Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label News. Show all posts
Trojan
Android Banking Trojan malware Malware Attack News Trojan

New Android Banking Trojan 'Crocodilus' Emerges as Sophisticated Threat in Spain and Turkey

 

A newly identified Android banking malware named Crocodilus is making waves in the cybersecurity world, with experts warning about its advanced capabilities and targeted attacks in Spain and Turkey. Discovered by Dutch mobile security firm ThreatFabric, the malware represents a major leap in sophistication, emerging not as a prototype but as a fully-developed threat capable of device takeover, remote control, and stealth data harvesting through accessibility services. 

Unlike many early-stage banking trojans, Crocodilus comes armed with a broad range of functionalities from its inception. Masquerading as Google Chrome via a misleading package name ("quizzical.washbowl.calamity"), the malware bypasses Android 13+ restrictions and initiates its attack by requesting accessibility permissions. Once granted, it connects to a command-and-control (C2) server to receive a list of targeted financial applications and corresponding HTML overlays to steal login credentials. 

The malware also targets cryptocurrency users with a unique social engineering strategy. Instead of spoofing wallet login pages, it pushes alarming messages urging users to back up their seed phrases within 12 hours or risk losing access. This manipulative tactic prompts victims to expose their seed phrases, which are then harvested via accessibility logging—giving attackers full access to the wallets. 

Crocodilus operates continuously in the background, monitoring app launches, capturing screen elements, and even intercepting one-time passwords from apps like Google Authenticator. It conceals its malicious activity by muting sounds and deploying a black screen overlay to keep users unaware. Key features include launching apps, removing itself from devices, sending SMS messages, retrieving contacts, requesting device admin rights, enabling keylogging, and modifying SMS management privileges. The malware’s ability to dynamically update C2 server settings further enhances its adaptability. 

ThreatFabric notes that the malware’s sophistication, especially in its initial version, suggests a seasoned developer behind its creation—likely Turkish-speaking, based on code analysis. The emergence of Crocodilus underscores the evolving threat landscape of mobile banking malware, where adversaries are deploying complex and evasive techniques earlier in development cycles. In a related development, Forcepoint reported a separate phishing campaign using tax-themed emails to spread the Grandoreiro banking trojan in Latin America and Spain, indicating a broader uptick in banking malware activity across platforms and regions.
Read more »
trending news
Africa under cyber threats bfsi BFSI cyber security Cyber Security News trending news

Cyber Threats Surge Across Africa’s Financial Sector, Urging Stronger Cybersecurity Defenses

 

In 2024, the financial landscape in Africa has been rocked by a series of high-impact cyberattacks, underscoring the urgent need for enhanced digital defenses across the Banking, Financial Services, and Insurance (BFSI) sector. From Uganda to Zimbabwe and South Africa, institutions are increasingly in the crosshairs of sophisticated cybercriminal groups. One of the most alarming incidents involved the Bank of Uganda, which reportedly lost approximately $16.8 million to an offshore hacking group known as “Waste.” 

In a similar breach of security, ZB Financial Holdings in Zimbabwe suffered a ransomware attack in July that led to substantial data exposure, compromising both customer details and operational systems. South Africa’s Standard Bank also confirmed a recent data breach that affected limited personal and financial data, highlighting how widespread and varied these threats have become. Interpol’s 2024 African Cyberthreat Assessment paints a grim picture—cyberattacks on African businesses surged by 23% in 2023, with ransomware and data breaches being the most prevalent. 

These figures reflect not only a rising frequency but also the growing sophistication of cybercrime on the continent. The IBM 2024 Cost of a Data Breach report further reveals that the average cost of a data breach in South Africa has risen sharply to R53.1 million, a significant jump from R49.45 million the previous year. Historical incidents continue to serve as cautionary tales. The 2020 Experian breach compromised 24 million personal records, while the 2023 Medusa ransomware attack on the Bank of Africa’s Malian unit resulted in the leak of 2TB of sensitive data. 

These events demonstrate the severe financial and reputational risks African financial institutions face. As the sector increasingly adopts technologies such as artificial intelligence, blockchain, and cloud computing, new avenues for cyber exploitation have emerged. Threats like phishing schemes, insider sabotage, and regulatory compliance issues now loom larger than ever before. “Cybercrime is evolving at an alarming rate, and financial institutions in Africa are prime targets,” said Abe Wakama, CEO of IT News Africa. 

“The BFSI Security Summit will offer a vital platform for industry leaders to collaborate, exchange knowledge, and deploy effective strategies to protect their institutions,” he further added. 

Cybersecurity experts and Chief Information Security Officers (CISOs) across the continent are responding by urging a multi-layered approach to digital defense—deploying AI-powered threat detection systems, implementing zero trust security models, and ensuring compliance with key data privacy regulations like South Africa’s Protection of Personal Information Act (POPIA) and the EU’s GDPR. Additional measures such as continuous monitoring, advanced endpoint protection, and robust incident response planning are becoming standard practice. Equally critical are human factors—regular employee training and rigorous penetration testing play a pivotal role in building organizational cyber resilience.
Read more »
Phishing Attacks
Cyber Attacks cyberattacks trending news Netflix cybersecurity News phishing Phishing Attacks

Netflix Users Warned About AI-Powered Phishing Scam

 

Netflix subscribers are being warned about a sophisticated phishing scam circulating via email, designed to steal personal and financial information. 

The deceptive email mimics an official Netflix communication, falsely claiming that the recipient’s account has been put on hold. It urges users to click a link to resolve the issue, which redirects them to a fraudulent login page that closely resembles Netflix’s official site. 

Unsuspecting users are then prompted to enter sensitive details, including their Netflix credentials, home address, and payment information. Cybersecurity experts caution that phishing scams have become more advanced with the rise of AI-driven tactics. 

According to Jake Moore, Global Cybersecurity Advisor at ESET, artificial intelligence has enabled cybercriminals to launch phishing campaigns at an unprecedented scale, making them appear more legitimate while targeting a larger number of users. 

“Despite these advancements, many scams still rely on urgency to pressure recipients into acting quickly without verifying the sender’s authenticity,” Moore explained. 

Users are advised to remain vigilant, double-check email sources, and avoid clicking on suspicious links. Instead, they should visit Netflix directly through its official website or app to verify any account-related issues.
Read more »
Ransomware
cyberattacks trending news Cybersecurity Attack malware News Ransomware

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations

Cisco Talos has uncovered a series of cyber espionage campaigns attributed to the advanced persistent threat (APT) group Lotus Blossom, also known as Spring Dragon, Billbug, and Thrip. 

The group has been active since at least 2012, targeting government, manufacturing, telecommunications, and media sectors in regions such as the Philippines, Vietnam, Hong Kong, and Taiwan. Talos identified Sagerunex, a backdoor tool used exclusively by Lotus Blossom, as the core malware in these campaigns. 

The investigation revealed multiple variants of Sagerunex, evolving from its original form to leverage third-party cloud services such as Dropbox, Twitter, and Zimbra webmail as command-and-control (C2) tunnels, instead of traditional Virtual Private Servers (VPS). This shift helps the group evade detection while maintaining control over infected endpoints. 

The group has been observed gaining persistence on compromised systems by embedding Sagerunex into the system registry and configuring it to run as a service. The malware operates as a dynamic link library (DLL), executed directly in memory to avoid detection. The campaigns also showcase long-term persistence strategies, allowing attackers to remain undetected for months. 

Beyond Sagerunex, Lotus Blossom employs an arsenal of hacking tools to facilitate credential theft, privilege escalation, and data exfiltration. These include a Chrome cookie stealer from GitHub, a customized Venom proxy tool, a privilege adjustment tool, and an archiving tool for encrypting and stealing data. 

Additionally, the group utilizes mtrain V1.01, a modified HTran proxy relay tool, to route connections between compromised machines and external networks. The attack chain follows a structured multi-stage approach, starting with reconnaissance commands such as “net,” “tasklist,” “ipconfig,” and “netstat” to gather system details. 

If an infected machine lacks direct internet access, the attackers leverage proxy settings or the Venom tool to establish connectivity. A notable tactic involves storing malicious tools in the “public\pictures” subfolder, a non-restricted directory, to avoid detection.

Talos’ research underscores the growing sophistication of Lotus Blossom, which continues to refine its techniques and expand its capabilities. With high confidence, Cisco attributes these campaigns to Lotus Blossom, highlighting its sustained cyber espionage operations against high-value targets.
Read more »
News
Cyber Security Cyber Threats Cybersecurity Attack financial attack News

Lending App Data Breach Leaves Sensitive Customer Information Unprotected

 

A major digital lending platform has reportedly exposed sensitive customer data due to a misconfigured Amazon AWS S3 bucket that was left unsecured without authentication. Security researchers discovered the breach on November 28, 2024, but the issue remained unresolved until January 16, 2025, leaving the data vulnerable for over a month. While there is no direct evidence that cybercriminals accessed the information, experts warn that only a thorough forensic audit could confirm whether any unauthorized activity took place.  

The exposed data reportedly includes Know Your Customer (KYC) documents, which financial institutions use to verify identity, address, and income details. This type of information is particularly valuable to cybercriminals, as it can be exploited to fraudulently obtain loans, orchestrate identity theft, or carry out sophisticated social engineering attacks. 

According to researchers, attackers could leverage leaked loan agreements or bank details to manipulate victims into making unauthorized payments or providing further account verification. Furthermore, such personal data often ends up being aggregated and sold on the dark web, amplifying risks for affected individuals and making it harder to protect their privacy. 

To minimize the risks associated with such breaches, experts recommend monitoring bank statements and transaction histories for any suspicious activity and immediately reporting irregularities to financial institutions. Users are also advised to set strong, unique passwords for different accounts, especially those containing financial or sensitive information, and to update them immediately if a breach is suspected. Enabling multi-factor authentication (MFA) adds an extra layer of security and can significantly reduce the likelihood of unauthorized access. 

Another major concern following such incidents is the increased likelihood of social engineering attacks like phishing, where criminals use leaked data to craft convincing fraudulent messages. Attackers may impersonate banks, service providers, or even personal contacts to trick victims into revealing sensitive details, clicking malicious links, or scanning fraudulent QR codes. 

Users should remain cautious of unexpected emails or messages, verify the sender’s identity before clicking any links, and contact companies directly through their official websites. It is crucial to remember that banks and legitimate financial institutions will never request sensitive account details via phone or email or ask customers to transfer funds to another account.
Read more »
trending news
Cybersecurity Attack malware News online threats trending news

Beware of Fake Viral Video Links Spreading Malware

 

McAfee Labs has uncovered a rise in cyber scams where fraudsters use fake viral video links to trick people into downloading malware. These attacks rely on social engineering, enticing users with promises of exclusive or leaked content. 

Once a user clicks on the deceptive link, they are redirected through several malicious websites before unknowingly downloading a harmful file. The scheme typically begins with a fake message or document containing a link to a trending video. Clicking the link leads to an unsafe website filled with misleading advertisements, fake download buttons, and sometimes adult content. 

These sites trick users into downloading a file—often a ZIP folder—that seems harmless but actually contains malware hidden within a password-protected archive. Once downloaded and extracted, the file reveals a setup program that, when executed, launches the malware. To make it appear legitimate, a CAPTCHA screen is displayed first. 

