Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk – OfficialSarkar

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk – OfficialSarkar

Aug 16, 2024Ravie LakshmananMobile Security / Software Security A large percentage of Google’s own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called “Showcase.apk” that comes with excessive…

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software – OfficialSarkar

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software – OfficialSarkar

Aug 15, 2024Ravie LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. “SolarWinds Web Help Desk was found…

Russian-Linked Hackers Target Eastern European NGOs and Media – OfficialSarkar

Russian-Linked Hackers Target Eastern European NGOs and Media – OfficialSarkar

Aug 15, 2024Ravie LakshmananCyber Attack / Social Engineering Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of…

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks – OfficialSarkar

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks – OfficialSarkar

Aug 15, 2024Ravie LakshmananRansomware / Cybercrime A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by…

Identity Threat Detection and Response Solution Guide – OfficialSarkar

Identity Threat Detection and Response Solution Guide – OfficialSarkar

Aug 15, 2024The Hacker NewsIdentity Security / Threat Detection The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS…

New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data – OfficialSarkar

New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data – OfficialSarkar

Aug 15, 2024Ravie LakshmananCyber Espionage / Data Theft A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data. The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is…

GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover – OfficialSarkar

GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover – OfficialSarkar

Aug 15, 2024Ravie LakshmananCloud Security / DevOps A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations’ cloud environments. “A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them…

New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining – OfficialSarkar

New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining – OfficialSarkar

Aug 15, 2024Ravie LakshmananNetwork Security / Cybercrime Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that’s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the “IoT botnet is targeting more robust servers running on cloud native environments,” Aqua Security…

Black Basta-Linked Attackers Target Users with SystemBC Malware – OfficialSarkar

Black Basta-Linked Attackers Target Users with SystemBC Malware – OfficialSarkar

Aug 14, 2024Ravie LakshmananMalware / Network Security An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to “multiple intrusion attempts” with the goal of conducting credential theft and deploying a malware dropper called SystemBC. “The initial lure being utilized by the threat actors remains the same: an…

How to Augment Your Password Security with EASM – OfficialSarkar

How to Augment Your Password Security with EASM – OfficialSarkar

Aug 14, 2024The Hacker NewsPassword Security / Cyber Security Simply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house…