July 23, 2024 at 12:29PM Telegram has addressed a zero-day flaw in older Android app versions, allowing attackers to hide malicious payloads in video files. ESET researchers discovered the flaw, “EvilVideo”, on a hacker forum. Exploit affected versions 10.14.4 and below. Updates to version 10.14.5 and above fix the issue. Users should update immediately to … Read more
July 23, 2024 at 10:36AM CrowdStrike warns of a new Daolpu malware, falsely distributed as a Windows recovery tool after the recent Falcon update struggles. This stealer targets account credentials and browser data from Chrome, Edge, Firefox, and Cốc Cốc. Attackers use malicious document macros to trigger the malware. CrowdStrike advises vigilance against phishing and … Read more
July 23, 2024 at 08:15AM ESET has warned of a zero-day exploit affecting Telegram for Android, allowing threat actors to distribute malicious files disguised as videos. The vulnerability, dubbed EvilVideo, auto-downloads payloads containing APK files presented as multimedia previews. Users are advised to update their app to version 10.14.5 to address this issue. Based on … Read more
July 22, 2024 at 10:47AM Summary: The “EvilVideo” zero-day vulnerability in Telegram for Android allowed threat actors to send malicious APK payloads disguised as video files. ESET researchers discovered the flaw and notified Telegram, which released a patch in version 10.14.5. The exploit required multiple steps for execution, reducing the risk of successful attacks. Users … Read more
July 19, 2024 at 10:05AM APT41, a Chinese threat group, has launched a cyber espionage campaign targeting organizations in shipping, logistics, media, entertainment, technology, and automotive industries across multiple countries. The group, known for supply chain attacks, has successfully infiltrated and maintained access to victim networks. APT41 is using custom cyber espionage tools and has … Read more
July 18, 2024 at 05:34PM Cybercriminal group Revolver Rabbit has registered over 500,000 domain names using a secret method called RDGAs to execute infostealer campaigns targeting Windows and macOS systems. Security researchers at Infoblox discovered this large-scale operation, estimating over $1 million in registration fees. The domains use a consistent pattern for easy readability and … Read more
July 17, 2024 at 12:34PM A threat actor leaked personal data of over 440,000 Life360 customers by exploiting a flaw in the login API. The breach also impacted Trello accounts, and Life360 disclosed an extortion attempt linked to a separate Tile customer support platform breach. The exposed information includes names, addresses, email addresses, and phone … Read more
July 17, 2024 at 07:18AM Financially motivated threat actor FIN7 has been observed using multiple pseudonyms to promote AvNeutralizer, a tool used by ransomware groups. Known for sophisticated tactics, FIN7 has adapted its malware arsenal and set up front companies to recruit unwitting engineers. The group’s malvertising tactics and latest tool updates highlight its ongoing … Read more
July 16, 2024 at 05:27PM Microsoft’s Threat Intelligence Team warns of Octo Tempest, also known as Scattered Spider, adding RansomHub and Qilin to its attack arsenal. The threat actor uses sophisticated social engineering, identity compromises, and targets VMware ESXi servers. Notably, it is behind major ransomware attacks on Caesars Palace and MGM Entertainment. The group … Read more
July 16, 2024 at 02:01PM A threat actor exposed 15 million Trello email addresses by exploiting an unsecured API, selling the data for $2.32. Atlassian, Trello’s owner, acknowledged the issue and secured the API. This method of exploiting unsecured APIs is increasingly utilized, posing significant privacy risks. It’s crucial for organizations to prioritize API security … Read more