However, once the user clicks “OK,” the malware installs itself discreetly, injecting harmful files into the system and running hidden processes that steal data or compromise the device. While McAfee’s security measures have intercepted many such attacks, experts warn that these scams continue to evolve. 

Cybercriminals use clickbait tactics to manipulate people’s curiosity, making it crucial to stay vigilant. To protect yourself, avoid clicking on links that claim to provide exclusive or leaked videos, as these are often traps designed to distribute malware. 

Be cautious of unfamiliar websites that prompt you to download files, as they may contain hidden threats. Always scan downloaded files with reliable security software before opening them. Additionally, keep your antivirus software updated to ensure real-time protection against emerging cyber threats. Since online scams are constantly evolving, staying informed and cautious is the best defense against potential cyber risks.
Read more »
News
Chinese Hackers cyber attack Cyber-Espionage cyberattacks trending news cybersecurity news News

Chinese Hackers Exploit SSH Daemon to Maintain Persistent Access in Cyber-Espionage Operations

 

A sophisticated cyber-espionage campaign attributed to the Chinese hacking group Evasive Panda, also known as DaggerFly, has been uncovered, targeting network appliances through a newly identified attack suite. According to cybersecurity researchers at Fortinet’s FortiGuard Labs, the attackers are leveraging a malicious toolkit named ELF/Sshdinjector.A!tr, injecting malware into the SSH daemon (SSHD) to establish long-term access and execute covert operations. 

Active since at least mid-November 2024, this attack method enables unauthorized control over compromised systems. While the initial entry point remains unclear, once infiltrated, a dropper module determines whether the device is already infected and assesses its privilege level. If running under root permissions, the malware deploys multiple binaries, including libssdh.so, which serves as the primary backdoor responsible for command-and-control (C2) communication and data exfiltration. 

Additional components such as “mainpasteheader” and “selfrecoverheader” are used to maintain persistence. The injected SSH library covertly monitors and executes commands received from a remote C2 server, allowing the attackers to conduct system reconnaissance, steal credentials, manipulate files, and execute arbitrary commands. 

The malware supports fifteen different functions, ranging from collecting system details and listing active processes to reading sensitive user data and gaining remote shell access. It can also upload and download files, delete specific records, rename files, and notify the attacker when the malware is active. 

Despite previous detections of similar threats, FortiGuard’s research is the first to provide a detailed analysis of how ELF/Sshdinjector.A!tr operates. The group behind this attack, Evasive Panda, has been active since 2012 and has previously conducted cyber-espionage campaigns, including supply chain attacks via ISPs in Asia and targeted intelligence collection from U.S. organizations. 

The group was also recently linked to deploying a novel macOS backdoor. Notably, Fortinet researchers leveraged AI-assisted tools to aid in the malware’s reverse engineering process. While challenges such as hallucinations, extrapolation errors, and omissions were encountered, the experiment demonstrated AI’s growing potential in cybersecurity research. 

Fortinet assures that its customers are already protected against this threat through its FortiGuard AntiVirus service, which detects the malware as ELF/Sshdinjector.A!tr and Linux/Agent.ACQ!tr. The company has also provided hashes of identified samples on VirusTotal for further investigation by the security community.
Read more »
News
Cyber Threats Cybersecurity Indian Government website News

Kaveri 2.0 Portal Hit by Massive DDoS Attack

 

Property registrations and citizen services in Karnataka have been severely affected since Monday due to a large-scale cyberattack on the Kaveri 2.0 portal. Initially suspected to be a technical glitch, the Revenue and E-Governance Departments have now confirmed that the disruptions are the result of a “motivated Distributed Denial of Service (DDoS) attack.” 

The Kaveri 2.0 portal, introduced in 2023 to streamline property registration and related services, has been facing issues since January 13, 2025, with attackers consistently exploiting vulnerabilities despite repeated fixes. Revenue Minister Krishna Byre Gowda stated that the evolving nature of these disruptions indicates a deliberate and sustained attempt to cripple the system. 

Officials revealed that bots are being used to conduct excessive searches for encumbrance certificates (ECs) through customer logins, overloading the system and causing it to crash. Even as authorities address certain weaknesses, attackers appear to be adapting in real-time to exploit new loopholes. 

For instance, on Monday, the system was restored by 1 p.m. after a complete outage, but it was down again by 3 p.m. The attack has had a severe impact on property registrations across the state, with daily registrations plummeting from an average of over 8,000 to just over 500 on Tuesday. 

Thousands of property transactions have been postponed indefinitely due to the disruption, leaving buyers and sellers in a state of uncertainty. Many users have been unable to log into the portal or upload necessary documents, causing widespread frustration. 

K.V. Govardhan of Arna Estates, who had registrations scheduled in Bagepalli and Banaswadi on Monday, expressed concerns over the lack of clarity on when the system would be fully restored. 
Read more »
Security threats
cyber attack Cyber Attacks Globe Life News Security threats

Globe Life Data Breach Affects 850,000 Customers, Investigation Reveals

Insurance provider Globe Life has revealed that a data breach from June 2024 was far more extensive than initially believed. While early reports in October 2024 suggested that around 5,000 customers were impacted, the company’s latest investigation indicates that approximately 850,000 policyholders may have had their personal data compromised. 

The breach was initially detected in a subsidiary, American Income Life Insurance Company. At the time, Globe Life reported a limited impact but acknowledged the possibility of more affected individuals. 

Further findings now confirm that an unidentified cybercriminal gained access to databases maintained by independent agency owners, exposing a wide range of sensitive customer information. Stolen data includes full names, Social Security numbers, phone numbers, email addresses, home addresses, birth dates, health records, and insurance policy details. 

