- Details
- BleepingComputer
Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices.
Auto Blocker is an opt-in security feature that prevents the side-loading of risky apps (APKs) downloaded from outside the Galaxy Store and Google Play.
This is a measure to protect users from social engineering attacks that convince them to download and install APKs that infect them with malware or spyware. Read More..
- Details
- BleepingComputer
An actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
In less than a month, Prolific Puma has registered thousands of domains, many on the U.S. top-level domain (usTLD), to help with the delivery of phishing, scams, and malware.
Researchers from Infoblox, a DNS-focused security vendor that looks at 70 billion DNS queries daily, first observed Prolific Puma activity six months ago, after detecting a registered domain generation algorithm (RDGA) to create the domain names for the malicious URL shortening service. Read More..
- Details
- BleepingComputer
The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution (RCE) flaw to breach networks and encrypt devices.
The flaw, tracked CVE-2023-46604, is a critical severity (CVSS v3 score: 10.0) RCE allowing attackers to execute arbitrary shell commands by exploiting the serialized class types in the OpenWire protocol.
The security problem was addressed in a security update on October 25, 2023. However, threat monitoring service ShadowServer reported that, as of October 30, there were still 3,329 internet-exposed servers using a version vulnerable to exploitation. Read More..
- Details
- BleepingComputer
Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region.
Researchers from Mandiant report that four ongoing campaigns target vulnerable Citrix NetScaler ADC and Gateway appliances, with attacks underway since late August 2023.
The security company has seen post-exploitation activity related to credential theft and lateral movement, warning that exploitation leaves behind limited forensic evidence, making these attacks particularly stealthy. Read More..
- Details
- BleepingComputer
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.
On affected devices, users were warned to immediately uninstall the Google app because it could secretly send SMS messages, download and install other apps, or steal their sensitive information.
Others saw a different alert, telling them that the Google app was a trojan that could provide remote access to their device and allow attackers to install malware and steal the users' data. Read More..
- Malicious NuGet Packages Abuse MSBuild to Install Malware
- Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection Misconfigurations
- New ExelaStealer Attack Windows PCs and Steals Private Data
- CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities
- NSA and CISA Reveal Top 10 Cybersecurity Misconfigurations