Aggregator

Phishing simulations: What works and what doesn’t

Help Net Security
8 months 4 weeks ago

Phishing is one of the oldest and most effective technique used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy Hunt, who recently fell for a phishing email. Before AI became mainstream, phishing emails often gave themselves away. They were full of grammar mistakes and awkward wording, making them easier to spot. That’s changed. Today’s phishing attacks are much more convincing, often looking just … More →

The post Phishing simulations: What works and what doesn’t appeared first on Help Net Security.

Sinisa Markovic

Identity Threats Target Small Businesses in MFA Workarounds

Ransomware DataBreachToday.com
8 months 4 weeks ago
Huntress's Kyle Hanslovan Warns of MFA Bypass, Rogue Apps, Fake Device Enrollments
Cybercriminals are bypassing MFA using session tokens and rogue app access, with shadow workflows enabling persistent inbox theft against SMBs. Huntress offers behavioral training and managed identity response to SMBs for real protection not just more alerts, says CEO Kyle Hanslovan.

Chinese Hackers' Evolution From Vandals to Strategists

Ransomware DataBreachToday.com
8 months 4 weeks ago
Early Hacktivists Laid the Blueprint for Chinese Hacking
There's a reason why many of the same tools appear time and time again in Chinese nation-state hacking: A first-generation of hackers who grew up together online and continue to swap techniques to this day. A report shows the influence of the so-called "Red 40".

Another Medical Practice Closes Its Doors After Cyberattack

Ransomware DataBreachToday.com
8 months 4 weeks ago
Alpha Wellness Says 'Devastating' Incident Forced Closure of Georgia-Based Center
Another small medical care provider has shut its doors forever as the result of a recent "devastating" cyberattack. Georgia-based Alpha Wellness & Alpha Medical Centre has permanently pulled the plug on its operations following a data theft attack by cybercriminal gang RansomHub.

US Infrastructure Remains Vulnerable 15 Years After Stuxnet

Ransomware DataBreachToday.com
8 months 4 weeks ago
Experts Say Critical Infrastructure Sectors Have Made Little Cybersecurity Progress
Panelists told the House subcommittee on cybersecurity and infrastructure protection that U.S. critical infrastructure sectors have made few cyber improvements over the last 15 years despite fears of retaliation following digital and physical attacks on Iranian nuclear sites.

ZDI-CAN-27517: FontForge

ZDI: Upcoming Advisories
8 months 4 weeks ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'volticks (@movx64 on twitter)' was reported to the affected vendor on: 2025-07-23, 78 days ago. The vendor is given until 2025-11-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Discovery Drive: An Affordable Antenna Rotator Crowd Funding Pre-Launch Page now Active!

不安全
8 months 4 weeks ago
"Discovery Drive"是一款自动天线旋转器,适用于"Discovery Dish"及其他类似天线。它支持跟踪极地轨道卫星并快速切换至地静止卫星。内置ESP32控制器,支持Wi-Fi或串口控制,并兼容多种软件。具备高扭矩、高精度及防水设计,适合户外使用。预发布页面已上线,众筹期间价格将优惠至少100美元。

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

不安全
8 months 4 weeks ago
美国网络安全和基础设施安全局(CISA)于7月22日将两个Microsoft SharePoint漏洞(CVE-2025-49704和CVE-2025-49706)添加到已知被利用的漏洞目录中,并要求联邦机构在次日修复。这些漏洞涉及伪造和远程代码执行攻击链,可导致未经授权访问本地SharePoint服务器。微软指出中国黑客组织利用这些漏洞自7月7日起攻击本地SharePoint服务器。

Creams Cafe - 159,652 breached accounts

不安全
8 months 4 weeks ago
2025年5月,Creams Cafe泄露约16万条客户数据,包括邮件、地址、姓名和电话号码。Creams Cafe未回应此事件,但HIBP用户确认数据真实有效。