In response, Globe Life took immediate action to secure its systems, restricting external access to the compromised portal. According to its SEC filing, the company was targeted by an extortion attempt but chose not to meet the ransom demands. The insurer maintains that its primary IT infrastructure and data encryption systems remained intact despite the breach. 

As a precaution, Globe Life is offering credit monitoring services to potentially affected customers. However, cybersecurity experts recommend that policyholders take extra steps to protect themselves, including signing up for identity theft protection, keeping a close watch on financial statements, and being alert to phishing attempts. Cybercriminals frequently use stolen data to create deceptive emails and messages aimed at obtaining further personal or financial information. 

Customers are advised to be cautious when receiving unexpected communications via email, text, or social media. Any unsolicited messages containing links or attachments should be avoided. Installing reliable antivirus software on personal devices can also help protect against malware that may be embedded in phishing attempts. 

Despite the scale of the breach, Globe Life has stated that it does not expect any disruptions to its business operations. However, customers should update their passwords and remain vigilant against potential fraud in the coming months.
Read more »
Ransomware attack
Attack on NYBC cyber attack Cyber Attacks News NYBC Ransomware attack

Ransomware Attack Disrupts New York Blood Center Operations Amid Critical Shortage

 

The New York Blood Center (NYBC), a major provider of blood products and transfusion services in the U.S., suffered a ransomware attack on Sunday, leading to operational disruptions and the cancellation of some donor appointments. 

The cyberattack comes at a time when the center is already struggling with a significant drop in blood donations, further straining supply levels. 

NYBC, which collects approximately 4,000 units of blood daily and supports over 500 hospitals across multiple states, detected the security breach over the weekend of January 26. 
After noticing unusual activity within its IT systems, the organization swiftly enlisted cybersecurity experts to investigate. Their findings confirmed that ransomware was responsible for the disruption. 

In response, NYBC took immediate measures to contain the attack, including temporarily shutting down certain systems while working toward a secure restoration. Despite the ongoing challenges, the organization continues to accept blood donations but warned that some appointments may need to be rescheduled. 

The attack comes just days after NYBC issued a blood emergency following a dramatic 30% decline in donations, resulting in 6,500 fewer units collected and severely impacting regional blood supplies. At this time, it remains unclear whether the attackers accessed or stole sensitive donor information. No ransomware group has claimed responsibility yet.

As NYBC works to restore its systems, it is urging donors to continue making appointments to help address the ongoing blood shortage and ensure hospitals receive the critical supplies they need.
Read more »
Zyxel
cyber attack Cyber Attacks News trending news Zero day vul Zyxel

Critical Zero-Day Vulnerability in Zyxel Devices Sparks Widespread Exploitation


Cybersecurity researchers at GreyNoise have uncovered widespread exploitation of a critical zero-day vulnerability in Zyxel CPE Series devices, months after it was initially reported to the manufacturer. The flaw, identified as CVE-2024-40891, allows attackers to execute arbitrary commands on affected devices, potentially leading to data breaches, network infiltration, and complete system compromise. GreyNoise has disclosed the issue to raise awareness among organizations and individuals at risk, as mass exploitation attempts have already been observed.

Details of the Vulnerability and Exploitation

The vulnerability, CVE-2024-40891, was first reported to Zyxel by researchers at VulnCheck in August 2024. However, Zyxel has yet to release a public advisory or an official CVE entry for the flaw, leaving users without a patch to mitigate the risk. GreyNoise collaborated with VulnCheck to disclose the issue, following standard security policies. A GreyNoise spokesperson stated, “Due to first-hand, confirmed mass exploitation attempts for this vulnerability, we chose to disclose this to raise awareness among those who may be impacted.”

Security analysts at Censys estimate that approximately 1,500 devices are online and potentially vulnerable, though definitive confirmation of affected versions is still pending. The National Vulnerability Database (NVD) has not yet provided additional details about the issue. To assess the extent of malicious activity, GreyNoise and VulnCheck conducted a joint investigation, revealing that attackers are actively targeting the flaw.

Researchers noted that CVE-2024-40891 shares similarities with another Zyxel vulnerability, CVE-2024-40890, which also involves authentication and command injection exploits. The key difference is that CVE-2024-40891 is exploited via telnet, while CVE-2024-40890 is HTTP-based. This latest vulnerability follows a recent warning from the Cybersecurity and Infrastructure Security Agency (CISA) and German authorities about another security flaw in Zyxel firewalls, CVE-2024-11667, which was exploited to deploy Helldown ransomware in early December.

Mitigation Strategies and Recommendations

With no official patch available, Zyxel users remain vulnerable to exploitation. Security experts urge organizations to implement temporary mitigation strategies to reduce the risk of compromise. Key recommendations include:

  1. Monitor Network Traffic: Closely monitor network traffic for unusual activity, particularly on devices running Zyxel CPE Series firmware.
  2. Restrict Access: Limit access to potentially affected devices by disabling unnecessary services, such as telnet, and implementing strict access controls.
  3. Apply Workarounds: If possible, apply any available workarounds or configuration changes recommended by cybersecurity experts until an official patch is released.
  4. Stay Informed: Keep track of updates from Zyxel and cybersecurity agencies like CISA for the latest information on vulnerability and mitigation measures.

A VulnCheck spokesperson confirmed that the firm is actively working with Zyxel on the disclosure process and expects to share further insights in the coming week. In the meantime, organizations are advised to remain vigilant and take proactive steps to protect their networks.

The widespread exploitation of CVE-2024-40891 highlights the critical importance of timely vulnerability disclosure and patch management. As attackers continue to target Zyxel devices, organizations must prioritize cybersecurity measures to safeguard their systems and data. While waiting for an official patch, implementing temporary mitigation strategies and staying informed about updates can help reduce the risk of exploitation. This incident serves as a reminder of the ongoing challenges in securing network devices and the need for collaboration between manufacturers, researchers, and users to address vulnerabilities effectively.

