ravie LakshmananZero-Day / Vulnerability Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation…

The Value of AI-Powered Identity – OfficialSarkar

The Value of AI-Powered Identity – OfficialSarkar

Oct 08, 2024The Hacker NewsMachine Learning / Data Security Introduction Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately. In the world of cybersecurity, one of the most important areas of…

The Evil Twin Checkout Page – OfficialSarkar

The Evil Twin Checkout Page – OfficialSarkar

Oct 08, 2024The Hacker NewsWeb Security / Payment Fraud Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a…

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools – OfficialSarkar

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools – OfficialSarkar

Oct 08, 2024Ravie LakshmananCyber Threat / APT Attack Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. “The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems,” Kaspersky said,…

GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets – OfficialSarkar

GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets – OfficialSarkar

Oct 08, 2024Ravie LakshmananCyber Attack / Malware A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization,…

Pro-Ukrainian Hackers Strike Russian State TV on Putin’s Birthday – OfficialSarkar

Pro-Ukrainian Hackers Strike Russian State TV on Putin’s Birthday – OfficialSarkar

Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an “unprecedented hacker attack.” However, it said “no significant damage” was caused and that…

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits – OfficialSarkar

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits – OfficialSarkar

Oct 08, 2024Ravie LakshmananMobile Security / Privacy Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal…