Security
Headlines
HeadlinesLatestCVEs

Tag

#android

North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations

A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018. Google-owned Mandiant, which is tracking the activity cluster under the moniker APT43, said the group's motives are both espionage- and financially-motivated, leveraging techniques like credential

The Hacker News
Open in Source
#web#android#windows#google#git#intel#The Hacker News
Top Benefits of Using Flutter for Cross-Platform App Development

By Owais Sultan Today’s mobile-first world calls for functional solutions that meet the expectations of smartphone users. Creating a user-friendly mobile… This is a post from HackRead.com Read the original post: Top Benefits of Using Flutter for Cross-Platform App Development

North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT43

In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.

Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds

A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans.

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to five years in prison. He was arrested on March 15, 2023. "Cybercrime victimizes and steals financial

CVE-2023-24094: MikroTik

An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS

CVE-2023-28885: GitHub - zj3t/GM_Vulnerability: Vulnerability Report

The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.

CVE-2022-39043: 揪科 Juiker app - Information Leakage

Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.

A week in security (March 20 - 26)

Categories: News Tags: potentially unwanted programs Tags: PUP Tags: ViLE Tags: Google Tags: Magecart Tags: skimmer Tags: skimming Tags: NBA Tags: Google Pixel crop Tags: Kritec Magecart Tags: fake IRS tax mail Tags: Emotet Tags: BreachForums Tags: Bitcoin ATM Tags: Bitcoin Tags: USB bomb Tags: USB Tags: ChatGPT The most interesting security related news from the week of March 20 - 26. (Read more...) The post A week in security (March 20 - 26) appeared first on Malwarebytes Labs.