Technology

Oct 23, 2024The Hacker NewsIdentity Security / Data Protection Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. “Only part of this gang was arrested: the remaining operators behind Grandoreiro

Facebook parent company Meta Platforms has removed several accounts across Threads and Instagram that were used to track celebrities’ private jets, including the jet owned by its Chief Executive Officer Mark Zuckerberg, citing a risk of “physical harm.” The accounts, which rely on publicly available information to track a jet’s location and CO2 emissions, among

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. “The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim’s intervention to trigger the

Oppo Enco X3 will be introduced in China on October 24 alongside the Oppo Find X8 series of phones and Pad 3 Pro tablet. Ahead of the launch, the company has revealed the design of the true wireless stereo (TWS) earphones. Some key features of the TWS alongside colour options have also been confirmed. Pre-reservations for the

Oct 22, 2024Ravie LakshmananVulnerability / Software Security Details have emerged about a now-patched security flaw in Styra’s Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes. “The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server’s local user

iOS 18.1 Release Candidate (RC) was rolled out by Apple to registered developer and public testers in beta on Monday. The update’s feature set remains largely similar to the previous iOS 18.1 beta versions, bringing improved home and lock screen customisation, a new Control Centre with more options, an enhanced Photos app, and a new

Oct 22, 2024Ravie LakshmananVulnerability / Cyber Threat The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug

Redmi A4 5G was unveiled in India on October 16 at the India Mobile Congress (IMC) 2024. It was introduced as the first entry-level smartphone with a Snapdragon 4s Gen 2 chipset. Aside from the design of the handset and its SoC details, the company did not reveal much else. It added that the phone will

The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. “Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company including, but not limited to, network

Perplexity AI is rolling out two new features to enable newer ways of using the artificial intelligence (AI) search platform’s capabilities. Announced last week, the AI firm has introduced Internal Knowledge Search and Spaces capabilities. The former allows users to search prompts and get responses based on an internal knowledge base while the latter is

Oct 18, 2024Ravie LakshmananCyber Intelligence / Critical Infrastructure Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. “Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain

Fitness trackers are primarily available in the form of wearables that resemble a wristwatch, but ‘smart rings’ are growing increasingly popular, including products from Oura, Ultrahuman, and Samsung. Unlike smartwatches that include an adjustable strap, smart rings must be purchased in a specific size option that fits the wearer. However, a person’s ring size might

Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified

Snapdragon 8 Elite — previously expected to debut as the Snapdragon 8 Gen 4 — is expected to be announced by Qualcomm next week, and details of the upcoming chipset’s performance have now been leaked online. According to a benchmark result for the purported Realme GT 7 Pro, the Snapdragon 8 Elite could offer a

Oct 19, 2024Ravie LakshmananNetwork Security / Data Breach A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. “The group under review has a toolkit that includes utilities such

Samsung Galaxy S25 Ultra is expected to arrive in early 2025 as the South Korean tech conglomerate’s next flagship smartphone. Details of the successor to the Galaxy S24 Ultra have already surfaced online, from the chipset likely to power the upcoming phone to its design and purported camera specifications. A tipster has now leaked four

In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together an effective security strategy. This article aims to demystify some of the most

Mira Murati, former chief technology officer at OpenAI, is raising funds from venture capitalists for her new AI startup, according to sources familiar with the matter. The new company aims to build AI products based on proprietary models, said one of the sources who requested anonymity to discuss private matters. It is not clear if

Oct 18, 2024The Hacker NewsWebinar / Data Protection Picture your company’s data as a vast, complex jigsaw puzzle—scattered across clouds, devices, and networks. Some pieces are hidden, some misplaced, and others might even be missing entirely. Keeping your data secure in today’s fast-evolving landscape can feel like an impossible challenge. But there’s a game-changing solution: