Phishing-resistant MFA 101: What you need to know
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The spread of the remote workforce and the growth of digital transformation has exponentiated the number of login-based attack vectors. While multi-factor authentication […]
Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024
Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of […]
Teen Charged in DraftKings Data Breach
By Waqas If convicted, the alleged culprit Joseph Garrison could face a maximum sentence of 57 years. This is a post from HackRead.com Read the original post: Teen Charged in DraftKings Data Breach
Dr. Active Directory vs. Mr. Exposed Attack Surface: Who’ll Win This Fight?
Active Directory (AD) is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measures beyond checking for a password and […]
Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke
Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware
Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. “Both AI services are extremely popular but lack first-party standalone apps (i.e., users interface with ChatGPT via their web interface while Midjourney uses […]
WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below – CVE-2023-32409 – A WebKit flaw that could be exploited by a malicious actor to break out […]
Zip domains, a bad idea nobody asked for
If you heard a strange and unfamiliar creaking noise on May 3, it may been the simultaneous rolling of a million eyeballs. The synchronised ocular rotation was the less than warm welcome that parts of the IT and security industries—this author included—gave to Google’s decision to put .zip domains on sale. Google Registry actually announced […]
APT attacks: Exploring Advanced Persistent Threats and their evasive techniques
Cyber criminals come in all shapes and sizes. On one end of the spectrum, there’s the script kiddie or inexperienced ransomware gang looking to make a quick buck. On the other end are state-sponsored groups using far more sophisticated tactics—often with long-term, strategic goals in mind. Advanced Persistent Threats (APT) groups fall into this latter […]
This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide
A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. “The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud,”