Technology News

Malicious actors have started to exploit a loophole in the defenses of many home users, organizations, email and security services, to send out phishing emails from legitimate services. image credit: Avanan Threat actors have found a way to send phishing emails using the tools and services provided by legitimate companies such as PayPal or QuickBooks. Most phishing emails come from unrelated domains; experienced users may spot these right away, and so do many antivirus solutions. Using a domain that is on an allow list, on the other hand, adds trust to the email. Phishing emails that come directly from PayPal have a greater chance of slipping through defenses because of … Read more

Cybersecurity research analysts at Zscaler have uncovered a new large-scale phishing campaign targeting Microsoft email users. The main targets of the campaign are corporate users, specifically end users in Enterprise environments that use Microsoft email services. image credit: Zscaler The attackers use so-called Adversary-in-The-Middle (AiTM) techniques to bypass multi-factor authentication (MFA) protections. Microsoft published information about a similar attack in early July. The attack that Microsoft described targeted more than 10,000 organizations, and used AiTM techniques to bypass MFA protections. Zscaler describes the new attack as highly sophisticated. It “uses an adversary-in-the-middle (AiTM) attack technique capable of bypassing multi-factor authentication” and “multiple evasion techniques used in various stages of the … Read more

Whenever you set up a brand new device or begin to set one up following a factory restore, you’re greeted with a beautiful ‘hello’ screen that walks you through the setup process.   Recognizing that you don’t really get the pleasure of viewing this pleasant interface more than once or a couple of times throughout the duration that you own a device, Hyperixa thought it would be cool to make a jailbreak tweak called Hola that lets you see it more often. As shown in the video example and screenshot depictions provided above, you can see that Hola simply displays thw hello setup screen every time you use your device, … Read more

Apple TV+ debuted at $4.99 per month, and, for what it’s worth, the company hasn’t changed the price for the video streaming service. But, that doesn’t mean the price points remain the same for the primary competitors out there in the wild, unfortunately. And, sure enough, another price hike is in the works for a pair of popular options. As reported by The Verge, the price for both Disney+ and Hulu are going up. First, Disney+, which will see its price rise from $7.99 per month to $10.99 per month. That’s quite the hike, to say the least. This will go into effect beginning December 8, 2022, in the United … Read more

While Apple continues to make moves when it comes to general user privacy and security, especially with iOS, there are still some areas where third-party companies can take advantage of the tools Apple has in place. For instance, a built-in web browser in apps like Facebook or Instagram, for instance, is still based on Apple’s WebKit. But it sounds like Meta has still found a way to track users that use that third-party web browser instead of Safari. That’s according to a new analysis put together by Felix Krause. A wide range of apps still rely on Safari for web browsing, but there are others that use a third-party option … Read more

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations today that attackers deploying Zeppelin ransomware might encrypt their files multiple times. The two federal agencies also shared tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help security professionals detect and block attacks using this ransomware strain. “The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim’s network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys,” a joint advisory published today revealed. Detected by the FBI … Read more

Versions of a cross-platform instant messenger application focused on the Chinese market known as ‘MiMi’ have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems. SEKOIA’s Threat & Detection Research Team says that the app’s macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022. They discovered this after noticing unusual connections to this app while analyzing command-and-control (C2) infrastructure for the HyperBro remote access trojan (RAT) malware linked to the APT27 Chinese-backed threat group. TrendMicro also reported detecting the same campaign and said it found old trojanized versions of MiMi targeting Linux (with … Read more

Palo Alto Networks has issued a security advisory warning of an actively exploited high-severity vulnerability impacting PAN-OS, the operating system used by the company’s networking hardware products. The issue, tracked as CVE-2022-0028 (CVSS v3 – 8.6), is an URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out amplified TCP denial-of-service (DoS) attacks. The PAN-OS versions vulnerable to this vulnerability are the following: PAN-OS prior to 10.2.2-h2 (patch ETA: next week) PAN-OS prior to 10.1.6-h6 (patch available) PAN-OS prior to 10.0.11-h1 (patch ETA: next week) PAN-OS prior to 9.1.14-h4 (patch ETA: next week) PAN-OS prior to 9.0.16-h3 (patch ETA: next week) PAN-OS prior to 8.1.23-h1 (patch … Read more