Recent Security News
-
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
January 1, 2024 at 04:48AM Security researchers from Ruhr University Bochum discovered a vulnerability in the Secure Shell (SSH) protocol, labeled Terrapin (CVE-2023-48795), allowing attackers to downgrade connection security by manipulating the connection’s sequence numbers during the handshake. This can lead to the interception of sensitive data and control over critical systems. Various SSH client…
-
New JinxLoader Targeting Users with Formbook and XLoader Malware
January 1, 2024 at 02:00AM JinxLoader, a new Go-based malware loader, has been identified as a method used by threat actors to deliver next-stage payloads such as Formbook and XLoader. Cybersecurity firms highlighted its use in multi-step attack sequences via phishing emails impersonating Abu Dhabi National Oil Company, leading to a surge in infections and…
-
Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’
December 30, 2023 at 05:54PM Google has agreed to settle a $5 billion privacy lawsuit alleging that it tracked users’ internet activities while they used “incognito” mode in its Chrome browser and similar private modes in other browsers. The class-action lawsuit claimed that Google’s advertising technologies continued to gather user data, despite the supposed privacy…
-
New Black Basta decryptor exploits ransomware flaw to recover files
December 30, 2023 at 10:25AM Security Research Labs (SRLabs) has developed a decryptor called the “Black Basta Buster” that allows victims of the Black Basta ransomware to potentially recover their files for free, exploiting a flaw in the encryption algorithm used by the ransomware gang. However, the developers have since fixed the bug, rendering the…
-
Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks
December 30, 2023 at 04:42AM Cybersecurity researchers are cautioning about a surge in phishing attacks targeting cryptocurrency wallets, utilizing a technique to drain multiple blockchain networks. Notably, a group called Angel Drainer offers a “scam-as-a-service” for a percentage of stolen assets. To combat this, users are advised to use hardware wallets, verify smart contracts, and…