Read more »
Technology
Cryptocurrency threats Cryptojacking cyb News Technology

Cryptojacking: The Silent Cybersecurity Threat Surging in 2023

Cryptojacking, the unauthorized exploitation of an organization’s computing resources to mine cryptocurrency, has emerged as a significant yet often overlooked cybersecurity threat. Unlike ransomware, which overtly disrupts operations, cryptojacking operates covertly, leading to substantial financial and operational impacts. In 2023, cryptojacking attacks surged by 659%, totaling 1.1 billion incidents, according to SonicWall’s 2024 Cyber Threat Report.

This dramatic increase underscores the growing appeal of cryptojacking among cybercriminals. The financial implications for businesses are severe. Research indicates that for every dollar’s worth of cryptocurrency mined illicitly, companies incur approximately USD 53 in cloud service costs. This disparity highlights the hidden expenses organizations face when their systems are compromised for unauthorized mining activities.

How Cryptojacking Works and Its Impact

Attackers employ various methods to infiltrate systems, including:

  • Drive-by Downloads: Compromised websites automatically download mining scripts onto visitors’ devices.
  • Phishing Emails: Trick users into installing malware that enables cryptojacking.
  • Exploiting Vulnerabilities: Targeting unpatched software to gain unauthorized access.

The rise of containerized environments has also provided new avenues for attackers. For example, cybercriminals can embed mining scripts within public repository images or target exposed Docker APIs to deploy cryptojacking malware.

Beyond financial losses, cryptojacking degrades system performance by overutilizing CPU and GPU resources. This leads to slower operations, reduced productivity, and increased energy consumption. Over time, the strain on hardware can cause overheating and potential equipment failure. Additionally, compromised systems are more vulnerable to further security breaches, as attackers can leverage their access to escalate attacks.

Combating Cryptojacking: Proactive Measures

To defend against cryptojacking, organizations must implement proactive security measures. Key strategies include:

  1. Endpoint Protection Tools: Deploy solutions that monitor for unusual resource usage, such as sudden spikes in CPU or GPU activity, which may indicate cryptojacking.
  2. Network Traffic Analysis: Analyze network traffic for connections to known cryptocurrency mining pools, which are often used by attackers to process mined coins.
  3. Cloud Monitoring Solutions: Utilize cloud-based tools to detect unauthorized mining activities in cloud environments, where cryptojacking is increasingly prevalent.
  4. Regular Testing and Validation: Simulate cryptojacking attacks to identify vulnerabilities and strengthen defenses before actual threats materialize.

Organizations should also prioritize employee training to recognize phishing attempts and other common attack vectors. Regularly updating and patching software can close vulnerabilities that attackers exploit to infiltrate systems. Additionally, implementing robust access controls and monitoring for unusual user activity can help prevent unauthorized access.

The surge in cryptojacking attacks highlights the growing sophistication of cybercriminals and the need for organizations to adopt comprehensive cybersecurity measures. While cryptojacking may not be as visibly disruptive as ransomware, its financial and operational impacts can be equally devastating. By deploying advanced detection tools, analyzing network traffic, and regularly testing defenses, businesses can mitigate the risks posed by cryptojacking and protect their computing resources from unauthorized exploitation. As cyber threats continue to evolve, proactive and adaptive security strategies will be essential to safeguarding organizational assets and maintaining operational efficiency.

Read more »
trending news
AI cybersecurity Emerging tech news Generative AI latest news News Technology Technology News trending news

Generative AI in Cybersecurity: A Double-Edged Sword

Generative AI (GenAI) is transforming the cybersecurity landscape, with 52% of CISOs prioritizing innovation using emerging technologies. However, a significant disconnect exists, as only 33% of board members view these technologies as a top priority. This gap underscores the challenge of aligning strategic priorities between cybersecurity leaders and company boards.

The Role of AI in Cybersecurity

According to the latest Splunk CISO Report, cyberattacks are becoming more frequent and sophisticated. Yet, 41% of security leaders believe that the requirements for protection are becoming easier to manage, thanks to advancements in AI. Many CISOs are increasingly relying on AI to:

  • Identify risks (39%)
  • Analyze threat intelligence (39%)
  • Detect and prioritize threats (35%)

However, GenAI is a double-edged sword. While it enhances threat detection and protection, attackers are also leveraging AI to boost their efforts. For instance:

  • 32% of attackers use AI to make attacks more effective.
  • 28% use AI to increase the volume of attacks.
  • 23% use AI to develop entirely new types of threats.

This has led to growing concerns among security professionals, with 36% of CISOs citing AI-powered attacks as their biggest worry, followed by cyber extortion (24%) and data breaches (23%).

Challenges and Opportunities in Cybersecurity

One of the major challenges is the gap in budget expectations. Only 29% of CISOs feel they have sufficient funding to secure their organizations, compared to 41% of board members who believe their budgets are adequate. Additionally, 64% of CISOs attribute the cyberattacks their firms experience to a lack of support.

Despite these challenges, there is hope. A vast majority of cybersecurity experts (86%) believe that AI can help attract entry-level talent to address the skills shortage, while 65% say AI enables seasoned professionals to work more productively. Collaboration between security teams and other departments is also improving:

  • 91% of organizations are increasing security training for legal and compliance staff.
  • 90% are enhancing training for security teams.

To strengthen cyber defenses, experts emphasize the importance of foundational practices:

  1. Strong Passwords and MFA: Poor password security is linked to 80% of data breaches. Companies are encouraged to use password managers and enforce robust password policies.
  2. Regular Cybersecurity Training: Educating employees on risk management and security practices, such as using antivirus software and maintaining firewalls, can significantly reduce vulnerabilities.
  3. Third-Party Vendor Assessments: Organizations must evaluate third-party vendors for security risks, as breaches through these channels can expose even the most secure systems.

