Technology

Nov 18, 2024Ravie LakshmananVulnerability / Website Security A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both

Oppo Reno 13 series will launch in China soon. The company has announced the launch date of the lineup in the country. It has also revealed the smartphones’ design, RAM and storage configurations, and a single colourway. The series is expected to comprise a base model and a Pro variant, which will succeed the Oppo Reno

Nov 15, 2024The Hacker NewsWebinar / Cyber Security In the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting security, customer confidence, and business continuity. Are you prepared to act swiftly when the unexpected happens? Join DigiCert’s exclusive webinar, “When

Meta Platforms Inc. was hit with a €798 million ($841 million or roughly Rs. 7,100 crore) fine by European Union regulators by tying its Facebook Marketplace service to the social network, the US tech giant’s first ever penalty for EU antitrust violations. In a groundbreaking decision, the European Commission ordered Meta to stop tying its classified-ads

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind

Baidu unveiled its Xiaodu AI Glasses in China on Tuesday. The Chinese tech giant introduced the AI-integrated smart glasses in China and it is reportedly equipped with an AI assistant that can perform several tasks for users. The Xiaodu AI Glasses are said to weigh 45g and feature a 16-megapixel ultrawide camera along with a four-microphone

Nov 16, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from

Smartphone shipments in India grew by 5.6 percent year on year (YoY) and the number of handsets shipped in the country rose to 46 million units, according to data from the International Data Corporation’s (IDC). Apple saw its market share rise to 8.6 percent, up from 5.7 percent in Q3 2023. Other smartphone makers that recorded

Nov 15, 2024Ravie LakshmananCyber Espionage / Malware Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at

Samsung is expected to unveil its Galaxy S25 series in the first half of next year. Several reports have claimed that all models in the Galaxy S25 lineup will pack the new Snapdragon 8 Elite chipset. A new Geekbench listing offers some proof that the leaks could be right. An alleged Korean variant of the vanilla Galaxy S25 has

Nov 15, 2024Ravie LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have disclosed two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. “By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to

Google is working on a new feature that could protect a user’s privacy while using apps that ask for their email address, according to a report. Strings of code spotted in one of the company’s applications reveal that a feature called Shielded Email is currently in development, and it could allow users to share email

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion

Xiaomi is working on a pair of smart glasses that offer support for features backed by artificial intelligence (AI) in collaboration with Apple supplier Goertek, according to a report. Other firms like Meta, Snap, and Baidu have either launched or unveiled glasses equipped with cameras, and Xiaomi’s purported wearable is also expected to offer similar

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000)

Apple released Final Cut Pro 11, the successor to the Final Cut Pro X, on Wednesday. The video editing app for Mac devices has received new artificial intelligence (AI) features as well as the capability to edit spatial videos. This major update introduces features such as Magnetic Mask, Transcribe to Captions, and tools to edit

Nov 14, 2024Ravie LakshmananMalware / Vulnerability A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to

Red Magic 10 Pro+ and Red Magic 10 Pro were launched in China as the latest gaming-focused smartphones from ZTE sub-brand Nubia. Both models have similar internals, aside from the battery and charging speeds. They run on a Snapdragon 8 Elite “Extreme Edition” version paired with up to 24GB of RAM and 1TB of internal

Nov 13, 2024Ravie LakshmananThreat Intelligence / Cyber Espionage A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said

Google recently announced the expansion of its flood forecasting system that is based on artificial intelligence (AI). The search giant will now cover 100 countries and offer riverine flood forecasting to a global population of 700 million people. The company is also offering researchers and partners its datasets to better understand its systems and benefit from the