August 23, 2024 at 12:33PM A series of attacks since July 2024 have utilized a less common method known as AppDomain Manager Injection to exploit Microsoft .NET applications on Windows, posing a significant security threat. It seems like you’ve provided the introductory part of the meeting notes. How can I assist you with this information? … Read more
August 23, 2024 at 12:18PM Cybersecurity researchers revealed a new dropper facilitating the distribution of information stealers and loaders on Windows systems. The dropper decrypts and executes a PowerShell-based downloader, known as PEAKLIGHT, which then fetches additional malware payloads. The attack chain begins with the distribution of Windows shortcut (LNK) files within ZIP archives disguised … Read more
August 22, 2024 at 01:05PM NGate, a new Android malware, steals money from payment cards through NFC data relay. It tricks victims into installing malicious PWAs and WebAPKs, stealing banking credentials. Once installed, it uses NFC to capture and relay card data to the attacker’s device. It can also obtain the card PIN, posing a … Read more
August 22, 2024 at 11:47AM Salesforce’s Slack AI has patched a flaw identified by security firm PromptArmor, which could have allowed attackers to steal data from private Slack channels or engage in secondary phishing within the platform. The flaw is related to the use of a language model that did not recognize malicious instructions, enabling … Read more
August 22, 2024 at 09:09AM Deniss Zolotarjovs, a member of the Russian Karakurt ransomware group, has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. As a key negotiator for the group, he was involved in multiple cases of extortion impacting American organizations. If convicted, he could face a maximum of … Read more
August 22, 2024 at 06:21AM Google has released Chrome 128, addressing 38 vulnerabilities, including 20 reported by external researchers. Seven high-severity flaws were identified, with one exploited in the wild as a zero-day (CVE-2024-7971). The update also resolves other high, medium, and low-severity bugs and includes bug bounty rewards totaling $95,000. Users are urged to … Read more
August 22, 2024 at 02:00AM Google has released security fixes for a high-severity vulnerability (CVE-2024-7971) in its Chrome browser, actively exploited in the wild. It’s a type confusion bug in the V8 engine. The flaw was discovered by Microsoft Threat Intelligence Center and Microsoft Security Response Center. Users are urged to update to Chrome version … Read more
August 21, 2024 at 12:54PM ESET warns of new phishing tactic targeting iOS and Android users with web applications mimicking banking software to steal login credentials. Cybercriminals use Progressive Web Applications and WebAPKs to bypass security measures. The attacks combine voice calls, social media malvertising, and SMS messages to distribute links, mainly targeting mobile banking … Read more
August 21, 2024 at 11:00AM Google is discontinuing its Google Play Security Reward Program (GPSRP) after achieving its goal of increasing Android OS security. Bug submissions will be accepted until August 31, 2024, with final rewards decided by September 30. The program has incentivized developers to improve their app security, paying out a total of … Read more
August 20, 2024 at 09:22PM Microchip Technology disclosed an unauthorized party disrupting its server use and business operations, impacting manufacturing facilities and order fulfillment. Actions were taken to contain the incident, with external cybersecurity advisors involved. The cause and extent of the disruption remain undisclosed, raising concerns given the company’s critical role in supplying chips … Read more