admin – Cybersecurity News Everyday

Shopee customers lost 9,000 in 2024 after making payments outside app to scammers

Shopee customers lost $399,000 in 2024 after making payments outside app to scammers

January 27, 2025January 27, 2025 admin

Summary: In 2024, Singapore reported at least 179 e-commerce scams on Shopee, resulting in losses exceeding $399,000. Scammers lured victims through live streams and off-platform transactions, often using messaging apps to facilitate fraudulent sales. Shopee has urged users to transact only within its app to benefit from protective measures like the Shopee Guarantee.…

Cyber Security News

The top 10 brands exploited in phishing attacks – and how to protect yourself | ZDNET

January 26, 2025 admin

Summary: Cybercriminals are increasingly using phishing attacks that spoof well-known brands to deceive users into revealing sensitive information. A recent report from Check Point Research identifies the most commonly spoofed brands and highlights the need for vigilance against these threats. Key brands targeted include Microsoft, Apple, and Google, with specific campaigns impersonating services like PayPal and Facebook.…

Cyber Security News

INC Ransom takes responsibility for Stark Aerospace compromise | SC Media

January 26, 2025 admin

Summary: Stark Aerospace, a Mississippi-based missile systems manufacturer, has reportedly suffered a data breach involving 4 TB of sensitive information, allegedly by the INC Ransom ransomware group. The attackers claim to have exfiltrated critical documents, including supply chain details and military contracts, threatening to sell the data unless a ransom is paid.…

Cyber Security News

Critical Zero-Click Vulnerability in Windows OLE Poses Widespread Risk – Cyber Kendra

January 26, 2025 admin

Summary: Microsoft has patched a critical security vulnerability (CVE-2025-21298) in Windows OLE that allows attackers to execute malicious code without user interaction, receiving a CVSS score of 9.8. This “zero-click” exploit can be triggered simply by previewing a malicious RTF email in Outlook, affecting a wide range of Windows systems.…

Cyber Security News

New JavaScript Attack Hijacking Government And University Websites

January 26, 2025 admin

Summary: A sophisticated client-side JavaScript attack has compromised over 500 websites, including high-profile government and university domains, by injecting hidden links into the Document Object Model (DOM). This malicious campaign is believed to be part of a black hat Search Engine Optimization (SEO) effort aimed at manipulating search engine rankings.…

Cyber Security News

US House Committee calls for offensive cyber strategies in response to rising adversarial threats – Industrial Cyber

January 26, 2025January 26, 2025 admin

Summary: The U.S. House Committee on Homeland Security recently held a hearing to address escalating cybersecurity threats, emphasizing the need for an offensive strategy against increasingly sophisticated adversaries. Testimonies from cybersecurity experts highlighted the growing intrusions from nation-state actors like China, Russia, Iran, and North Korea, as well as the rising threat from cybercriminal organizations.…

Interesting Stuff

ChatGPT and Cybersecurity: Exploring the Dual-Edged Sword of AI Innovation

January 26, 2025January 26, 2025 admin

The rapid evolution of AI, particularly tools like ChatGPT, has revolutionized industries — but it has also opened Pandora’s box of cybersecurity risks. From malicious chatbots to regulatory rollbacks, the intersection of AI and cybersecurity demands urgent attention. Here’s a breakdown of the latest threats and how to mitigate them.…

Threat Research

The GamaCopy organization, which imitates the Russian Gamaredon, uses military related content as bait to launch attacks on Russia

January 25, 2025January 25, 2025 admin

This article discusses the discovery of attack samples targeting Russian-speaking entities, utilizing military-related content as bait, and employing the open-source tool UltraVNC for subsequent actions. The attacks mimic the tactics of the Gamaredon organization, leading to the attribution of these activities to the GamaCopy group. Affected: Russian-speaking targets, Gamaredon organization, GamaCopy organization

Keypoints :

Attack samples were discovered during threat hunting targeting Russian-speaking entities.…

Youtube

DeepSeek-R1, Mistral IPO, FrontierMath controversy, and IDC code assistant report

January 24, 2025 admin

Summary: The video discusses the state of artificial intelligence (AI) as of the end of 2025, focusing on DeepSeek’s emerging role in challenging established players with its open-source innovations. Experts from various fields weigh in on the competitive landscape, the importance of integration beyond performance metrics, and the need for differentiating generalist versus specialized coding assistants.…

Threat Research

Government and university websites targeted in ScriptAPI[.]dev client-side attack – c/side

January 23, 2025January 23, 2025 admin

A recent client-side JavaScript attack has been discovered, affecting over 500 websites, including government and university domains. The attack involves the injection of scripts that create hidden links to external sites, primarily for black hat SEO purposes. The malicious scripts are hosted on scriptapi[.]dev. Affected: government websites, university websites

