Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

,

Malicious actors exploited an unknown flaw in Revolut’s payment systems to steal more than $20 million of the company’s funds in early 2022.
The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.
The fault stemmed from discrepancies between Revolut’s U.S. and European systems, causing funds

,

Malicious actors exploited an unknown flaw in Revolut’s payment systems to steal more than $20 million of the company’s funds in early 2022.
The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.
The fault stemmed from discrepancies between Revolut’s U.S. and European systems, causing funds

, ,
https://thehackernews.com/2023/07/hackers-steal-20-million-by-exploiting.html

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China,

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China.
Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps,

,

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China.
Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps,

, ,
https://thehackernews.com/2023/07/two-spyware-apps-on-google-play-with-15.html

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam,

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website’s reputation, affect search results

,

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website’s reputation, affect search results

, ,
https://thehackernews.com/2023/07/improve-your-security-wordpress-spam.html

Vishing Goes High-Tech: New ‘Letscall’ Malware Employs Voice Traffic Routing

Vishing Goes High-Tech: New ‘Letscall’ Malware Employs Voice Traffic Routing

,

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as « Letscall. » This technique is currently targeting individuals in South Korea.
The criminals behind « Letscall » employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects

,

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as « Letscall. » This technique is currently targeting individuals in South Korea.
The criminals behind « Letscall » employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects

, ,
https://thehackernews.com/2023/07/vishing-goes-high-tech-new-letscall.html

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software,

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities.
The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

,

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities.
The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

, ,
https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html

Mastodon Social Network Patches Critical Flaws Allowing Server Takeover

Mastodon Social Network Patches Critical Flaws Allowing Server Takeover,

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks.
Mastodon is known for its federated model, consisting of thousands of separate servers called « instances, » and it has over 14 million users across more than 20,000 instances.
The most critical vulnerability, CVE-2023-36460,

,

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks.
Mastodon is known for its federated model, consisting of thousands of separate servers called « instances, » and it has over 14 million users across more than 20,000 instances.
The most critical vulnerability, CVE-2023-36460,

, ,
https://thehackernews.com/2023/07/mastodon-social-network-patches.html

Close Security Gaps with Continuous Threat Exposure Management

Close Security Gaps with Continuous Threat Exposure Management,

CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets.
As advanced threat actors constantly search for easily

,

CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets.
As advanced threat actors constantly search for easily

, ,
https://thehackernews.com/2023/07/close-security-gaps-with-continuous.html

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days,

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify.
Recently, Microsoft’s Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes’ terrifying velocity and damaging nature.
The findings indicate that hackers can complete the entire attack process, from gaining initial access

,

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify.
Recently, Microsoft’s Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes’ terrifying velocity and damaging nature.
The findings indicate that hackers can complete the entire attack process, from gaining initial access

, ,
https://thehackernews.com/2023/07/blackbyte-20-ransomware-infiltrate.html

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities,

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks.
One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular

,

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks.
One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular

, ,
https://thehackernews.com/2023/07/google-releases-android-patch-update.html

JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident

JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident,

JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients.
As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data.
The company has informed the concerned

,

JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients.
As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data.
The company has informed the concerned

, ,
https://thehackernews.com/2023/07/jumpcloud-resets-api-keys-amid-ongoing.html