Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Social Media threats. Show all posts
trending cybersecurity news
Data threats malware News Palo Alto Networks' Unit 42 research Phising Attacks Social Media threats trending cybersecurity news

Cybercriminals Leverage LLMs to Generate 10,000 Malicious Code Variants

Cybersecurity researchers are raising alarms over the misuse of large language models (LLMs) by cybercriminals to create new variants of malicious JavaScript at scale. A report from Palo Alto Networks Unit 42 highlights how LLMs, while not adept at generating malware from scratch, can effectively rewrite or obfuscate existing malicious code.

This capability has enabled the creation of up to 10,000 novel JavaScript variants, significantly complicating detection efforts.

Malware Detection Challenges

The natural-looking transformations produced by LLMs allow malicious scripts to evade detection by traditional analyzers. Researchers found that these restructured scripts often change classification results from malicious to benign.

In one case, 88% of the modified scripts successfully bypassed malware classifiers.

Despite increased efforts by LLM providers to impose stricter guardrails, underground tools like WormGPT continue to facilitate malicious activities, such as phishing email creation and malware scripting.

OpenAI reported in October 2024 that it had blocked over 20 attempts to misuse its platform for reconnaissance, scripting, and debugging purposes.

Unit 42 emphasized that while LLMs pose significant risks, they also present opportunities to strengthen defenses. Techniques used to generate malicious JavaScript variants could be repurposed to create robust datasets for improving malware detection systems.

AI Hardware and Framework Vulnerabilities

In a separate discovery, researchers from North Carolina State University revealed a side-channel attack known as TPUXtract, which can steal AI model hyperparameters from Google Edge Tensor Processing Units (TPUs) with 99.91% accuracy.

The attack exploits electromagnetic signals emitted during neural network inferences to extract critical model details. Although it requires physical access and specialized equipment, TPUXtract highlights vulnerabilities in AI hardware that determined adversaries could exploit.

Study author Aydin Aysu explained that by extracting architecture and layer configurations, the researchers were able to recreate a close surrogate of the target AI model, potentially enabling intellectual property theft or further cyberattacks.

Exploiting AI Frameworks

Morphisec researchers disclosed another AI-targeted threat involving the Exploit Prediction Scoring System (EPSS), a framework used to evaluate the likelihood of software vulnerabilities being exploited.

By artificially boosting social media mentions and creating GitHub repositories with placeholder exploits, attackers manipulated EPSS outputs.

This resulted in the exploitation likelihood for certain vulnerabilities increasing from 0.1 to 0.14 and shifting their percentile ranking from the 41st to the 51st percentile.

Ido Ikar from Morphisec warned that such manipulation misguides organizations relying on EPSS for vulnerability management, enabling adversaries to distort vulnerability assessments and mislead defenders.

The Double-Edged Sword of Generative AI

While generative AI offers significant potential for bolstering cybersecurity defenses, its misuse by cybercriminals presents a formidable threat.

Organizations must:

  • Invest in advanced AI-driven detection systems capable of identifying obfuscated threats;
  • Implement robust physical security measures to protect AI hardware from side-channel attacks;
  • Continuously monitor and validate AI framework outputs to mitigate manipulation risks.

As adversaries innovate, businesses and researchers must push their operations to stay ahead, leveraging the same AI advancements to fortify their defenses.

Read more »
Social Media threats
Account Hack account protection Cyber Security Fake Accounts Google Account online account security Social Media threats

Avoiding Social Media Scams When Recovering a Locked Gmail Account

 

Losing access to your Gmail account can be a frightening experience, especially given that Gmail is deeply integrated into the online lives of more than 2.5 billion users globally. Unfortunately, the popularity of Gmail has also attracted scammers who exploit users seeking help after being locked out of their accounts. These attackers wait for users to post their issues publicly on social media platforms, particularly X (formerly Twitter). They pose as helpful people or even official support agents, suggesting that they can help users recover their accounts. By using fake accounts that appear credible, they deceive users into sharing personal information or even paying money under the guise of assistance. 

