brangberg – Page 1089

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device’s unlock pattern or PIN.
“This new addition enables the threat actor to operate on the device even while it is locked,” Zimperium security researcher Aazim Yaswant said in an analysis published last week.
First spotted in the wild in 2019, TrickMo is so named for

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT.
The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload.
“DarkVision RAT communicates with its command-and-control (C2) server using a custom network

New FIDO proposal lets you securely move passkeys across platforms

The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers. […]

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign.
The malware is “installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs,” a security researcher who goes by HaxRob said.

Over 200 malicious apps on Google Play downloaded millions of times

Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. […]

CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet)

CISOS from Box and Smartsheet discuss the route toward, the role within, and the future of being a successful CISO.

The post CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet) appeared first on SecurityWeek.

Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities

Splunk has released patches for multiple vulnerabilities in Splunk Enterprise, including two high-severity remote code execution flaws.

The post Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities appeared first on SecurityWeek.

Organizations Slow to Protect Doors Against Hackers: Researcher

Door access controllers remain vulnerable to remote hacker attacks for extended periods of time, a researcher has found.

The post Organizations Slow to Protect Doors Against Hackers: Researcher appeared first on SecurityWeek.

The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short

In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent weapon for

Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack

Automattic has rolled out updates for 101 Jetpack versions released over the past eight years to resolve a critical vulnerability.

The post Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack appeared first on SecurityWeek.

Author: brangberg