Generative AI is reshaping the cybersecurity landscape, offering both opportunities and challenges. While it enhances threat detection and operational efficiency, it also empowers attackers to launch more sophisticated and frequent attacks. To navigate this evolving landscape, organizations must align strategic priorities, invest in AI-driven solutions, and reinforce foundational cybersecurity practices. By doing so, they can better protect their systems and data in an increasingly complex threat environment.

Read more »
Technology
EU’s Digital Market Act News Social Media Technology

The Digital Markets Act (DMA): A Game Changer for Tech Companies


The Digital Markets Act (DMA) is poised to reshape the European digital landscape. This pioneering legislation by the European Union seeks to curb the dominance of tech giants, foster competition, and create a fairer digital marketplace for consumers and businesses alike. By enforcing strict regulations on major players like Google, Apple, and Meta, the DMA aims to dismantle monopolistic practices and ensure greater choice and transparency.

The DMA targets the "gatekeepers" of the digital economy—large companies that control access to critical digital services. By requiring these firms to unbundle tightly integrated ecosystems, the act provides smaller players an opportunity to thrive.

For instance, companies will no longer be able to self-preference their own products in search rankings or restrict users from installing third-party apps. These changes promise to unlock innovation and drive competition across the digital ecosystem.

Google’s longstanding practice of integrating services such as Maps, Calendar, and Docs with its search engine has faced criticism for sidelining competitors. Under the DMA, Google must separate these services, starting with Maps.

While these integrations have offered users convenience, they have limited market access for alternatives like HERE WeGo and OpenStreetMap. The new regulations could disrupt Google’s user experience but pave the way for smaller mapping solutions to gain traction.

Apple faces significant challenges under the DMA. The legislation mandates opening its App Store to competing platforms, potentially allowing alternative app marketplaces to operate on iOS devices. This could disrupt Apple’s revenue streams and force the company to rethink its tightly controlled ecosystem.

Apple’s adherence to the DMA will redefine its approach to user experience while creating opportunities for developers to access a broader audience.

For consumers, the DMA promises long-term benefits by increasing choice and reducing dependency on dominant players. Initially, the transition may seem inconvenient, but the diversity it fosters will lead to a more innovative digital economy.

The DMA’s implications extend beyond Europe. It sets a precedent for how governments worldwide might regulate tech giants. Countries like the United States and India are closely watching its impact, potentially adopting similar frameworks to tackle monopolistic practices.

The Digital Markets Act is more than just a European regulation — it’s a bold step towards a competitive and equitable digital future. By leveling the playing field, it challenges global tech giants to innovate responsibly while empowering smaller businesses and consumers alike.
Read more »
Social Media Scam
cyberattack news FireScam malware News Online Scam Social Media Scam

FireScam Malware Disguised as Telegram Premium Spreads via Phishing Sites

A new Android malware called FireScam is being distributed through phishing websites hosted on GitHub, masquerading as a premium version of the Telegram app. These fraudulent sites mimic RuStore, Russia’s official mobile app marketplace, tricking users into downloading the malware. This incident highlights how cybercriminals exploit trusted platforms to deploy sophisticated threats.

RuStore was launched in May 2022 by Russian tech company VK (VKontakte) with support from the Ministry of Digital Development as an alternative to Google Play and Apple’s App Store. It was designed to provide Russian users access to mobile applications despite Western sanctions. Cybercriminals have taken advantage of RuStore’s credibility by creating phishing pages that distribute malware under the guise of legitimate applications. According to security researchers at CYFIRMA, attackers have set up a GitHub-hosted phishing page impersonating RuStore, delivering an initial malware payload named GetAppsRu.apk.

Once installed, the dropper module requests multiple permissions, allowing it to identify installed applications, access device storage, and install additional software. It then downloads and installs the primary malware payload, disguised as Telegram Premium.apk. This second-stage malware requests extensive permissions, enabling it to monitor notifications, read clipboard data, access SMS and call information, and track user activity.

FireScam displays a fake Telegram login page via WebView to steal user credentials. The malware then communicates with Firebase Realtime Database, where stolen data is uploaded in real time. Each infected device is assigned a unique identifier, allowing attackers to track it. According to CYFIRMA, the stolen data is temporarily stored in Firebase before being filtered and transferred to another location. FireScam maintains a persistent WebSocket connection with a Firebase-based command-and-control (C2) endpoint, allowing attackers to execute real-time commands, download and install additional payloads, modify surveillance settings, and trigger immediate data uploads.

FireScam continuously tracks various device activities, including screen on/off events, active app usage, and user interactions lasting over 1,000 milliseconds. One of its most concerning features is its focus on e-commerce transactions. The malware attempts to intercept sensitive financial data by logging keystrokes, tracking clipboard content, and extracting auto-filled credentials from password managers.

While the identity of FireScam’s operators remains unknown, CYFIRMA researchers describe it as a sophisticated and multifaceted threat that employs advanced evasion techniques. To minimize the risk of infection, users should avoid downloading apps from unverified sources, be cautious when clicking on unfamiliar links, download applications only from official platforms like Google Play or verified stores, and regularly review and restrict app permissions to prevent unauthorized data access. The rise of malware like FireScam underscores the growing need for cybersecurity awareness. Staying vigilant and adopting secure online practices is essential to protecting personal and financial data from evolving cyber threats.

Read more »
trending news
Google Chrome extensions attack malware News trending news

Google Chrome Extensions Compromised in Widespread Cyberattack

A cybersecurity incident has compromised at least 35 Google Chrome extensions, affecting approximately 2.6 million users globally. Over 400,000 devices have reportedly been infected with malicious code as part of a coordinated attack.

