A massive Magniber ransomware campaign is underway, encrypting home users’ devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. Magniber launched in 2017 as a successor to the Cerber ransomware operation when it was spotted being distributed by the Magnitude exploit kit. Since then, the ransomware operation has seen bursts of activity over the years, with […]
A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. The discovery comes from a team of researchers from the Graz University of Technology who demonstrated the attack on Linux kernel versions 5.9 and 6.2 (latest) using […]
A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. Also tracked as Evasive Panda, Daggerfly, and StormCloud, this cyber-espionage group has been active since at least 2012, targeting organizations across mainland China, Hong Kong, Macao, Nigeria, and various Southeast and East Asian countries. On […]
The U.S. Department of Justice has filed a lawsuit against popular social media platform TikTok and its parent company, ByteDance, alleging widespread violations of children’s privacy laws. This lawsuit alleges that TikTok collected personal information from children under 13 without parental consent, violating the Children’s Online Privacy Protection Act (COPPA). Since 2019, TikTok has also […]
Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner’s account at the DNS provider or registrar. In a Sitting Ducks attack, cybercriminals exploit configuration shortcomings at the registrar level and insufficient ownership verification at DNS providers. Researchers at DNS-focused security vendor Infoblox […]
A Facebook malvertising campaign targets users searching for AI image editing tools and steals their credentials by tricking them into installing fake apps that mimic legitimate software. The attackers exploit the popularity of AI-driven image-generation tools by creating malicious websites that closely resemble legitimate services and trick potential victims into infecting themselves with information stealer […]
A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble that previously allowed you to drag and drop downloaded files onto any website or tab in the browser. Google Chrome’s downloads menu originally appeared in a bar at the bottom of the browser, but this changed last year when it was replaced […]
AI here, AI there… Today, you can find at least one useful tool with AI at every stage of photo, audio, and video production. It can boost your creativity, handle routine tasks, or speed up the basic workflow. It’s always amazing to see what modern technology can do, literally synthesizing “new” material from vast amounts […]
A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. Zimperium researchers discovered the operation and have been tracking it since February 2022. They report finding at least 107,000 distinct malware samples associated with the campaign. The cybercriminals are motivated […]
A malicious fraud campaign dubbed “ERIAKOS” promotes more than 600 fake web shops through Facebook advertisements to steal visitors’ personal and financial information. The sites promote products from well-known brands and include significant discounts to draw in visitors but are only accessible via mobile devices to evade detection by security scanners. Recorded Future discovered the […]