Keypoints :

Over 500 websites targeted, including government and university domains.…

Youtube

Tool Calling 101: Unlocking Context-Aware LLMs with Real-Time Data #ai #llm #realtimedata

January 23, 2025 admin

Summary: The video discusses how to enhance large language models (LLMs) by making them context-aware through real-time data integration using tool calling. This technique allows LLMs to access external information such as weather, web data, and databases, while also considering the limitations of traditional and embedded tool calling methods.…

Threat Research

Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4

January 22, 2025January 22, 2025 admin

The 20th edition of the Cloudflare DDoS Threat Report highlights significant increases in DDoS attacks in 2024, with a record-breaking 5.6 Tbps attack detected. Cloudflare’s DDoS defense systems blocked over 21 million attacks this year, showcasing the growing threat landscape and the importance of robust cybersecurity measures.…

Cyber Security News

Indonesia at the Center of Global Cybersecurity Threats: Murdoc Botnet and DDoS Attacks Exploit IoT Vulnerabilities

January 22, 2025 admin

In recent months, Indonesia has emerged as a significant hotspot in the global cybersecurity landscape, as cybercriminals exploit vulnerabilities in Internet of Things (IoT) devices to launch large-scale distributed denial-of-service (DDoS) attacks. A new variant of the infamous Mirai botnet, dubbed Murdoc Botnet, has been actively targeting IoT devices, including AVTECH IP cameras and Huawei HG532 routers, with Indonesia being one of the most affected countries.…

Cyber Attack

15-Year-Old Hacker Diverts Ships in Mediterranean Sea for Fun

January 22, 2025January 25, 2025 admin

Summary: A 15-year-old hacker from Cesena, Italy, initially sought to change his grades but escalated his activities to altering maritime routes in the Mediterranean Sea. His actions drew the attention of authorities after he compromised critical infrastructure, leading to an investigation. The Ministry of Education and Merit confirmed that their systems were not breached, but the hacker’s unauthorized access to other systems raised significant concerns.…

Cyber Security News

PoC Exploit released for TP-Link Code Execution Vulnerability(CVE-2024-54887)

January 22, 2025 admin

Summary: A security researcher has discovered a critical vulnerability (CVE-2024-54887) in the TP-Link TL-WR940N router, affecting hardware versions 3 and 4. This vulnerability allows for arbitrary remote code execution through stack buffer overflow exploitation, posing significant risks to users. The research involved advanced techniques such as static and dynamic analysis, leading to the development of a viable exploit.…

Youtube

Human + AI: CX Innovation in 60 seconds

January 22, 2025 admin

Summary: The video discusses the importance of balancing human empathy with the power of technology, specifically AI, to create an effective customer experience strategy. It highlights four critical components that businesses need to address in today’s complex marketplace.

Keypoints:

Knowing your customer: Utilizing AI to analyze vast data for identifying trends and preferences.…

Threat Research

Windows BitLocker — Screwed without a Screwdriver — Neodyme

January 21, 2025January 21, 2025 admin

The article discusses a vulnerability known as “bitpixie” that allows attackers to access encrypted files on Windows devices using BitLocker without needing to disassemble the device. This exploit takes advantage of a bug in the Windows Boot Manager and requires only physical access to the device and a network connection.…

Threat Research

Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours – JPCERT/CC Eyes | JPCERT Coordination Center official Blog

January 21, 2025January 21, 2025 admin

Recent reports indicate unauthorized access in Japan, primarily using LinkedIn as an infection vector. The Lazarus attack group has been identified as responsible for these attacks, which have targeted organizations since 2019. Recommendations include restricting the use of social networking services on work devices. Affected: LinkedIn, Bitcoin.DMM.com…

Cyber Security News

ChatGPT Crawler Vulnerability Abused to Trigger Reflexive DDoS Attacks

January 21, 2025January 21, 2025 admin

Summary: Security researchers have identified a critical vulnerability in OpenAI’s ChatGPT API that can be exploited to conduct Reflective Distributed Denial of Service (DDoS) attacks. This flaw, with a CVSS score of 8.6, poses significant risks to the scalability and security of AI services on cloud platforms, particularly Microsoft Azure.…

Youtube

Can AI Think? Debunking AI Limitations

January 21, 2025 admin

Summary: The video discusses the nature of artificial intelligence (AI) and its reasoning capabilities by examining how large language models (LLMs) perform probabilistic pattern matching, leading to errors in reasoning, particularly when handling extraneous details. The conversation explores the differences between true thinking and the simulation of thought, while highlighting advancements in AI reasoning techniques.…

Author: admin