US Trains are Vulnerable to Derailment via RF Attacks to the End of Train Device

不安全
8 months 4 weeks ago
一项新的CVE漏洞显示,软件定义无线电可远程发送刹车指令至列车尾部无线控制盒。研究员Neil Smith花费12年时间披露此问题,但美国铁路协会未重视。该漏洞可能导致列车意外制动甚至脱轨。目前尚未修复,铁路协会计划于2027年前采用新标准替换现有系统。

The fraud trends shaping 2025: Pressure builds on online retailers

Help Net Security
8 months 4 weeks ago

Fraud is growing faster than revenue in eCommerce. That’s one of the first things PwC and Forter point out in their new report, and it’s a wake-up call for online retailers. Fraud is rising faster than ever Right now, eCommerce leaders are dealing with a mix of challenges: economic ups and downs, political uncertainty, more cyber threats, and new fraud rules kicking in on 1st September. The report focuses on what’s happening outside the business. … More →

The post The fraud trends shaping 2025: Pressure builds on online retailers appeared first on Help Net Security.

Anamarija Pogorelec

新型Android TapTrap攻击用不可见的UI对用户进行引导性欺骗

嘶吼
8 months 4 weeks ago

一种新型的点击劫持技术可以利用用户界面动画绕过Android的权限系统,允许访问敏感数据或欺骗用户执行破坏性操作,例如清除设备。

与传统的基于覆盖的点击劫持不同,TapTrap攻击甚至可以在零权限应用程序上启动无害的透明活动,这种行为在Android 15和16中仍然没有得到缓解。

TapTrap是由维也纳工业大学和拜雷塔大学的安全研究团队开发的,并将在下个月的USENIX安全研讨会上展示。目前,该团队已经发表了一篇技术论文,概述了这次攻击,并建立了一个网站,总结了大部分细节。

TapTrap如何工作

TapTrap滥用Android用自定义动画处理活动转换的方式,在用户看到的和设备实际注册的内容之间造成视觉上的不匹配。

一个恶意应用程序在目标设备上安装后,使用‘startActivity()’和自定义低不透明度动画从另一个应用程序启动敏感的系统屏幕(权限提示、系统设置等)。

“TapTrap的关键是使用一种动画,使目标活动几乎不可见,”研究人员在一个解释攻击的网站上说。

这可以通过定义一个自定义动画来实现,将开始和结束的不透明度(alpha)设置为一个低值,比如0.01,从而使恶意或危险的活动几乎完全透明。可选的是,缩放动画可以用于缩放特定的UI元素(例如,权限按钮),使其占据整个屏幕,并增加用户点击它的机会。

TapTrap概述

虽然启动的提示接收所有触摸事件,但用户看到的只是显示自己UI元素的底层应用,因为在它的顶部是用户实际参与的透明屏幕。

用户认为他们是在与应用程序互动,他们可能会点击屏幕上与危险操作相对应的特定位置,例如在几乎看不见的提示上点击“允许”或“授权”按钮。

风险暴露

为了检查TapTrap是否可以与Play Store(官方Android仓库)中的应用程序配合使用,研究人员分析了近100000个应用程序。他们发现76%的应用程序容易受到TapTrap攻击,因为它们包含满足以下条件的屏幕活动:

·可以由另一个应用程序启动

·在与调用应用程序相同的任务中运行

·不覆盖过渡动画

·在动画完成之前就对用户输入作出反应

研究人员表示,除非用户在开发者选项或可访问性设置中禁用动画,否则最新的Android版本是可以启用动画的,否则会使设备暴露在TapTrap攻击之下。

在开发攻击时,研究人员使用了当时最新的Android 15,但在Android 16发布后,他们也对其进行了一些测试。

Marco Squarcina表示,他们在运行Android 16的bb0 Pixel 8a上尝试了TapTrap,他们可以确认这个问题仍然没有得到缓解。

专注于隐私和安全的移动操作系统GrapheneOS也证实,最新的Android 16容易受到TapTrap技术的攻击,并宣布他们的下一个版本将包括修复程序。

胡金鱼

Managed ad