September 26, 2024 at 03:55PM Security researchers found critical flaws in Kia’s dealer portal, allowing hackers to locate and steal millions of Kia cars made after 2013 by using the vehicle’s license plate. Based on the meeting notes, the key takeaway is that security researchers have identified critical vulnerabilities in Kia’s dealer portal that could … Read more
September 9, 2024 at 09:27AM An academic researcher has developed a new attack technique, named RAMBO, that uses radio signals from memory buses to exfiltrate data from air-gapped systems. The technique allows for the capture of encoded files, encryption keys, images, keystrokes, and biometric information at a rate of 1,000 bits per second from up … Read more
August 23, 2024 at 12:18PM Cybersecurity researchers revealed a new dropper facilitating the distribution of information stealers and loaders on Windows systems. The dropper decrypts and executes a PowerShell-based downloader, known as PEAKLIGHT, which then fetches additional malware payloads. The attack chain begins with the distribution of Windows shortcut (LNK) files within ZIP archives disguised … Read more
August 14, 2024 at 11:16AM Tenable researchers identified vulnerabilities in Microsoft’s Azure Health Bot Service that could have been exploited by threat actors to access sensitive patient data. The vulnerabilities involved a data connection feature that allowed bots to interact with external sources, potentially leading to a server-side request forgery (SSRF) vulnerability. Microsoft released server-side … Read more
August 8, 2024 at 06:40AM A recent survey by Arlington Research and Kaspersky revealed that many Brits are cautious about webcam privacy but willingly share personal information through online games. Conducted on 10,000 consumers, including 1,000 in the UK, aged between 18 and 40 interested in new technology, the survey highlighted the need for increased … Read more
August 7, 2024 at 11:35AM Researchers discovered a method to hide the ‘First Contact Safety Tip’ in Microsoft 365, potentially increasing the risk of users opening malicious emails. Despite reporting the flaw to Microsoft, the tech giant decided not to address it at this time. The technique involves manipulating HTML and CSS to hide the … Read more
August 7, 2024 at 09:28AM Cybercriminals can manipulate Microsoft Outlook’s anti-phishing measure by using CSS to hide the First Contact Safety Tip, making it appear invisible to users, except in the email preview pane. This tactic also allows cybercriminals to add a seemingly legitimate note to phishing emails, posing a security threat despite some formatting … Read more
August 6, 2024 at 05:18PM A study by Elastic Security reveals that reputation-based security controls are less effective at safeguarding organizations against unsafe web applications and content than commonly believed. Attackers have developed techniques like reputation hijacking, reputation seeding, and maliciously signed malware tools to bypass these mechanisms. The study recommends using behavior analysis tools … Read more
August 6, 2024 at 10:44AM Elastic Security Labs revealed various methods for attackers to run malicious apps undetected by Windows’ security features. One method, “LNK Stomping,” exploits a bug in Windows’ handling of shortcut files to bypass SmartScreen and Smart App Control. Elastic engaged with Microsoft about the issue, but no immediate fix is promised. … Read more
August 1, 2024 at 08:06AM A new Android-targeting remote access trojan named BingoMod, discovered by Cleafy, is designed to steal user information and money through account takeover tactics. The malware, likely developed by Romanian speakers, attempts to lower its detection rate by experimenting with obfuscation techniques. BingoMod also allows threat actors remote device control and … Read more