Tag: app’ | Page 2

Radware: Web App, API Malicious Transactions Up 171% Due to DDoS Attacks

March 6, 2024/in Internet Security

DDoS attacks per customer nearly double
Web DDoS attacks relentlessly continue throughout the year
DNS query flood vectors increase more than three fold
Government, business/economy, and travel websites face the most hacktivist claimed DDoS attacks worldwide

Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, released its 2024 Global Threat Analysis Report.

“The technological race between good and bad actors has never been more intense,” said Pascal Geenens, Radware’s director of threat intelligence. “With advancements like Generative AI,

inexperienced threat actors are becoming more proficient and skilled attackers more emboldened. In 2024, look for attack numbers to climb and attack patterns, like the shift in Web DDoS attacks, to continue to evolve.”

Radware’s comprehensive report leverages intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat intelligence research team during 2023. In addition, it draws from information found on Telegram, a public messaging platform often used by cyber criminals.

Radware’s report reveals key themes about the emerging threat landscape.

DDoS Attacks Surge Unprosecuted

“With almost two years of illegal denial of service left un-prosecuted following Russia’s invasion of Ukraine and the unfettered rise of hacktivism, the threshold into a life of cyber crime has reached a new low,” said Geenens. “We have yet to see DDoS attacks used as a mainstream vehicle to settle disagreements or differences, but plenty of groundwork has been laid by proficient hacktivists.”

Between the close of 2022 and 2023 DDoS attacks rose worldwide:

Globally, the average number of DDoS attacks per customer grew by 94%. On a regional basis, the increase in the number of DDoS attacks targeting customers varied:
- EMEA rose 43%
- The Americas grew 196%
- APAC climbed 260%
The Americas were targeted by almost half of all global DDoS attacks. The EMEA region, accounting for 39% of the DDoS attacks, mitigated 65% of the global DDoS attack volume. The APAC region accounted for almost 12% of global DDoS attacks.

Hacktivists Attack with Unrelenting…

Source…

Beware of this ‘dangerous’ Chrome app that can automatically steal your passwords and photos

February 27, 2024/in Computer Security

A team of researchers have found malware that, once installed on any Android device, can automatically steal users’ data like photos, passwords and chats. It is a new variant of MoqHao (also referred to as Wroba and XLoader), which is a well-known Android malware family. Recently, the McAfee Mobile Research Team found that MoqHao has begun distributing this ‘new dangerous’ variant via SMS links.

What makes this malware dangerousAccording to the report, the hackers send a link to download the malicious app via SMS. While a typical MoqHao malware requires users to install and launch the app, this variant requires little execution from the users’ side. When the app is installed, hackers’ malicious activity starts automatically.

The malware disguises itself as ‘Chrome’ that can fool Android users into downloading the app. Once downloaded, the malware requests users to set itself as the default SMS app with prompts in various languages like Hindi, English, French, Japanese and German.

“Also, the different languages used in the text associated with this behaviour suggests that, in addition to Japan, they are also targeting South Korea, France, Germany, and India,” McAfee said.

How this malware worksThe hackers use social engineering techniques to convince users to set this malicious app as the default app. They show messages just like the way a legitimate app would flash. This message is fake and is used to make users believe that they have downloaded a legitimate app.

How to spot the malware-laden Chrome app
This app has an italic ‘r’ and asks users to let the app always run in the background. Google Chrome doesn’t ask for such permission. Furthermore, any link that comes via an SMS is a red flag and must not be clicked.

McAfee said that the company has already reported this technique to Google and the company is “already working on the implementation of mitigations to prevent this type of auto-execution in a future Android version.”

Expand

The Google Chrome app is available to download from Google Play Store and it is advised that users download all apps from the official store. Android users are protected by Google Play Protect, which is on by default on Android devices with…

Source…

Popular Social Media App Discord Clamps Down To Fight Cyber Attacks – Forbes Advisor

January 5, 2024/in Computer Security

Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

Multimedia social platform Discord is cracking down on malicious links, known as malware, by activating stronger security measures. From now on, Discord links that are shared outside the platform will expire after 24 hours. The goal is to lessen users’ exposure to malware, making it harder for identity thieves to steal users’ personal and financial information.

Hackers commonly exploit Discord servers to host malicious files and distribute malware. Malware can include spyware, key-loggers and viruses that infect users’ computers and reveal personal data and access codes, enabling identity theft and other crimes. In the past, familiarity with the Discord brand has often led users to click seemingly safe links that turned out to be malware, bringing on a cyberattack.

The new 24-hour expiration feature will only apply to links shared outside of Discord. Within Discord, shared file links will update automatically, so internal users can access files without the threat of expiration.

Featured Partners

Price

$19.99 your first year

“There is no impact for Discord users that share content within the Discord client. Any links within the client will be auto-refreshed,” said Discord communications manager Hannah Stabingas.

Stabingas said the new measures, rolling out in December 2023 and early 2024, will enhance privacy and security for the app’s 150 million-plus active monthly users.

“This will help our safety team restrict access to flagged content and generally reduce the amount of malware distributed using our CDN (content delivery network),” Stabingas said.

Malware has been an ongoing problem for Discord. According to Discord’s latest transparency report, during the third quarter of 2023, 11,885 accounts and 2,389 servers were removed from the platform for deceptive practices. These practices include malware, fraud and scams, according to the report.

Cybersecurity expert Jake Williams, a faculty member at the Institute for Applied Network Security (IANS), says the new changes will likely be…

Source…

Pixel 2024 update solves Camera app crashes and display flickering

January 4, 2024/in Mobile Security

What you need to know

Google’s light January 2024 security patch aims to solve an annoying crashing problem with the Camera app on Pixel devices.
The company has included several “High” level vulnerability fixes for its Pixel line’s framework and system.
The Pixel Tablet and Pixel Fold have also received fixes for specific problems, alongside a screen flickering fix for the Pixel 8.

Google is starting the year off with a security patch aimed at correcting some frustrating problems plaguing Pixel users.

The company’s update states the January 2024 security patch is rolling out for the Pixel 5a (5G), Pixel 6, 6 Pro, 6a, and Pixel Tablet bearing update version UQ1A.240105.002. Those rocking a Pixel 7, 7 Pro, 7a, Pixel Fold, or Pixel 8 series device will pick up version UQ1A.240105.004.

Those owning a Pixel device through Verizon are also receiving the patch. Users with the carrier will see version UQ1A.240105.004.A1 available to download.

The change log is rather light, however, Google details a fix for the Pixel Camera. “Under certain conditions” users have been experiencing crashes with the application, which should now be resolved with the latest patch. The remainder of the fixes are as follows:

Fix for users facing flashing black screen when playing video in certain conditions (Pixel 8 series)
Fix for users unable to exit Setup Wizard in certain conditions (Pixel Tablet)
Fix for Wallpaper on home screen showing black in certain conditions (Pixel 8 series/Pixel Fold)

(Image credit: @tshakaarmstrong)

Diving into the Android Security Bulletin, Google has included five “High” level system vulnerability fixes for its Pixel devices. There were five more “High” level fixes aimed at the Pixel line’s framework that have been implemented, as well. In tandem with Arm, Google has provided a couple of severe vulnerability fixes for its Mali components.

Since the update has just started rolling out, it would be wise to give Google some time before you see it appear on your device as we end the week.

The January patch is much lighter when looking back on the December security update. Last month included some fixes for “stability” to the Camera app, and we’ve now seen January’s update take things further….

Source…

Tag Archive for: app’

DDoS Attacks Surge Unprosecuted

What you need to know