Stay informed with our weekly roundup of top 10 key happenings in tech, cyber, and geopolitics. Discover the most significant developments, trends and breakthroughs shaping the industry, all in one concise update. The card image tiles are designed for easy recognition of the category to which the news belongs.
Forensic Report on OTP-Stealing APK: How Uttarakhand Cyber Police Cracked the Mystery
A forensic analysis of the Haridwar investment scam app exposed its abuse of multiple permissions, including reading and sending SMS messages, which allowed fraudsters to intercept OTPs and carry out unauthorized financial transactions. Authorities are strongly advising the public to be extra cautious when granting permissions to financial apps, to prevent falling prey to such sophisticated and malicious scams.
Read moreNew UPI Scam Exposed: How to Protect Your Account from Collect Request Fraud
A new scam in the digital payment world involves fraudsters spamming users with fake UPI collect requests, often disguised as legitimate transactions from trusted services. Just one careless approval can lead to significant financial loss. To protect your money, always stay vigilant, verify every UPI request thoroughly, and never approve a transaction without being absolutely sure of its authenticity.
Read more
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
Cybersecurity researchers have uncovered a serious vulnerability in Microsoft Copilot Studio, identified as CVE-2024-38206 (CVSS score: 8.5). This flaw, caused by a server-side request forgery (SSRF) attack, could allow attackers to access sensitive information within Microsoft internal infrastructure, including Cosmos DB instances. Although Microsoft has patched the issue, ensuring no customer action is required, it underscores the ongoing need for robust security measures across all digital platforms.
Read more
New macOS Malware 'Cthulhu Stealer' Targets Apple Users' Data
Cybersecurity researchers have identified a new macOS-targeting malware called Cthulhu Stealer, available as malware-as-a-service (MaaS) for $500 monthly. Disguised as legitimate software, it steals credentials, cryptocurrency wallets, and other sensitive data by prompting users to enter their system and MetaMask passwords. Though unsophisticated, it highlights the growing threat to macOS, reinforcing the need for caution and regular security updates.
Read moreApple will soon let you delete the App Store in some markets
Recent changes driven by the EU's Digital Markets Act (DMA) will significantly impact iPhone users in the EU. Soon, you'll have more freedom to set default apps for various functions, including messaging and navigation. Additionally, you’ll be able to delete core Apple apps like Safari and the App Store, though you can still redownload them if needed. These updates are set to roll out with iOS 18 and beyond.
Read moreAndroid malware uses smartphones NFC reader to steal payment card details.
A new Android malware has been discovered that uses smartphones NFC readers to steal payment card details. This malicious software intercepts data during NFC transactions, compromising users' financial information. To safeguard against this threat, users should be vigilant about app permissions, keep their devices updated, and utilize secure payment methods. Regularly checking for security updates is also crucial.
Read moreInside the Massive AWS Cloud Breach: How Exploited .env Files Led to a Global Extortion Campaign
A sophisticated cyber attack targeted over 230 million cloud environments, exploiting exposed .env files to gain unauthorized access. Attackers used these files to escalate privileges, deploy malicious AWS Lambda functions, and exfiltrate data. The incident highlights vulnerabilities in cloud security, particularly around .env file management and AWS IAM policies. Organizations must enhance security practices, monitoring, and incident response strategies to prevent similar attacks.
Read moreNavigating Cyber Threats: Effective Use of the MITRE ATT&CK Framework
The MITRE ATT&CK Framework is like a playbook for cybersecurity. It maps out how attackers operate, giving organizations a clear view of their tactics and techniques. By using ATT&CK, teams can better understand and defend against threats, spot weaknesses in their security, and respond more effectively to attacks. It’s a practical tool for staying one step ahead in cyber defense.
Read moreNew UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia
A new malware called UULoader is being used to deliver other malicious payloads like Gh0st RAT and Mimikatz. It disguises itself as legitimate software updates targeting Korean and Chinese speakers. The malware hides in a Microsoft Cabinet file and uses DLL side-loading to execute its final stage. This highlights ongoing tactics where fake updates are used in cyberattacks.
Read moreED Arrests Kidnapper for Extorting 2,091 Bitcoins and 11,000 Litecoins Worth Rs 1,232.5 Crore
In a major crackdown, the Enforcement Directorate arrested Shailesh Bhatt for a staggering Rs 1,232.5 crore crypto extortion case. Bhatt, defrauded in a cryptocurrency scam, allegedly kidnapped two of Bitconnect Coin's employees and extorted 2,091 Bitcoins, 11,000 Litecoins, and cash. The ED has also attached assets worth Rs 442 crore linked to the crime.
Read more