Engaging with these fake accounts is risky, as scammers may ask for payment without helping or, worse, obtain the victim’s login credentials, gaining full access to their accounts. In the initial panic of losing an account, people often turn to social media for immediate help. This public search for help exposes them to a swarm of scammers using automated bots to detect posts about lost accounts. These bots then direct users to supposed “support agents” who, in reality, are fraudsters attempting to capitalize on the vulnerability of those locked out of their accounts. Victims may be asked to pay for a recovery service or provide personal details, like account passwords or two-factor authentication codes. 

Often, the scammers promise assistance but deliver none, leaving users at risk of both financial loss and further account compromise. In some cases, attackers use these interactions to access the victim’s Gmail credentials and take over not just the email but other connected Google services, leading to a much larger security breach. While the need for quick support is understandable, it’s essential to avoid turning to public platforms like X or Facebook, which can make users easy targets. Instead, Google has official account recovery methods to retrieve locked accounts safely. The company provides a structured recovery process, guiding users through steps that don’t involve sharing details with strangers. This includes using backup email addresses or two-factor authentication to regain access. 

Additionally, Google has an official support community where users can discuss issues and seek guidance in a more secure environment, reducing the likelihood of encountering scammers. By following these steps, users can regain access to their accounts without exposing themselves to further risk. Even in stressful situations, staying cautious and using verified recovery options is the safest course. Publicly seeking help with sensitive matters like account access opens doors to fraudsters who thrive on desperation. Taking time to verify recovery resources and avoiding social media platforms for assistance can help users avoid falling victim to predatory scams. By following Google’s secure processes, users can ensure the safety of their accounts and keep their personal information secure.
Read more »
Technology Threats
Chinese App Ban Cyberspace India Social Media threats Technology Technology Threats

MCA to Strike Off 400 Chinese Companies for Fraud in India

 

The Ministry of Corporate Affairs (MCA) is preparing to strike off as many as 400 Chinese companies operating in India due to severe financial irregularities and incorporation-related fraud. These companies, which primarily deal in online loans and job services, are spread across 17 states, including key areas such as Delhi, Mumbai, Chennai, Bengaluru, Uttar Pradesh, and Andhra Pradesh. According to a report by Moneycontrol, which cited an anonymous government official, the action is expected to be completed within the next three months. 

The MCA has been investigating nearly 600 Chinese companies, focusing on those involved in digital lending and online job platforms. The official stated that the investigation phase has concluded, revealing that 300 to 400 of these companies are likely to be struck off the register. 

The primary reasons for this drastic action include predatory lending practices, financial fraud, and violations of India’s financial regulations. These Chinese companies have come under scrutiny for a variety of reasons. Many of them have been accused of engaging in aggressive tactics to recover loans, imposing exorbitant interest rates on borrowers, and resorting to harassment. 

Additionally, several companies have been found to have Indian directors but operate with Chinese bank accounts, with no recorded financial transactions in India. This has raised suspicions of money laundering and other financial crimes. Furthermore, some companies were not found at their registered office addresses, while others were discovered to be investing in businesses unrelated to their stated purpose, further indicating potential financial fraud. 

Under Section 248 of the Companies Act, the process of striking off a company from the register takes approximately three months. The MCA first issues a notice to the company, allowing time for a response. If the company fails to respond, a second notice is sent after one month. Should there be no reply even then, the company is removed from the register.  

This sweeping action by the MCA underscores the Indian government’s ongoing efforts to regulate the digital lending space and ensure financial transparency, particularly in light of the growing concerns around the proliferation of predatory lending apps in the country.
Read more »
Web Servers
Authetication Data Breach Game Developer Gaming Gaming Community Private Data Social Media threats Video Games Web Servers

Insomniac Games Cybersecurity Breach

A cyberattack has compromised the prestigious game company Insomniac Games, exposing private data without authorization. Concerns over data security in the gaming business have been raised by this hack, which has spread throughout the community.

