An Android vulnerability that was reportedly exploited as a zero-day by a Chinese application against millions of devices has been added to the known exploited vulnerabilities catalog maintained by the US Cybersecurity and Infrastructure Security Agency (CISA) after Google confirmed exploitation. Google said on March 21 that it had suspended the popular Chinese shopping application Pinduoduo on its app store after malware was discovered in versions of the app distributed through other websites. READ MORE...
After stealing around 10TB of data from Western Digital Corp., the computer drive manufacturer behind digital storage brand SanDisk, hackers are now negotiating a ransom payment within an eight-figure range, according to reports. The hackers claim to have control of the company's code-signing certificate, company executives' private numbers, SAP back-office data, and administrator access to the company's Microsoft Azure cloud instance. READ MORE...
As part of its ongoing invasion of Ukraine, Russian intelligence has once again enlisted the services of hacker group Nobelium/APT29, this time to spy on foreign ministries and diplomats from NATO-member states, as well as other targets in the European Union and Africa. The timing also dovetails with a spate of attacks on Canadian infrastructure, also believed to be linked to Russia. READ MORE...
Google on Friday released an emergency update for Chrome to address a zero-day security flaw. The vulnerability, tracked as CVE-2023-2033, can be exploited by a malicious webpage to run arbitrary code in the browser. Thus, surfing to a bad website with a vulnerable browser could lead to your device being hijacked. Exploit code for this hole is said to be circulating, and may well be in use already by miscreants. READ MORE...
Rorschach, a highly sophisticated ransomware strain, stands out most for its ability to encrypt data more quickly than other known strains and evade advanced security detection, according to ransomware researchers and experts. The first iteration of the ransomware strain, which was detected by Check Point and deemed the "fastest ever ransomware" last week, carries autonomous propagation capabilities when executed on a Windows domain controller. READ MORE...
The notorious LockBit ransomware group is apparently developing a piece of malware that can encrypt files on devices running Apple's macOS operating system. Researchers have analyzed the malware to determine how much of a threat it actually poses. MalwareHunterTeam reported on Sunday that they had come across what appeared to be the first macOS malware sample developed by a major ransomware group. READ MORE...
Accountants are being warned to be on their guard from malicious hackers, as cybercriminals exploit the rush to prepare tax returns for clients before the deadline of US Tax Day. US Tax Day, which falls on Tuesday April 18 this year, is the day on which income tax returns for individuals are due to be submitted to the government. Inevitably it's a busy time for accounting firms and bookkeepers who are feverishly collecting necessary documents from their clients. READ MORE...
You may have seen a worrying report of Artificial Intelligence (AI) being used in a virtual kidnapping scam. The AI was supposedly used to imitate the voice of an Arizona resident's daughter, who claimed to have been kidnapped. The daughter was safe and well elsewhere on a school trip. Unfortunately, with the daughter out of sight this just made the scam seem more believable. Was she actually on the trip, or kidnapped? READ MORE...
KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about "juice jacking," a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry about juice jacking. READ MORE...