Author Archives: Ravie Lakshmanan

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote d… Continue reading Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely→

Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites.
Google Threat Ana… Continue reading Russian Hackers Tricked Ukrainians with Fake “DoS Android Apps to Target Russia”→

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems.
“These c… Continue reading Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads→

Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system.
The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage serv… Continue reading Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users→

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and … Continue reading New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals→

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace.
While the Android storefront is considered to be a truste… Continue reading Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware→

The U.S. Federal Bureau of Investigation (FBI) has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space.
“The FBI has observed cyber criminals contacting U.S. investors, fraudulently clai… Continue reading FBI Warns of Fake Cryptocurrency Apps Stealing Millions from Investors→

With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an “industry failure” to adopt mitigations released by AMD and Intel, posing a firmware supply chain threat.
Dubb… Continue reading New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks→

Thai activists involved in the country’s pro-democracy protests have had their smartphones infected with NSO Group’s infamous Pegasus government-sponsored spyware.
At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are b… Continue reading Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand→

Researchers from Wordfence have sounded the alarm about a “sudden” spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons.
Tracked as CVE-2021-24284, the issue is rated 1… Continue reading Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability→