Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behavior and secretly send sensitive user data to malicious servers in China. Researchers have discovered this infiltration. Their report shows that both spyware apps, namely File Recovery and Data Recovery (com.spot.music.filedate), with over 1 million installs, and File Manager (com.file.box.master.g
All Articles (1933)
Sort by
A hacker has created his own version of ChatGPT, but with a malicious bent: Meet WormGPT, a chatbot designed to assist cybercriminals. WormGPT’s developer is selling access to the program in a popular hacking forum, according to email security provider SlashNext, which tried the chatbot. “We see that malicious actors are now creating their own custom modules similar to ChatGPT, but easier to use for nefarious purposes,” the company said in a blog post.
WormGPT (Credit: Hacking forum)
It look
A vulnerability has been discovered in Adobe ColdFusion which could allow for arbitrary code execution. Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications. Successful exploitation of this vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts w
With his electric Kia EV6 running low on power, an EV driver pulled into a bank of fast-chargers near Terre Haute, Indiana, to plug in. As his car powered up, he peeked at nearby chargers. One in particular stood out. Instead of the businesslike welcome screen displayed on the other Electrify America units, this one featured a picture of President Biden pointing his finger, with an “I did that!” caption. It was the same meme the president’s critics started slapping on gas pumps as prices soa
With half of 2023 over, ransomware gangs have operated at a near-record profit, extorting more than $449 million from victims, according to blockchain research firm Chainalysis. The figure likely pales in comparison to the actual totals because the research only looks at cryptocurrency wallets being monitored by the firm. If the trends continue, ransomware groups are on pace to bring in nearly $900 million in 2023, only $40 million behind the peak of $939.9 million seen in 2021.
Chainalysis re
Since 2015, the PRC has passed or updated comprehensive national security, cybersecurity, and data privacy laws and regulations, expanding Beijing’s oversight of domestic and foreign (including US) companies operating within China. Beijing views inadequate government control of information within China and its outbound flow as a national security risk. These laws provide the PRC government with expanded legal grounds for accessing and controlling data held by US firms in China. US companies a
As part of a recently identified cyber operation, the cybersecurity investigators report that a Russia-linked threat actor known as RomCom has been targeting entities supporting Ukraine, including guests at the 2023 NATO Summit taking place July 11-12. The event takes place in Vilnius, Lithuania. The NATO Summit has on the agenda talks focusing on the war in Ukraine and new memberships in the organization, including Sweden and Ukraine.
RomCom attackers are spoofing trusted software solutions t
The co-founder and CEO of Binance, Changpeng Zhao, the world's largest centralized cryptocurrency exchange by trading volume, cleared the FUD (fear, uncertainty, doubt) making rounds online that the crypto empire is dumping Bitcoin to artificially bolster and stabilize the price of its native token Binance Coin (BNB).
Even before the US Securities and Exchange Commission filed 13 charges against Binance.US, Zhao, and other associated businesses, the crypto empire had been the subject of many spe
British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar. Earlier this week a British Crown Court lifted a reporting restriction, allowing the naming of a teenager who is accused of hacking Uber, Revolut, and video game developer Rockstar Games in a short period of time last September. The teen, who is now 18, has been deemed not fit to stand trial by medical professionals. The jury will decide whether he is liable for the hacking incidents rather than guilty of them.[1]
In mid-May 2023, TA453 - also known publicly as Charming Kitten, APT42, Mint Sandstorm, Yellow Garuda - sent a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The email solicited feedback on a project called “Iran in the Global Security Context” and requested permission to send a draft for review. The initial email also mentione
ZooTampa revealed it recently discovered a “cybersecurity incident” targeting its network environment. The zoo told local media it took immediate proactive security measures to mitigate the impact. “Upon detecting the incident, the Zoo took swift action and promptly engaged third-party forensic specialists to assist us with securing the network environment and investigate the extent of the unauthorized activity,” the zoo said in a statement.[1]
ZooTampa said it is also working with federal law
The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint cybersecurity advisory (CSA) regarding new Truebot malware variants that are being used against organizations in the United States and Canada.
Older versions of the Truebot malware variant were delivered via malicious phishing email attachments, the CSA expla
The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access and Living-off-the-Land (LotL) techniques for lateral movement. Another name for this threat is Van
Black Basta ransomware has made headlines for allegedly compromising high-profile European and North American organizations across a variety of industries, such as outsourcing, technology, and manufacturing. The history of Black Basta ransomware dates to at least April 2022, with a professional organizations company in the United States being one of its first victims. Since then, Black Basta has slowly expanded their operations, with the group allegedly compromising and stealing data from a US
A security alert was issued last Friday after a cyber-attack on the Election Commission of Pakistan (ECP). The electoral watchdog has urged all employees to take the necessary precautions in the wake of the situation. All ECP staff were ordered not to open emails which could possibly lead to precious data being leaked. The letter dated 6 July, titled “Cyber Security Alert” and written by the ECP Information Security Specialist who shared a screengrab of an email sent to an ECP official that a
If you have ever owned a domain name, the chances are good that at some point you have received a snail mail letter which appears to be a bill for a domain or website-related services. These misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Below, Krebs takes a look at the most recent details of this scam, DomainNetworks, and some clues about who may be behind it.
The DomainNetworks mailer may reference a d
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change,
Nickelodeon is respected by millions across the globe, but rumors are circulating on the Internet suggesting this popular children’s entertainment network has fallen victim to a significant data breach or leak. According to several Internet forums and tweets, approximately 500GB of data, including unreleased television shows, scripts, and other materials, have been compromised. Reportedly, Nickelodeon’s legal team has taken swift action, aggressively pursuing Digital Millennium Copyright Act (
EU Health Sector: Ransomware Accounts for 54% of Cybersecurity Threats
The European Union Agency for Cybersecurity (ENISA) released a report on 5 July with its first cyber threat landscape for the health sector. The report found that ransomware accounts for 54% of cybersecurity threats in the health sector.
The comprehensive analysis maps and studies cyberattacks, identifying prime threats, actors, impacts, and trends for a period of over 2 years, providing valuable insights for the healthcare
A new bill proposes to increase cybersecurity funding for rural water systems by $7.5 million dollars per year. It is not a lot of money for part of the critical infrastructure and is an insult to all taxpayers living in rural areas. The EPA budget for 2023 is nearly $12 billion. The bill was announced on 05 June 2023. “Congressman Don Davis (NC-01), along with Representatives Zachary Nunn (IA-03), Angie Craig (MN-02), and Abigail Spanberger (VA-07), members of the US House Committee on Agri
