New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers – OfficialSarkar

New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers – OfficialSarkar

Nov 05, 2024Ravie LakshmananMobile Security / Cyber Attack Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions. “ToxicPanda’s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device…

Leveraging Wazuh for Zero Trust security – OfficialSarkar

Leveraging Wazuh for Zero Trust security – OfficialSarkar

Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after successful user authentication….

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices – OfficialSarkar

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices – OfficialSarkar

Nov 05, 2024Ravie LakshmananVulnerability / Data Security Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher…

Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks – OfficialSarkar

Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks – OfficialSarkar

Nov 05, 2024Ravie LakshmananData Breach / Cybercrime Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander “Connor” Moucka (aka Judische and Waifu), was apprehended on October 30, 2024,…

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages – OfficialSarkar

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages – OfficialSarkar

Nov 05, 2024Ravie LakshmananMalware / Blockchain An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and…

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System – OfficialSarkar

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System – OfficialSarkar

Nov 05, 2024Ravie LakshmananMobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and…

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine – OfficialSarkar

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine – OfficialSarkar

Nov 04, 2024Ravie LakshmananArtificial Intelligence / Vulnerability Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the “first real-world vulnerability” uncovered using the artificial intelligence (AI) agent. “We believe this…

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning – OfficialSarkar

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning – OfficialSarkar

Nov 04, 2024Ravie LakshmananVulnerability / Cyber Threat Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. “Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions…

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – OfficialSarkar

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – OfficialSarkar

Nov 04, 2024The Hacker NewsWeekly Recap / Cybersecurity This week was a total digital dumpster fire! Hackers were like, “Let’s cause some chaos!” and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We’re talking password-stealing bots, sneaky extensions that…

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested – OfficialSarkar

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested – OfficialSarkar

Nov 04, 2024Mohit KumarDDoS Attack / Cybercrime German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. “The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical…