Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection – OfficialSarkar

Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection – OfficialSarkar

Oct 07, 2024Ravie LakshmananCybersecurity / Mobile Security Google has announced that it’s piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources…

THN Cybersecurity Recap: Top Threats and Trends (Sep 30 – OfficialSarkar

Oct 07, 2024Ravie LakshmananCybersecurity / Weekly Recap Ever heard of a “pig butchering” scam? Or a DDoS attack so big it could melt your brain? This week’s cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it’s too late! ⚡ Threat of…

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries – OfficialSarkar

Oct 07, 2024Ravie LakshmananIoT Security / Botnet Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet “issued over 300,000 attack commands, with a shocking attack density” between September…

Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually – OfficialSarkar

Organizations are losing between $94 – $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events…

Webinar on MFA, Passwords, and the Shift to Passwordless – OfficialSarkar

Oct 07, 2024The Hacker NewsPassword Security / Data Security The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant…

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications – OfficialSarkar

Oct 07, 2024Ravie LakshmananOpen Source / Software Security A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. “Schema parsing in…

E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads – OfficialSarkar

Oct 07, 2024Ravie LakshmananData Privacy / Advertising Europe’s top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region….

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability – OfficialSarkar

Oct 05, 2024Ravie LakshmananData Privacy / Mobile Security Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords…

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown – OfficialSarkar

Oct 04, 2024Ravie LakshmananPhishing Attack / Cybercrime Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly…

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks – OfficialSarkar

Oct 04, 2024Ravie LakshmananWebsite Security / Vulnerability A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all…