Recent Security News
-
AutoSpill attack steals credentials from Android password managers
December 9, 2023 at 11:20AM Researchers presented the AutoSpill attack, targeting Android password managers during the autofill process. It exploits weaknesses in WebView controls, potentially leaking account credentials to the invoking app. Multiple password managers were found susceptible, with vendors taking steps to address the issue. The attack highlights the need for improved security measures…
-
SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs
December 9, 2023 at 07:12AM Researchers from Vrije Universiteit Amsterdam disclosed a new side-channel attack called SLAM, exploiting a feature in Intel, AMD, and Arm CPUs. The exploit, an end-to-end Spectre-based attack, allows leakage of sensitive data from kernel memory. Intel, AMD, and Arm are working on mitigations, while existing and future CPUs are affected.…
-
Hollywood plays unwitting Cameo in Kremlin plot to discredit Zelensky
December 9, 2023 at 06:38AM A pro-Russia group recruited Hollywood actors through platforms like Cameo to create videos supporting a fake person named “Vladimir” and promoting false claims of Ukraine’s president having a substance addiction. These videos were shared on Russian social media to spread propaganda. Ongoing campaigns also spoof mainstream media reports to smear…
-
Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques
December 9, 2023 at 02:36AM Threat hunters expose GuLoader malware’s evolving obfuscation tactics, making analysis time-consuming. Used in phishing campaigns, it distributes various payloads and is continually updated to evade security measures. Similar updates seen in DarkGate RAT, showcasing the sophistication and adaptability of modern malware threats. Remote access trojans are leveraging novel email-based infection…
-
ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related
December 8, 2023 at 08:10PM The Dark Web leak site operated by the ransomware group ALPHV/BlackCat was taken offline on Dec. 7, possibly due to law enforcement action. RedSense Intelligence confirmed the takedown on social media, but its verification is pending. The group has targeted over 650 companies. Law enforcement is under scrutiny for not…