Apr 24, 2024NewsroomEncryption / Mobile Security Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users’ keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose […]
Apr 24, 2024NewsroomEncryption / Mobile Security Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users’ keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose […]
Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. “The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names […]
Cybersecurity researchers at Netenrich have uncovered a new ransomware group called Red Ransomware Group (Red CryptoApp). This group operates differently from typical ransomware outfits, adding a twist to their extortion tactics. Unlike most ransomware groups that keep their operations under wraps, Red CryptoApp appears to be taking an aggressive approach. According to Netenrich, the group […]
Security researchers have uncovered critical security flaws within ChatGPT plugins. By exploiting these flaws, attackers could seize control of an organization’s account on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII). “The vulnerabilities found in these ChatGPT plugins are raising alarms due to the heightened risk of proprietary information being stolen […]
Kroll has uncovered a sophisticated cyberattack leveraging vulnerabilities in ConnectWise ScreenConnect software to deploy a variant of the BabyShark malware dubbed ToddlerShark. This targeted campaign exploits ScreenConnect flaws in the remote access tool to gain unauthorized access and deliver the malicious payload. Diving into details The North Korean APT group Kimsuky is reportedly exploiting ScreenConnect […]
Cybersecurity researchers at Proofpoint have uncovered a new tactic employed by cybercriminal threat actor TA577, shedding light on a lesser-seen objective in their operations. The group was found utilizing an attack chain aimed at stealing NT LAN Manager (NTLM) authentication information. This method could potentially be exploited for sensitive data gathering and facilitating further malicious […]
A joint effort by SentinelLabs and ClearSky Cyber Security has uncovered a significant propaganda and disinformation campaign, possibly orchestrated by the Russia-aligned influence operation network called Doppelgänger. The campaign, which began in late November 2023, initially targeted Ukrainian affairs but has since expanded its scope to include the US, Israel, France and Germany. In Germany, Doppelgänger […]
Feb 12, 2024NewsroomVulnerability / Data Recovery Cybersecurity researchers have uncovered an “implementation vulnerability” that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). “Through a comprehensive analysis […]