Security News
The campaign's starting point is an email with an embedded malicious attachment - either in the form of a ZIP file containing an LNK file or a Microsoft Word document - that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw, a 20-year old memory corruption issue in Microsoft Office, which, when exploited successfully, let attackers execute remote code on a vulnerable machine even without user interaction. What's more, the LNK files have a double extension and come with document icons, thereby tricking an unsuspecting victim into opening the file.
Any Chingari User Account Can Be Hijacked in Seconds The Chingari app for iOS and Android asks users to register an account by granting basic profile access to their Google accounts, which is a standard part of OAuth-based authentication. Chingari Patch Update To Be Released Today Kumar responsibly disclosed the issue to the makers of Chingari earlier this week, and the company in response acknowledged the vulnerability.
Any Chingari User Account Can Be Hijacked in Seconds The Chingari app for iOS and Android asks users to register an account by granting basic profile access to their Google accounts, which is a standard part of OAuth-based authentication. Chingari Patch Update To Be Released Today Kumar responsibly disclosed the issue to the makers of Chingari earlier this week, and the company in response acknowledged the vulnerability.
TikTok denied Tuesday sharing Indian users' data with the Chinese government, after New Delhi banned the wildly popular app in a sharp deterioration of relations with Beijing two weeks after a deadly border clash. "TikTok continues to comply with all data privacy and security requirements under Indian law and have not shared any information of our users in India with any foreign government, including the Chinese government," TikTok India chief Nikhil Gandhi said in a statement.
Canada's Citizen Lab laboratory has uncovered a hacks-for-hire phishing operation targeting anyone from political activists and oligarchs to lawyers and CEOs that hit more than 10,000 email inboxes over seven years. The North American outfit claims to have traced the so-called Dark Basin campaign to an Indian firm called BellTroX InfoTech Services - which denies all wrongdoing.
Citizen Lab started its investigation into the 'Dark Basin' group in 2017 after it was contacted by a journalist targeted with phishing pages that were served via the self-hosted open-source Phurl URL shortener. "Dark Basin left copies of their phishing kit source code available openly online, as well as log files" that "Recorded every interaction with the credential phishing website, including testing activity carried out by Dark Basin operators," Citizen Lab said.
According to Mohan, all an attacker needs to know is either victim's Aadhaar ID or linked mobile number or username to unauthorizedly access a targeted Digilocker account, prompting the service to send an OTP and subsequently exploiting the flaw to bypass the sign-in process. It's worth noting that the mobile app version of Digilocker also comes with a 4-digit PIN for an added layer of security.
Google has deleted an app from the Play Store that offered to delete Android software associated with China. Demos found online showed it deleting TikTok, the popular messaging app owned by Chinese developer ByteDance, and UC Browser, developed by Alibaba-owned UCWeb.
Indian banks are once again facing a fraudster field day as more stolen payment card data appears for sale on cybercrime markets. Three months after a massive batch of card data that traced to Indian banks appeared on the notorious Joker's Stash cybercrime marketplace, a fresh "Dump" of data is being offered for sale.
A story has been making the rounds on the Internet since yesterday about a cyber attack on an Indian nuclear power plant. Due to some experts commentary on social media even after lack of...