Targeting Insomniac Games, the company behind the well-known Spider-Man series, the cyberattack was purportedly executed by a gang going by the name Rhysida. Fans and the gaming industry were left in a state of anticipation and fear as the hackers obtained access to a treasure mine of data, including secret footage of new projects like Wolverine.

The leaked information not only included sneak peeks into future game developments but also internal data that could compromise the studio's operations. The gravity of the situation prompted a rallying of support for Insomniac Games from both the gaming community and industry professionals.

Amid the chaos, cybersecurity experts have been quick to emphasize the importance of robust security measures in an era where digital attacks are becoming increasingly sophisticated. This incident serves as a stark reminder that even major players in the gaming industry are vulnerable to cyber threats.

Insomniac Games responded promptly to the breach, acknowledging the incident and assuring fans that they are taking necessary steps to address the issue. The studio urged users to remain vigilant and promptly report any suspicious activities related to their accounts.

The gaming community, known for its passionate fanbase, has shown solidarity with Insomniac Games in the wake of the cyberattack. Messages of support have flooded social media platforms, emphasizing the need for collective efforts to combat cyber threats and protect the integrity of the gaming industry.

As the situation unfolds, industry leaders and policymakers are likely to scrutinize the incident to enhance cybersecurity protocols across the gaming landscape. The hack serves as a wake-up call for developers and publishers to invest in cutting-edge security measures to safeguard intellectual property and user data.

Leaders in the industry and legislators will probably be closely examining the incident as it develops to improve cybersecurity practices in the gaming sector. Developers and publishers should take note of this hack and invest in state-of-the-art security solutions to protect user data and intellectual property.

The recent hack on Insomniac Games serves as a reminder that even the biggest names in the gaming business are susceptible to online attacks. The aftermath of this disaster calls for the gaming community as a whole to prioritize cybersecurity in addition to data security. One thing is certain as the gaming industry struggles with the fallout from this breach: protecting digital assets is critical to the business's long-term viability and public confidence.
Read more »
User Privacy
Click Bait Digital Platform Misinformation Phising Attacks Privacy Reddit Social Media Apps Social Media threats User Privacy

Reddit to Pay Users for Popular Posts

Reddit, the popular social media platform, has announced that it will begin paying users for their posts. The new system, which is still in its early stages, will see users rewarded with cash for posts that are awarded "gold" by other users.

Gold awards are a form of virtual currency that can be purchased by Reddit users for a fee. They can be given to other users to reward them for their contributions to the platform. Until now, gold awards have only served as a way to show appreciation for other users' posts. However, under the new system, users who receive gold awards will also receive a share of the revenue generated from those awards.

The amount of money that users receive will vary depending on the number of gold awards they receive and their karma score. Karma score is a measure of how much other users have upvoted a user's posts and comments. Users will need to have at least 10 gold awards to cash out, and they will receive either 90 cents or $1 for each gold award.

Reddit says that the new system is designed to "reward the best and brightest content creators" on the platform. The company hopes that this will encourage users to create more high-quality content and contribute more to the community.

However, there are also some concerns about the new system. Some users worry that it could lead to users creating clickbait or inflammatory content to get more gold awards and more money. Others worry that the system could be unfair to users who do not have a lot of karma.

One Reddit user expressed concern that the approach will lead users to produce content of poor quality. If they know they can make money from it, people are more likely to upload clickbait or provocative stuff.

Another Reddit member said that users with low karma may be treated unfairly by the system. According to the user, "Users with more karma will be able to profit more from the system than users with less karma." This will make users with lower karma less likely to produce high-quality content, which is unjust.

Some of the issues raised by the new method have been addressed by Reddit. According to the corporation, it will actively monitor the system to make sure users aren't producing low-quality content to increase their gold medal total. In addition, Reddit states that it will endeavor to create a system that is equitable to all users, regardless of karma.

