Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers

Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers

,

An older version of Shein’s Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server.
The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The issue has since been addressed as of May 2022.
Shein, originally named ZZKKO, is a Chinese online fast

,

An older version of Shein’s Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server.
The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The issue has since been addressed as of May 2022.
Shein, originally named ZZKKO, is a Chinese online fast

, ,
https://thehackernews.com/2023/03/sheins-android-app-caught-transmitting.html

LastPass Hack: Engineer’s Failure to Update Plex Software Led to Massive Data Breach

LastPass Hack: Engineer’s Failure to Update Plex Software Led to Massive Data Breach

,

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what’s a sobering reminder of the dangers of failing to keep software up-to-date.
The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with

,

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what’s a sobering reminder of the dangers of failing to keep software up-to-date.
The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with

, ,
https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html

Ransomware : la police lance l’offensive contre les pirates de DoppelPaymer

Ransomware : la police lance l’offensive contre les pirates de DoppelPaymer,

hackers

Les hackers derrière le ransomware DoppelPaymer sont dans le collimateur d’Europol. Une opération coup de poing, menée en Allemagne et en Ukraine, a permis de mettre la main sur du matériel appartenant aux pirates.

,

hackers

Les hackers derrière le ransomware DoppelPaymer sont dans le collimateur d’Europol. Une opération coup de poing, menée en Allemagne et en Ukraine, a permis de mettre la main sur du matériel appartenant aux pirates.

, ,
https://www.01net.com/actualites/ransomware-police-offensive-pirates-doppelpaymer.html

New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims

New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims,

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022.
The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on

,

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022.
The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on

, ,
https://thehackernews.com/2023/03/new-hiatusrat-malware-targets-business.html

From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality

From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality,

Deep fakes are expected to become a more prominent attack vector. Here’s how to identify them.
What are Deep Fakes?
A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement

,

Deep fakes are expected to become a more prominent attack vector. Here’s how to identify them.
What are Deep Fakes?
A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement

, ,
https://thehackernews.com/2023/03/from-disinformation-to-deep-fakes-how.html

Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine

Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine,

Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware.
The operation, which took place on February 28, 2023, was carried out with support from the Dutch National Police (Politie) and the U.S. Federal Bureau of Investigation (FBI), according to Europol.
This encompassed

,

Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware.
The operation, which took place on February 28, 2023, was carried out with support from the Dutch National Police (Politie) and the U.S. Federal Bureau of Investigation (FBI), according to Europol.
This encompassed

, ,
https://thehackernews.com/2023/03/core-members-of-doppelpaymer-ransomware.html

Experts Reveal Google Cloud Platform’s Blind Spot for Data Exfiltration Attacks

Experts Reveal Google Cloud Platform’s Blind Spot for Data Exfiltration Attacks

,

Malicious actors can take advantage of « insufficient » forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found.
« Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks, » cloud incident response

,

Malicious actors can take advantage of « insufficient » forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found.
« Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks, » cloud incident response

, ,
https://thehackernews.com/2023/03/experts-reveal-google-cloud-platforms.html

Piratage de LastPass : une grave négligence est à l’origine du vol

Piratage de LastPass : une grave négligence est à l’origine du vol,

lastpass hack

On continue d’en apprendre davantage sur le piratage de LastPass. D’après une nouvelle révélation, le vol des mots de passe a été rendu possible par la négligence d’un développeur en matière de sécurité informatique.

,

lastpass hack

On continue d’en apprendre davantage sur le piratage de LastPass. D’après une nouvelle révélation, le vol des mots de passe a été rendu possible par la négligence d’un développeur en matière de sécurité informatique.

, ,
https://www.01net.com/actualites/piratage-lastpass-grave-negligence-origine-vol.html

Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm

Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm

,

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year.
The exploit relates to « side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU, » Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH

,

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year.
The exploit relates to « side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU, » Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH

, ,
https://thehackernews.com/2023/03/experts-discover-flaw-in-us-govts.html

Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery

Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery,

This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees’ SaaS usage through a completely free, self-service product that operates on a « freemium » model. If a user is impressed with the solution and wants to gain

,

This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees’ SaaS usage through a completely free, self-service product that operates on a « freemium » model. If a user is impressed with the solution and wants to gain

, ,
https://thehackernews.com/2023/03/security-and-it-teams-no-longer-need-to.html