The vulnerability, tracked as CVE-2023-28489, impacts the CPCI85 firmware of Sicam A8000 CP-8031 and CP-8050 products, and it can be exploited by an unauthenticated attacker for remote code execution.
Experts at Cyble laid bare AresLoader, a new type of loader that distributes multiple malware strains, including IcedID, Aurora Stealer, and Laplas Clipper. A GitHub repository masquerading as a Citrix project was being used to distribute the malware. Experts recommend creating multiple lines of defense, including implementing genuine anti-virus software, firewalls, and an anti-phishing solution.
Google wants to take us further into a passwordless future by allowing personal account holders to login using passkeys rather than using passphrases and multifactor authentication (MFA).
The vulnerability, which has now been fixed, was caused by a window message event handler that does not properly validate the message origin, providing attackers access to sensitive user information.
Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI’s ChatGPT as a lure to propagate about 10 malware families since March 2023.
The operation, dubbed SpecTor, also included the seizure of 117 firearms, 850 kilograms of drugs — including 64 kilograms of fentanyl or fentanyl-laced narcotics — and $53.4 million in cash and virtual currencies, the DoJ said in a statement.
Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns.
Cybercriminals have been using AT&T-provided email addresses to steal large amounts of cryptocurrency by accessing accounts via mail keys. One victim claimed to have lost $134,000 from its Coinbase account. The firms are suggested to update their security controls to prevent such activities and proactively require a password reset on some email accounts.
Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices’ firmware that acted as a time bomb designed to brick them.
The UK government has announced a new fraud strategy which will focus heavily on mitigating the impact of telephone and online scams, although critics have said it doesn’t go far enough.