Security News > 2024 > August

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. The packages have been collectively downloaded 2,082 times.

Cybersecurity researchers have uncovered a new Android remote access trojan called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware. "BingoMod belongs to the modern RAT generation of mobile malware, as its remote access capabilities allow threat actors to conduct Account Takeover directly from the infected device, thus exploiting the on-device fraud technique," researchers Alessandro Strino and Simone Mattia said.

Mozilla is following in Google Chrome's footsteps in officially distrusting Entrust as a root certificate authority following what it says was a protracted period of compliance failures. Entrust has apologized to Google, Mozilla, and the wider web community, outlining its plans to regain the trust of browsers, but these appear to be unsatisfactory to both Google and Mozilla.

NordVPN has stood tall as one of the most popular VPN solutions available today. On top of its VPN service, it provides additional security features like ad blockers, data security reports and email breach alerts.

Obfuscation is the technique of intentionally making information difficult to read, especially in computer coding. Other methods of obfuscation include compressing the entire program, making the code unreadable, and changing the control flow to create unstructured, difficult-to-maintain logic.

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. Many developers lack the essential knowledge and skills to effectively implement secure software development.

Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team said.

This extensive bundle includes nine courses and more than 50 hours of training in ethical hacking, Kali Linux, certification exams, and more. TL;DR: Kick off a cybersecurity career with help from The Masters in Cyber Security Certification Bundle, now just $39.97 through August 4.

Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. The counterfeit websites and ads have been found to mainly impersonate a major online e-commerce platform and a power tools manufacturer, as well as single out victims with bogus sales offers for products from various well-known brands.

Germany's government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy - the official mapping agency. The nation's Ministry of the Interior and Home Affairs on Wednesday published an assertion that China infiltrated the Office's systems to conduct espionage, after first compromising devices belonging to private individuals and businesses to conduct the raid.