Timeline and Attack Methodology

An investigation revealed that the attack began on December 5, although related domains were registered as early as March 2024. This indicates the attackers had been preparing for months before launching their campaign.

One targeted entity was a data loss prevention startup, whose Chrome extension was exploited. The breach reportedly began with a phishing email impersonating a Google policy alert, urging a developer to install a "Privacy Policy Extension." This malicious extension, when granted permissions, allowed attackers to access the developer’s account.

Once access was obtained, the attackers uploaded a malicious update to the compromised extensions. This update bypassed security protocols and was automatically distributed to users, facilitating the infection. The primary objective appeared to be data harvesting, with an emphasis on collecting Facebook-related information from users.

Company Response and Security Observations

The affected company reported that the compromised employee had Google Advanced Protection and multi-factor authentication (MFA) enabled. Despite following standard protocols, the employee inadvertently authorized a malicious third-party application. The company clarified that no suspicious MFA prompts were received, and the employee's Google credentials remained secure.

Domains associated with the attack were initially registered in March 2024, with additional registrations occurring closer to the campaign’s escalation in November and December.

This incident underscores the evolving tactics of cybercriminals and the importance of constant vigilance and robust cybersecurity measures, particularly in the face of sophisticated phishing campaigns.

Read more »
Online attacks
cyberattack news malware Mobile Malware News Online attacks

FBI Warns Against Public USB Charging Stations Due to “Juice Jacking” Threat

The FBI has issued a cautionary alert for travelers, urging them to avoid using public USB charging stations found in airports, hotels, and other public spaces. A rising cyber threat, known as “juice jacking,” enables cybercriminals to steal sensitive data and install malware through these ports. While convenient for charging devices on the go, these stations are increasingly being exploited to compromise personal and financial security.

The Mechanics Behind Juice Jacking

Juice jacking takes advantage of a fundamental vulnerability in USB technology, which supports both power delivery and data transfer. When an unsuspecting user plugs their device into a compromised USB port, malware can be silently installed, or data can be extracted without their knowledge. The malicious software may remain dormant, activating later to steal passwords, lock files for ransom, or even mine cryptocurrency, which can drain the device’s battery and degrade its performance.

Adding to the complexity of this threat, even charging cables can be tampered with to include hidden components that extract data as soon as they are connected. This makes it possible for travelers to fall victim to juice jacking even if they avoid public charging stations but use unfamiliar or unverified cables.

The threat of juice jacking extends far beyond U.S. borders. Airports, hotels, and shopping malls worldwide have reported similar incidents, as the universal nature of USB charging technology makes it a convenient vector for cyberattacks. The rise in reported cases has prompted security experts to raise awareness about this subtle yet significant risk, urging travelers to rethink how and where they charge their devices.

How to Protect Yourself

To stay safe, the FBI and cybersecurity professionals recommend adopting these precautions:

  • Carry Personal Chargers: Use your own charging devices and power banks to avoid reliance on public USB ports.
  • Use a USB Data Blocker: This small device allows charging while preventing data transfer, effectively neutralizing the threat of juice jacking.
  • Opt for Wall Outlets: Whenever possible, plug devices directly into a wall outlet for charging, as this eliminates the risk of data theft.

Some airports and transportation hubs are beginning to address the issue by installing “charge-only” stations that disable data transfer capabilities. However, such solutions are not yet widespread, making it essential for individuals to remain vigilant and proactive in protecting their devices.

Corporate and Financial Sector Responses

Businesses are taking the juice jacking threat seriously, with many companies updating travel policies to discourage employees from using public USB ports. Instead, employees are being provided with approved chargers and power banks to ensure the safety of corporate devices and sensitive data.

The financial sector is also raising alarms, advising customers to avoid conducting banking transactions or accessing sensitive accounts while connected to public USB ports. Even a brief connection to a compromised charging station could lead to unauthorized access to financial apps and accounts, potentially resulting in significant losses.

While steps are being taken to make public charging safer, the onus remains on travelers to prioritize device security. By carrying personal charging equipment, avoiding unverified cables, and utilizing tools like USB data blockers, individuals can mitigate the risks of juice jacking and safeguard their personal and financial information against this evolving cyber threat.

Read more »
trending news
Cyber Secuirty Cyber Security News Passkeys authentication trending news

Are Passkeys the Future of Authentication? Current Hurdles Say Otherwise

For years, cybersecurity experts have criticized passwords as outdated and insecure. Frequently re-used, susceptible to phishing, and vulnerable to leaks, they remain one of the weakest links in online security. Passkeys have been hailed as the solution — a frictionless and secure alternative that leverages biometric authentication while addressing many of the vulnerabilities associated with traditional passwords.

However, despite their promise, passkeys face challenges that could hinder their widespread adoption. While the technology offers undeniable advantages, issues like inconsistent functionality and platform lock-ins complicate the user experience.

How Passkeys Work

Passkeys represent a safer and more streamlined authentication method. Instead of typing a password, users authenticate through biometric verification, such as Face ID, Touch ID, or similar local methods. This approach shifts the security focus to the device itself, adopting a trust model akin to mobile payment systems like Apple Pay. In theory, this allows for seamless logins across devices.

The Reality of Cross-Platform Challenges

In practice, however, the experience is less cohesive. Within Apple’s ecosystem, passkeys function smoothly, with iCloud synchronization ensuring consistency. Yet outside this "walled garden," complications arise.

As highlighted by Ars Technica, users attempting to log into the same service with passkeys across platforms—such as PayPal on Windows versus iOS — encounter varying experiences. Some services further restrict passkey usage to specific browsers, frustrating users who frequently switch between platforms.

