featured Archives - Page 4 of 72 - Cyber Security Minute

Microsoft disables online Windows App Installer after attackers abuse it

Issued by: CSO Online

Microsoft has disabled the App Installer functionality that allowed Windows 10 apps to be installed directly from a web page by clicking on a link that used the ms-appinstaller URI scheme. This functionality has been heavily abused in recent months by different threat actors to deploy ransomware and other malicious implants. “Threat actors have likely…

News

Russian Military Intelligence Blamed for Blitzkrieg Hacks

Issued by: DataBreach Today

Ukrainian cyber defenders report that fast-acting Russian military intelligence hackers have been targeting government agencies as well as organizations in Poland using backdoor malware tied to phishing lures based on a fake letter from the Ukrainian deputy prime minister. The Computer Emergency Response Team of Ukraine on Thursday detailed a spear-phishing campaign that it has…

Mobile Security

Xamalicious Android malware distributed through the Play Store

Issued by: Security Affairs

McAfee Mobile Research Team discovered a new Android backdoor dubbed Xamalicious that can take full control of the device and perform fraudulent actions. The malware has been implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#. Xamalicious relies on social engineering to gain accessibility privileges, then it…

News

Kazakhstan to Extradite Russian Hacker to Moscow

Issued by: DataBreach Today

A Russian man accused by the United States of trafficking in a hacked database of online credentials will apparently evade American courts after the Russian government said it had succeeded in extraditing him. Russian prosecutors said authorities in Kazakhstan will transfer the man, Nikita Kislitsin, to face charges related to an October 2022 hacking incident…

Malware & Threats

Chameleon Android Malware Can Bypass Biometric Security

Issued by: SecurityWeek

Active since early 2023, the malware initially targeted mobile banking applications in Australia and Poland, but has since expanded its reach to the UK and Italy. When initially uncovered, ThreatFabric explains, Chameleon used multiple loggers, had limited malicious functionality, and contained various unused commands, suggesting that it was still under development. Employing a proxy feature…

Network Security

SimSpace Scores $45 Million Investment to Expand Cyber Range Tech Markets

Issued by: SecurityWeek

The company said the new equity round was led by L2 Point Management and brings the total raised to $70 million. SimSpace is marketing a so-called “Cyber Force Platform” that provides technology for organizations to stand up pre-defined or customized cyber range simulations that are secure and scalable “SimSpace’s internal threat intelligence teams and partners,…

Malware & Threats

A Suspected Cyberattack Paralyzes the Majority of Gas Stations Across Iran

Issued by: SecurityWeek

Nearly 70% of Iran’s gas stations went out of service on Monday following possible sabotage — a reference to cyberattacks, Iranian state TV reported. The report said a “software problem” caused the irregularity in the gas stations. It urged people not to rush to the stations that were still operational. Israeli media, including the Times…

Malware & Threats

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

Issued by: Dark Reading

Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java applications. Developers can use it to build modular Web applications based on what is known…

Application Security

New AI Safety Initiative Aims to Set Responsible Standards for Artificial Intelligence

Issued by: SecurityWeek

The new AI Safety Initiative has attracted participation from tech heavyweights Microsoft, Amazon and Google OpenAI and Anthropic and plans to work on tools, templates and data for deploying AI/LLM technology in a safe, ethical and compliant manner. “The AI Safety Initiative is actively developing practical safeguards for today’s generative AI, structured in a way…

Malware & Threats

Toyota Financial Services discloses a data breach

Issued by: Security Affairs

Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now been informed. Toyota Kreditbank’s systems have been gradually restarted since December 1st.” reads a statement published by…