@cyberalerts.io
//
The FBI has issued a warning about the rising trend of cybercriminals using fake file converter tools to distribute malware. These tools, often advertised as free online document converters, are designed to trick users into downloading malicious software onto their computers. While these tools may perform the advertised file conversion, they also secretly install malware that can lead to identity theft, ransomware attacks, and the compromise of sensitive data.
The threat actors exploit various file converter or downloader tools, enticing users with promises of converting files from one format to another, such as .doc to .pdf, or combining multiple files. The malicious code, disguised as a file conversion utility, can scrape uploaded files for personal identifying information, including social security numbers, banking information, and cryptocurrency wallet addresses. The FBI advises users to be cautious of such tools and report any instances of this scam to protect their assets. The FBI Denver Field Office is warning that they are increasingly seeing scams involving free online document converter tools and encourages victims to report any instances of this scam. Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com. The agency emphasized the importance of educating individuals about these threats to prevent them from falling victim to these scams. References :
Classification:
@go.theregister.com
//
India's central bank, the Reserve Bank of India (RBI), is set to introduce the exclusive "bank.in" domain for banks, a strategic move aimed at combating the rising tide of digital financial fraud. This initiative intends to significantly reduce cybersecurity threats and malicious activities such as phishing. The goal is to streamline secure financial services to enhance trust in digital banking and payment systems. With over 2,000 banks currently operating in India, assigning them an exclusive domain is expected to make it harder for fraudsters to create fake bank websites and lure victims.
This plan was detailed in a policy update, addressing the "significant concern" around increased digital payment fraud in India. Registration for bank.in domains is scheduled to commence in April. The RBI is also planning a separate domain, "fin.in," for other non-bank entities in the financial sector. To further enhance trust in online payments, the RBI is also introducing Additional Factor Authentication (AFA) for cross-border card-not-present online transactions. The Institute for Development and Research in Banking Technology (IDRBT) will serve as the exclusive registrar. References :
Classification:
@gbhackers.com
//
A critical authentication bypass vulnerability, identified as CVE-2024-53704, in SonicWall firewalls is under active exploitation. Security firms are warning that attackers are now targeting this flaw following the public release of proof-of-concept exploit code. The vulnerability allows attackers to bypass authentication, posing a significant risk to affected systems.
Security updates are available for download to address the issue, and users are strongly urged to patch their SonicWall firewalls immediately. Attacks are currently taking place, making prompt action essential to mitigate potential exploits. The vulnerability highlights the importance of keeping security infrastructure up-to-date to defend against emerging threats. References :
Classification:
|