Tag: technews

New Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force BrutePrint uses two zero-day vulnerabilities in the smartphone fingerprint authentication framework to brute force fingerprints on smartphones to bypass user authentication and seize control of the devices. Researchers have discovered an inexpensive attack technique called BrutePrint that can be leveraged to brute-force passwords and steal control…

Sneaky DogeRAT Trojan Pretends to Be Popular Apps, Targets A new Android trojan called DogeRAT has been found in the App Store. Once installed, it gains unwarranted access to sensitive data, including contacts, messages, and banking credentials. According to a report by cybersecurity firm CloudSEK, the malware can be found in several popular apps including…

APT Group Leverages TelePowerBot and KamiKakaBot in Sophistic The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023.Dark Pink, also called Saaiwc Group, is an advanced persistent threat (APT) actor believed to be of…

6 Steps to Safeguard Critical Assets and Fight Cybercrime: Effectively Threat Hunting This article offers an explanation of threat hunting. It is gathering evidence that a threat is materializing. But with effective threat hunting, you can keep bad actors from wreaking havoc on your organization. Protect your organization from costly cybercrime with the latest comprehensive…

Apple macOS Vulnerability Allowing SIP Protection Bypass Details Critical Microsoft Now patched, a flaw exists in Apple macOS that allows attackers with root access to bypass security enforcements and perform arbitrary actions on affected devices. The problem arises from a flaw in systemmigrationd, a daemon used to handle device transfer. It enables any of its…

How to Protect Your Salesforce Community from Ghost Sites In a new report, security firm Varonis warns enterprises that poorly deactivated and abandoned Salesforce Sites and Communities could pose severe risks to organizations, leading to unauthorized access to sensitive data. Such sites are often referred to as ghost sites because they are left lying around…

Critical Firmware Vulnerability in Gigabyte Systems Exposes Millions of Devices Researchers have found backdoor-like behavior within Gigabyte systems, which enables the UEFI firmware to drop a Windows executable and retrieve updates in an unsecure format. According to The Hacker News, the utility allows attackers to launch malicious code into the firmware and then download and…

ChatGPT Is Excluding Non-English Languages from the AI Revolution Not every American speaks a language, and not every English speaker, but the dominance of English in global commerce is real. That’s why non-English speakers are punished professionally. Pascale Fung would like to see AI change that, not further reinforce the primacy of English. She’s part…

A Romance Comedy Film Featuring a Rat Using Deceptive Web Sites to Launch Covert Attacks The threat actors behind the RomCom RAT have been using a network of fake websites advertising rogue versions of popular software to infiltrate targets. The remote access trojan has since been used heavily in attacks targeting Ukrainian state and military…

Barracuda Email Security Gateway 0-Day Flaw Alert: Hackers Expl Barracuda, an enterprise security company, has patched a flaw that allows attackers to backdoor its Email Security Gateway (ESG) appliances since October 2022. It previously patched the flaw, CVE-2023-2868, on May 19, 2023. In an updated advisory, Barracuda explains how Deception can detect advanced threats, stop…