Technology

Jan 01, 2024NewsroomEncryption / Network Security Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection’s security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the

Messaging apps like WhatsApp, Signal and others have long had an option to share your location with your contacts. It’s a quick way to let your friends and family know where you are or send them your live location to help them navigate. Now, Google is also bringing real-time location sharing natively on the Maps

Jan 01, 2024NewsroomWindows Security / Vulnerability Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach “leverages executables commonly found

OnePlus Ace 3, which is expected to be the successor to the OnePlus Ace 2, will debut in China on January 4. The company has confirmed that the phone will be offered in three colour options. The phone is scheduled to launch globally, as well as in India, as the OnePlus 12R on January 23. In several teasers on a microblogging

Jan 01, 2024NewsroomMalware / Dark Web A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment

Poco X6 series is confirmed to debut in India soon with a base Poco X6 and a Poco X6 Pro model. The phones have officially been teased ahead of their launch. They have previously been reported to be listed on certification sites. A new report now shows leaked renders of the handsets which show their

The ever-changing landscape of the smartphone industry in India is always surprising. This year, there have been plenty of changes and several newcomers in some segments to make for a very interesting mix of devices for eager buyers to choose from. While most regulars like Xiaomi and Realme have seen a handful of launches in

Samsung Galaxy S24 series is expected to launch soon. Ahead of the rumoured launch, several leaks, renders, and other details regarding the phones have surfaced online in the last couple of weeks. The lineup will most likely include a Galaxy S24, Galaxy S24+, and the Galaxy S24 Ultra. Several leaks have suggested that the upcoming

Dec 30, 2023NewsroomCryptocurrency / Phishing Scam Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. “These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto

Tecno Spark 20 Pro+ has been officially listed online. Earlier this month, the company had confirmed that the new phone would in launched in January. Along with a launch timeline, Tecno also revealed certain key specifications of the handset. The Spark 20 Pro+ will join the Spark 20 lineup, which includes the Spark 20C, Spark

Dec 27, 2023NewsroomPrivacy / App Security A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it’s developed using an open-source mobile app framework called Xamarin and

Oppo Reno 11 series could soon make its way to the Indian market. According to a tipster, the Oppo Reno 11 and Reno 11 Pro will probably launch in India as soon as next week. The phones have already been made official in China. Although Oppo hasn’t given any details on the India launch of

Dec 27, 2023NewsroomZero-Day / Email Security Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a “limited number” of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library Spreadsheet::ParseExcel

Dec 27, 2023NewsroomZero-Day / Vulnerability A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070,

Dec 28, 2023NewsroomMalware / Cyber Threat A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. “This malware is a loader with

Dec 28, 2023NewsroomSpyware / Hardware Security The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as

Dec 28, 2023NewsroomCloud Security / Data Protection Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. “An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required

Dec 29, 2023NewsroomMalware / Endpoint Security Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware

Dec 29, 2023NewsroomMalware / Cyber Threat Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky.

Dec 29, 2023NewsroomEmail Security / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25,