Category Archives: Uncategorized

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

This article highlighted how researchers explore the security vulnerability in the Nexus Android botnet’s command and control (C&C) panel. This security researcher exploited the vulnerability of C&C panel by compromising the panel to gain valuable threat intelligence. The article also highlighted the model of mobile Appinjects, which is use to gain the knowledge of overlay …

Continue reading “Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects”

Vulnerabilities in E2EE Cloud Storage

During ACM CCS 2024, held October 14-18, 2024, researchers from ETH Zurich, Jonas Hofmann and Kien Tuong Truong, indicated severe security flaws in the end-to-end encryption (E2EE) systems of several cloud storage service providers. These flaws can pose a significant threat to user information and undermine the promised security standards of those providers. The research …

Continue reading “Vulnerabilities in E2EE Cloud Storage”

Game Freak’s Teraleak

In a bizarre turn of events, Game Freak, the developer behind the popular Pokémon game series, has fallen victim to a massive cyberattack, resulting in the leak of decades of information. The leak, known as “Teraleak,” includes sensitive game-related details from the early days of Pokémon, such as unreleased content, game development assets, financial records, …

Continue reading “Game Freak’s Teraleak”

TRELLO DATA BREACH: PRECAUTIONARY STEPS FOR AFFECTED VICTIMS

In other news, a popular project management tool from Atlassian, Trello, just experienced a serious data breach. According to reports from Hackread.com, the hacker whose alias is “Emo” recently leaked this data on a cybercrime platform called “Breach Forums,” where it was confirmed that a staggering 21.1GB of customer information was lost in this breach. …

Continue reading “TRELLO DATA BREACH: PRECAUTIONARY STEPS FOR AFFECTED VICTIMS”

The ClickFix Social Engineering Tactic

In May 2024, a new social engineering tactic called ClickFix emerged which involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell Command. According to Proofpoint researchers[1], who named this tactic ClickFix, they reported that the initial access broker TA571 leveraged it in email phishing campaigns …

Continue reading “The ClickFix Social Engineering Tactic”

Calgary Public Library’s Cyber Attack

What happened? On Oct 11th 2024 all 22 locations of public libraries across Calgary was shut down amid a cyber-attack. The early news suspected it to be the ransomware attack endangering public’s crucial data at the hands of attackers. Why was library targeted? “Libraries are a rich target, and the reason that they’re rich target …

Continue reading “Calgary Public Library’s Cyber Attack”

Iranian Cyber Actors Target Critical Infrastructure Sectors

Brute force attacks are currently on the rise and constantly evolving. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and more, released an advisory on October 16, 2024, warning several large organizations and most especially critical infrastructure sectors on the ongoing brute force attacks being carried out by some Iranian cyber …

Continue reading “Iranian Cyber Actors Target Critical Infrastructure Sectors”

Generative AI used in developing malwares

“OpenAI says it has disrupted 20-plus foreign influence networks in past year”[4] It was about time when analysts and researchers will find AI-generated malware in the wild. Last month, a report published by HP wolf Security[5] highlighted the malicious code has been detected in the recent targeted email campaigns to French users to deliver AsyncRAT …

Continue reading “Generative AI used in developing malwares”

France’s Grand Palais discloses cyberattack during Olympic games

France’s Grand Palais discloses cyberattack during Olympic gamesOn Saturday night, August 3, 2024, the Grand Palais Réunion des musées nationaux (Rmn) in France fell victim to a cyberattack, raising concerns about the security of cultural institutions amid ongoing digital threats. The Grand Palais Rmn is a significant institution responsible for managing various museums and cultural …

Continue reading “France’s Grand Palais discloses cyberattack during Olympic games”

RPKI Insecurity 

Recently, a team of researchers from Germany released a paper outlining the vulnerabilities of Resource Public Key Infrastructure (RPKI), the primary framework used to provide security for the Border Gateway Protocol (BGP) [2]. BGP is used for routing, and it is an alternative to Open Shortest Path First (OSPF). OSPF is generally used for routing …

Continue reading “RPKI Insecurity “

Powered by UCalgary

The views, information, or opinions expressed on this site are solely those of the individual(s) involved and do not necessarily represent the position of the University of Calgary as an institution.

Website Terms & Conditions | Privacy Policy | Copyright © 2024