According to a Reddit spokesman, "We understand that there are some concerns about the new system. We are dedicated to collaborating with the community to make sure that the system is just and that it inspires users to produce high-quality content."

The platform has undergone a dramatic change as a result of Reddit's new strategy of compensating users for popular postings. The system's actual functionality and whether it will improve the platform's content quality have still to be determined. Reddit is devoted to advancing and inventing, as evidenced by the declaration of the new system.
Read more »
Unauthorized access
malware Online Gaming Phishing Attacks Private Data Social Media threats Unauthorized access

Hackers Infect Call of Duty Players with Self-Spreading Malware


Hackers have recently been discovered abusing Call of Duty players with a self-propagating software attack, raising serious concerns among the gaming community. This malicious activity, which security researchers have uncovered, has aroused concerns since it may compromise user data and interfere with gaming activities. 

Cybercriminals have reportedly been targeting Call of Duty users with a self-spreading malware strain, according to TechCrunch. The malware is made to fast propagate from one player to another by using the game's connected network infrastructure as a distribution channel. Unsuspecting players engage with the virtual environment, and the malware stealthily infiltrates their computers, potentially allowing illegal access to private data.

Particularly sneaky is the malware's method of dissemination. When playing online games with other infected individuals or taking part in shared gameplay events, players frequently become infected without being aware of it. Players who have been infected by the malware multiply exponentially as it spreads through in-game social interactions, which broadens the threat's reach and impacts.

Since this problem is so serious, numerous cybersecurity companies and gaming communities have responded. In order to stop and stop the spread of malware, researchers from reputable security groups have been actively examining the behavior of the malware. The malware is highly versatile and challenging to entirely eradicate because of its self-propagating nature, which presents challenges.

Players of Call of Duty and the game industry as a whole could face serious dangers. Personal information, including login credentials, payment information, and other sensitive details, is vulnerable to exploitation after it has been compromised. The malware's presence can also have a negative effect on the gaming experience by causing latency, crashes, or unapproved access to in-game resources.

Security professionals advise players to exercise caution and take the appropriate safety measures to protect their systems. The chance of infection can be reduced by upgrading antivirus software often, using secure passwords, and keeping an eye out for shady in-game activities.

The issue is being actively addressed by gaming firms and platform suppliers as well. In order to put in place practical solutions that can identify and stop the spread of malware in real-time, they are stepping up security precautions and working with cybersecurity professionals.

Players must be aware of any threats in this situation, as well as stay current on the most recent information from reliable sources about current events. A primary goal for the gaming business and its devoted community must be maintaining player safety and security as the gaming landscape changes.
Read more »
User Privacy
BBC Meta Phishing Attacks Privacy Social Media threats User Privacy

Meta Responds to User Complaints by Introducing Feeds for Threads

Meta, the parent company of social media giant Facebook, has recently revealed its plans to introduce feeds for Threads, a messaging app designed for close friends. This move comes in response to user complaints about the lack of a central content hub and the need for a more streamlined user experience. The company aims to enhance the app's functionality and provide a more engaging platform for users to connect and share content.

According to reports from BBC News, Meta's decision to introduce feeds for Threads follows numerous user complaints regarding the app's limited capabilities and disjointed user interface. Users have expressed their desire for a central hub where they can view and interact with content shared by their friends, similar to the experience offered by other social media platforms. Responding to this feedback, Meta plans to incorporate feeds into Threads to address these concerns and improve the overall user experience.

In an official statement, Meta spokesperson Jonathan Anderson stated, "We have taken note of the feedback we received from Threads users. We understand the importance of creating a cohesive and engaging environment for our users, and we are actively working on implementing feeds within the app. This will allow users to easily navigate and interact with the content shared by their friends, enhancing their overall experience on Threads."

The addition of feeds to Threads is expected to offer several benefits to users. It will provide a central content hub where users can view and engage with posts, photos, and videos shared by their friends. This new feature aims to foster a sense of community and encourage more active participation within the app. Moreover, the inclusion of feeds will enable users to stay up-to-date with the latest content from their close friends without having to navigate through multiple screens or individual conversations.

Meta's decision to address user feedback and enhance Threads aligns with the company's ongoing efforts to improve user satisfaction and retain a competitive edge in the social media landscape. By implementing feeds within the app, Meta aims to offer a more intuitive and enjoyable user experience, attracting and retaining users who value close-knit connections and personalized content sharing.

While Meta has not disclosed a specific timeline for the release of feeds on Threads, users can anticipate an update in the near future. The company remains committed to actively listening to user feedback and implementing changes that enhance the functionality and usability of its platforms.

Read more »
User Security
Cyber Security Data Theft Social Media threats UAE User Privacy User Security

UAE's Sincere Efforts to Combat Cybercrime

 

The Abu Dhabi Judicial Department (ADJD) held an awareness-raising lecture on "Cybercrime and its Dangers to Society" in conjunction with "Majalis" Abu Dhabi at the Citizens and Community Affairs Office of the Presidential Court as part of its initiatives to foster legal awareness among the constituents of society in order to ensure their protection and to shield them from the risks conveyed by crimes involving the use of contemporary technologies and social media. 

The lecture, delivered by Chief Prosecutor Dr. Abdulla Hamad Al Mansouri, covered the nature and definition of cybercrime, the risks of cyber-extortion, and the legal sanctions. The lecturer also concentrated on the reasons and circumstances that cause members of society to fall victim to cyber-extortionists and provided a number of useful examples drawn from actual prosecution cases. 

In accordance with the terms of Federal Decree-Law No. 34 of 2021 on Combating Rumors and Cybercrime, Dr. Al Mansouri covered the dangers linked with the exploit of social media networks and the responsibility of users. On January 2, 2022, the Federal Decree Law No. 34 of 2021 on Combating Rumors and Cybercrimes went into effect.

It aims to increase protection against online crimes committed using networks, platforms, and information technology. Additionally, it aims to protect the databases and websites of the UAE's government, stop the spread of rumours and false information, protect against electronic fraud, and uphold individual rights and privacy. 

The Abu Dhabi Judicial Department has previously drawn attention to the risks posed by cybercrime. In order to ensure the defence and safety of society from crimes utilising modern technologies, particularly through the pervasive use of social media, the ADJD organised two lectures on "Cybercrime and its Risks to Society" in July of last year. One occasionally comes across news of people who fall prey to online predators or scammers; even children are a target of these crimes. 

The Dubai Police General HQ has urged the public to use social media platforms responsibly and to be on the lookout for online scammers and cybercriminals. These statements were made by Expert Major General Khalil Ibrahim Al Mansouri, Assistant Commander-in-Chief for Criminal Investigation Affairs at Dubai Police, as he discussed Operation "Shadow," which was carried out nearly three years ago and resulted in the arrest of 20 African gangs for extortion crimes against social media users and for blackmailing and cyber extortion. He added that the police had detained a married couple who had fooled users of social media by pretending to be a domestic helper recruitment agency. 

The world's largest trade fair for safety, security, and fire protection, Intersec 2023, will take place over 47,000 square metres at the Dubai World Trade Center from January 17 to 19, and the Dubai Electronic Security Centre (DESC), which works to ensure the emirate becomes a leader in cybersecurity and the protection of information from external cyber threats, has been named the official government partner. 

At Intersec's Cyber Security sector, specialists in the public and private sectors, national leaders, advisors, economists, and corporate buyers will be present. According to Dr. Bushra Al Blooshi, Head of Research & Innovation at DESC, "Given the rapidly developing technology of today, cybersecurity is an absolute necessity for businesses, especially with remote working culture and digital transformation."
Read more »
Subscribe to: Posts (Atom)