Platform Lock-In and User Frustration

A more pressing issue is platform dominance. Tech giants like Apple and Google often push users toward their proprietary passkey management systems, sometimes overriding user preferences. For instance, even if a passkey is synced via a third-party password manager, users may still be redirected to Google’s system when logging into certain sites, such as LinkedIn.

Adding to the frustration, many services operate passkeys alongside passwords rather than replacing them entirely. This undermines the very purpose of passkeys, as users are still required to create passwords during registration, perpetuating traditional security risks.

The Push for a Password-Free Future

Despite these setbacks, some organizations are leading the charge toward a password-free future. As Grayson Mixon, a user commenting on the issue, noted:

"The company I work for introduced passkeys months ago. Now they are disabling passwords as an option. It will be passkeys only in 2025."

While such initiatives signal progress, the path to universal adoption of passkeys is far from straightforward. For passkeys to truly replace passwords, the industry must overcome challenges related to interoperability, user convenience, and platform neutrality.

Passkeys have the potential to revolutionize online authentication, offering a more secure and convenient alternative to passwords. Yet, current inconsistencies and platform restrictions highlight the need for continued innovation and collaboration across the tech industry. Until these hurdles are addressed, the journey toward a password-free digital landscape will remain a work in progress.

Read more »
trending news
Cybersecurity Breach Data Breach EU News SecurityScorecard trending news

Third-Party Data Breaches Expose Cybersecurity Risks in EU's Largest Firms

A recent report by SecurityScorecard has shed light on the widespread issue of third-party data breaches among the European Union’s top companies. The study, which evaluated the cybersecurity health of the region’s 100 largest firms, revealed that 98% experienced breaches through external vendors over the past year. This alarming figure underscores the vulnerabilities posed by interconnected digital ecosystems.

Industry Disparities in Cybersecurity

While only 18% of the companies reported direct breaches, the prevalence of third-party incidents highlights hidden risks that could disrupt operations across multiple sectors. Security performance varied significantly by industry, with the transport sector standing out for its robust defenses. All companies in this sector received high cybersecurity ratings, reflecting strong proactive measures.

In contrast, the energy sector lagged behind, with 75% of firms scoring poorly, receiving cybersecurity grades of C or lower. Alarmingly, one in four energy companies reported direct breaches, further exposing their susceptibility to cyber threats.

Regional differences also emerged, with Scandinavian, British, and German firms demonstrating stronger cybersecurity postures. Meanwhile, French companies recorded the highest rates of third- and fourth-party breaches, reaching 98% and 100%, respectively.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard, stressed the importance of prioritizing third-party risk management. His remarks come as the EU prepares to implement the Digital Operational Resilience Act (DORA), a regulation designed to enhance the cybersecurity infrastructure of financial institutions.

“With regulations like DORA set to reshape cybersecurity standards, European companies must prioritise third-party risk management and leverage rating systems to safeguard their ecosystems,” Sherstobitoff stated in a media briefing.

Strengthening Cybersecurity Resilience

DORA introduces stricter requirements for banks, insurance companies, and investment firms to bolster their resilience against cyberattacks and operational disruptions. As organizations gear up for the rollout of this framework, addressing third-party risks will be crucial for maintaining operational integrity and adhering to evolving cybersecurity standards.

The findings from SecurityScorecard highlight the urgent need for EU businesses to fortify their digital ecosystems and prepare for regulatory demands. By addressing third-party vulnerabilities, organizations can better safeguard their operations and protect against emerging threats.

Read more »
Space Bear
Atos malware News Ransomware attack Space Bear

Atos Denies Ransomware Breach Allegations by Space Bears

French technology giant Atos has refuted claims by the ransomware group Space Bears that its systems were compromised, asserting that no evidence of a breach or ransom demand has been found. In a statement released on December 28, Atos clarified the results of its investigation, addressing concerns raised by the allegations.

“At this stage, the initial analysis shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to date,” the company stated.

Investigation and Clarifications

Although no compromise has been confirmed, Atos has deployed a dedicated cybersecurity team to thoroughly investigate the matter. The claims originated from Space Bears, a ransomware group with ties to Phobos Ransomware as a Service (RaaS). The group alleged that it had breached Atos' internal database and accessed sensitive data.

Atos clarified that the breach targeted “external third-party infrastructure, unconnected to Atos,” which “contained data mentioning the Atos company name but is not managed nor secured by Atos.”

The company emphasized its robust security operations, highlighting its global network of over 6,500 specialized cybersecurity experts and 17 next-generation security operations centers (SOCs) that operate around the clock to protect Atos and its customers.

“Atos has a global network of more than 6,500 specialized experts and 17 new-generation security operations centers (SOCs) operating 24/7 to ensure the security of the Group and its customers,” the statement emphasized.

Space Bears: A Rising Ransomware Threat

Space Bears, which emerged in April 2024, has gained notoriety for its sophisticated and aggressive extortion tactics. The group employs double extortion methods, encrypting victims’ data while threatening to release it publicly unless demands are met. Space Bears operates data leak sites on both the dark web and clearnet, leveraging tactics such as corporate imagery and “walls of shame” to maximize reputational damage.

The ransomware group has previously targeted organizations like Canadian software firm Haylem, orthophonics clinic Un Museau Vaut Mille Mots, and Lexibar, a language disorder provider. More recently, Space Bears claimed responsibility for attacks on Canada’s JRT Automatisation and India’s Aptus in December 2024.

While Atos maintains that no proprietary data, source code, or intellectual property was accessed, the company acknowledged the gravity of the situation. “We take such threats very seriously,” Atos affirmed.

This incident underscores the ever-evolving cyber threat landscape faced by multinational corporations and the growing sophistication of ransomware groups like Space Bears, highlighting the need for constant vigilance and robust cybersecurity measures.

Read more »
Subscribe to: Posts (Atom)