Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions
Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions for privacy and security violations in 2022. The computing giant said it terminated 428,000 developer accounts for potential fraudulent activity, blocked 105,000 fake developer account creations, and deactivated 282 million bogus customer accounts. It
Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands
A U.S. national has pleaded guilty in a Missouri court to operating a darknet carding site and selling financial information belonging to tens of thousands of victims in the country. Michael D. Mihalo, aka Dale Michael Mihalo Jr. and ggmccloud1, has been accused of setting up a carding site called Skynet Market that specialized in […]
Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. “These vulnerabilities are due to improper validation of requests that are sent to the web interface,” Cisco said, crediting […]
Leaked Babuk ransomware builder code lives on as RA Group
The bones of long gone ransomware group Babuk continue to rattle in the breeze, in the form of reused code. Researchers from Cisco Talos have named this new team the “RA Group”, a ransomware collective which may have only been up and running since last month. Babuk famously threatened to leak law enforcement data, relented, […]
PharMerica breach impacts almost 6 million people
US pharmacy giant PharMerica has notified over 5.8 million people about a security incident in which it says personal information and medical information may have been obtained by cybercriminals. The Data Breach Notification lists the total number of persons affected as 5,815,591. An investigation was started after PharMerica noticed suspicious activity on its network. The investigation showed that […]
Is it Getting Harder to Pigeonhole Games into Specific Genres?
By Owais Sultan Back in 2015, a study from Syracuse University analysed how grouping video games into genres can be limited.… This is a post from HackRead.com Read the original post: Is it Getting Harder to Pigeonhole Games into Specific Genres?
OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users
A hacking group dubbed OilAlpha with suspected ties to Yemen’s Houthi movement has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. “OilAlpha used encrypted chat messengers like WhatsApp to launch social engineering attacks against its targets,” cybersecurity company Recorded Future said in a
Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines (VMs) to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944, which is also known as Roasted 0ktapus and Scattered Spider. “This method of attack was unique in
Identifying a Patch Management Solution: Overview of Key Criteria
Software is rarely a one-and-done proposition. In fact, any application available today will likely need to be updated – or patched – to fix bugs, address vulnerabilities, and update key features at multiple points in the future. With the typical enterprise relying on a multitude of applications, servers, and end-point devices in their day-to-day operations, the […]
Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
The second generation version of Belkin’s Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum, which reverse-engineered […]