Shortly before the unveiling of the Redmi Note 14 series, new information continues to emerge. The GeekFeed team has spotted the Redmi Note 14 Pro 5G and POCO X7 in the IMEI database. Both smartphones will have similar specifications. This suggests that the POCO X7 is a rebranded Redmi Note 14 Pro 5G. Of course, there will […]
A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new “issue” on an open source repository falsely claiming that the project contains a “security vulnerability” and urges […]
Internet intelligence firm GreyNoise reports that it has been tracking large waves of “Noise Storms” containing spoofed internet traffic since January 2020. However, despite extensive analysis, it has not concluded its origin and purpose. These Noise Storms are suspected to be covert communications, DDoS attack coordination signals, clandestine command and control (C2) channels of malware operations, or the result […]
A joint law enforcement operation has dismantled an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of 483,000 victims worldwide. The global operation, codenamed “Operation Kaerb,” began in 2022 after Europol received information from cybersecurity firm Group-IB, which contributed to identifying the victims and the criminals behind […]
Google announced that starting today, passkeys added to Google Password Manager will automatically sync between Windows, macOS, Linux, Android, and ChromeOS devices for logged-in users. Passkeys, which use biometric authentication such as fingerprints, facial recognition, or screen locks, provide a more secure and convenient alternative to traditional passwords, significantly reducing the risk of data breaches. […]
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. Tracked as CVE-2024-8963, this admin bypass vulnerability is caused by a path traversal weakness. Successful exploitation allows remote unauthenticated attackers to access restricted functionality on vulnerable CSA systems (used as gateways to provide enterprise users secure […]
The Tor Project is attempting to assure users that the network is still safe after a recent investigative report warned that law enforcement from Germany and other countries are working together to deanonymize users through timing attacks. The team behind the specialized web browser claims that adequate protections are in place for those using the […]
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. The flaw, tracked as CVE-2024-27348 and rated critical (CVSS v3.1 score: 9.8), is an improper access control vulnerability that impacts HugeGraph-Server versions from 1.0.0 and up to, […]
Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. The two defendants, 20-year-old Malone Lam (aka “Greavys,” “Anne Hathaway,” and “$$$”) and 21-year-old Jeandiel Serrano (aka “Box,” “VersaceGod,” and “@SkidStar”) were arrested Wednesday night by FBI agents and appeared […]
Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. DAVE was created with the help of cybersecurity experts at Trail of Bits, that also audited the E2EE system’s code and implementation. The new system will cover one-on-one audio and video calls […]
