CYFIRMA analysis reveals a sophisticated malware campaign that exploits a major Indian bank’s brand through fake mobile apps. These apps, distributed via phishing links and social engineering, closely resemble the real bank apps, deceiving users into sharing their credentials and personal information. The malware uses advanced techniques, such as encrypted …
Read More »
India’s central bank to launch a special “.bank.in” domain for banks in April 2025 to fight digital payment fraud and enhance trust in online banking. The Reserve Bank of India announced that the Institute for Development and Research in Banking Technology (IDRBT) will exclusively manage the new “fin.in” domain for …
Read More »
The zLabs research team found a mobile malware campaign with nearly 900 malware samples aimed at Indian bank users. Analysis shows shared code, interfaces, and logos, indicating a single group behind the attacks on Android devices. Zimperium’s detection engine successfully identified these as Trojan Bankers targeting Indian financial institutions. This …
Read More »
At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company’s $25 million settlement with Donald Trump, which includes $22 million for the future Trump Presidential Library. But Zuckerberg did say that he had to be increasingly careful about what he says internally at Meta. “Everything …
Read More »
Sygnia’s recent report highlights the changing strategies of ransomware groups targeting VMware ESXi appliances. These attackers exploit vital virtual infrastructure to disrupt operations and remain hidden in compromised networks. ESXi appliances have become prime targets due to their role in hosting vital virtual machines. “Damaging them renders virtual machines inaccessible, …
Read More »
MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded by the NSA and the U.S. Department of Defense, offers a flexible and user-friendly framework for cybersecurity operations and strategic decision-making. D3FEND was initially released as a beta in June …
Read More »
Last year saw a significant rise in cyber threats, with malware becoming more advanced and attack strategies more sophisticated. A report by ANY.RUN, an interactive malware analysis platform, noted that 2024 experienced the highest levels of complex malware threats in the global cybersecurity landscape. Surge in Malware Activity: In 2024, …
Read More »
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a second security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products to its Known Exploited Vulnerabilities (KEV) catalog, noting that it is actively being exploited. CVE-2024-12686 is a medium-severity vulnerability (CVSS score: 6.6) that could let an attacker …
Read More »
India has made strides in cybersecurity by clarifying ministerial roles in September 2024 and implementing a National Security Directive that limits telecom infrastructure procurement to trusted sources. It is also considering similar protocols for other vital sectors like power. To address the shortage of cybersecurity professionals, the government is investing …
Read More »
A deceptive proof-of-concept exploit for CVE-2024-49113, known as “LDAPNightmare,” on GitHub spreads infostealer malware that steals sensitive data and sends it to an external FTP server. Trend Micro discovered a case where hackers trick users into infecting themselves with malware. Trend Micro reports a malicious GitHub repository that seems to …
Read More »
InfoSecBulletin Cybersecurity for mankind
