Author: securnerd

Reports reveal a surge in malicious ad campaigns targeting Apple macOS users, unleashing two distinct strains of stealer malware, notably Atomic Stealer, in a bid to pilfer sensitive data. Recent investigations by Jamf Threat Labs have unveiled a concerning trend of infostealer attacks specifically aimed at macOS users. These attacks employ various tactics to infiltrate Mac systems, all with the singular aim of exfiltrating critical information. One such attack vector involves the deceptive use of ads masquerading as legitimate sources, particularly targeting users searching for the Arc Browser. Upon clicking on these ads, unsuspecting users are redirected to counterfeit websites…

In a recent cyber onslaught, a notorious threat group, dubbed ‘ResumeLooters’, has orchestrated a massive data breach affecting over two million individuals. Employing sophisticated tactics including SQL injection and cross-site scripting (XSS) attacks, the group infiltrated 65 legitimate job listing and retail websites. The primary targets of the attacks were concentrated across the Asia-Pacific (APAC) region, with countries such as Australia, Taiwan, China, Thailand, India, and Vietnam bearing the brunt. The stolen data includes sensitive personal information such as names, email addresses, phone numbers, work history, educational background, and more. Group-IB, a cybersecurity firm actively tracking ResumeLooters, revealed that the…

Apple has just introduced a groundbreaking addition to the world of programming languages with the launch of Pkl, an innovative open-source “embeddable configuration language.” This move aims to streamline configuration tasks, ranging from simple to complex, and from ad-hoc to repetitive. Unveiled on February 1, 2024, with its initial version labeled 0.25, Pkl comes with a comprehensive introductory tour accessible via the language’s documentation website. Unlike conventional programming languages that rely on imperative instructions, Pkl revolves around a key-value structure reminiscent of JSON, enhancing its adaptability to configuration tasks. Moreover, Apple has equipped Pkl with features facilitating the generation of…

Parrot Security has officially launched Parrot OS 6.0, marking the latest iteration of its Debian-based security-focused distribution tailored for ethical hacking and penetration testing enthusiasts. Highlighting a commitment to providing a sophisticated yet user-friendly environment, Parrot OS 6.0 debuts nearly a year after its predecessor, Parrot OS 5.2. Drawing from the foundations of the Debian GNU/Linux 12 “Bookworm” operating system series, the release distinguishes itself by opting for the cutting-edge Linux 6.5 kernel over the long-term supported Linux 6.1 LTS kernel found in Debian Bookworm. This strategic choice enhances hardware support by incorporating backported DKMS modules for Wi-Fi drivers. The…

In a staggering revelation, cybersecurity experts have uncovered a colossal cache of over 26 billion exposed records online, branding it as the “mother of all breaches.” Contrary to conventional breaches, this massive dataset doesn’t stem from a solitary security incident but rather represents an amalgamation of multiple breaches, often orchestrated by data enrichment entities. The process of data enrichment involves amalgamating first-party data from internal sources with diverse data from external or internal systems, transforming it into a valuable asset for organizations due to its increased utility and insights. Although the researchers identified a staggering 26 billion records, the possibility…

The U.S. Federal Trade Commission (FTC) continues its rigorous crackdown on data brokers, taking decisive action against InMarket Media by prohibiting the sale or licensing of precise location data without explicit user consent. This settlement follows allegations that the Texas-based company, InMarket, failed to inform or seek consent from consumers before utilizing their location information for targeted advertising and marketing purposes. Under the terms of the settlement, InMarket is barred from selling, licensing, transferring, or sharing any product or service that categorizes or targets consumers based on sensitive location data. The FTC directive also mandates the destruction of all previously…

In response to the increasing threat posed by multiple malicious actors, Microsoft announced on Thursday that it is once again taking measures to disable the ms-appinstaller protocol handler by default. This decision comes in the wake of its exploitation by threat actors to facilitate the widespread distribution of malware. The Microsoft Threat Intelligence team revealed that the observed malicious activities involve the abuse of the current implementation of the ms-appinstaller protocol handler as an access vector for malware, potentially leading to the deployment of ransomware. Highlighting the severity of the issue, the team identified the emergence of a disturbing trend…

In a recent cyber onslaught, a newly discovered JavaScript malware has unleashed a wave of attacks on over 40 financial institutions worldwide, compromising the online banking credentials of more than 50,000 users. Unearthed by IBM Security Trusteer in March 2023, this sophisticated campaign utilizes JavaScript web injections to infiltrate popular banking applications, posing a substantial threat to users across North America, South America, Europe, and Japan. Security researcher Tal Langus revealed that the primary objective of the threat actors behind the campaign is to compromise banking applications, intercept user credentials upon malware installation, and potentially monetize the stolen banking information.…

A newly identified cyber threat named NKAbuse is making waves in the digital security landscape, employing a decentralized, peer-to-peer network protocol called NKN (New Kind of Network) as a conduit for its malicious activities. Russian cybersecurity firm Kaspersky disclosed in a recent report that the malware harnesses NKN technology for seamless data exchange between peers, acting as a robust implant with both flooder and backdoor functionalities. NKN, boasting a network of over 62,000 nodes, stands as a revolutionary software overlay network built upon the existing Internet infrastructure. It allows users to share unused bandwidth and earn token rewards, incorporating a…

Google recently unveiled Gemini, its latest suite of powerful AI models, but the tech giant is already under fire for allegedly misleading claims about its performance. In an op-ed by Bloomberg, concerns were raised about the accuracy of a video demonstration presented by Google during the announcement of Gemini. The hands-on video showcased Gemini’s impressive multimodal capabilities, combining spoken conversational prompts with image recognition. However, Bloomberg columnist Parmy Olson argued that the capabilities portrayed in the video may have been exaggerated. The six-minute demonstration displayed Gemini quickly recognizing images, responding within seconds, and tracking real-time objects, such as a cup…