Tag Archive for: Utility

Over 44000 utility vulnerabilities have been found by ethical hackers in the last year, according to Cyber Security Specialist Vimal Kallyat Panoli

/in


New Delhi (India), December 27: The number of vulnerabilities is vast. Each piece of equipment, utility, and API offers attackers new opportunities for exploiting and gaining access to advantageous information. Nevertheless, companies increasingly use ethical hackers to gain an advantage over their competitors. The role of AI and machine learning in cybersecurity will be discussed along with selected case studies. Now that we live in a digital world, we can watch classes online as well as offline whenever we want.

“By learning from the hacking community about their journeys and expectations, corporations can run best-in-class applications to attract the most talented hackers,” said KFone.in CEO and arch hacker Specialist, Vimal Kallyat Panoli. In short, he is known as Vimal K P. Various cyber security courses are offered through his own website vimalkp.com. Through Facebook, he offers a variety of ethical hacking classes. The majority of them are free. According to Vimal Kallyat, giving many courses for free is a way to bring security issue knowledge to everyone, since many people are ignorant of security issues. The Master’s degree he received from Coimbatore University was in MCA and the second PG degree he received from Madurai Kamaraj University was in MSC Computer Science. The place where he was born is Vadakara (Kozhikode), a city in Kerala. A retired BSNL officer, father P C Viswanathan, and a retired teacher, mother Suma K P, comprise the Viswanathan family.

Vimal Says – any decent hacker will have his or her own addendums during an evaluation. The first and most critical thing they need to do is protect themselves. For instance, if an argument breaks out during an assimilation test, the company may turn to the hacker first. Having a time-stamped log of the activities carried out, be it registering a device or scanning for malware, reassures businesses that hackers are working with them rather than against them. Additionally, a precise addendum explains the ethical and criminal aspects of the equation. Despite the lack of primary findings, they form the basis of stories about hackers’ aftermath. They can highlight the issues they’ve noticed, the…

Source…

Hackers Are Spoofing MSI’s Afterburner Utility To Infect Gamers With Malware

/in


msi afterburner screen
A cyber risk and security analysis company by the name of Cyble has discovered that there are a number of websites distributing a version of MSI Afterburner laced with various strains of malware. Those who accidentally download this widely popular graphics card utility via one of the cunningly crafted spoof domains could face malware issues such as; unwanted crypto mining software, and information stealing software.
MSI’s Afterburner is a very popular free utility for owners of graphics cards, for owners of all brands (not just MSI) and architectures (AMD or Nvidia). However, enthusiasts looking to install Afterburner on a new PC, or grab an update via the web, should be extra careful where they get it. Cyble Research & Intelligence Labs (CRIL) have observed nearly 50 dodgy-domains come and go since early September, where MSI Afterburner is sneakily bundled with a selection of malware.

Specific malware apps that are being duped with a genuine version of MSI Afterburner include; XMR Miner, and Redline Stealer. CRIL provides some technical details of both malware installations. For news purposes it is sufficient to say that these malware apps are secretly installed alongside the genuine MSI Afterburner, without user prompting, from download files with innocuous names like browser_assistant.exe, install.exe, and comp.cab – distributed by the fake sites.

The non-official MSI afterburner sites setup by the threat actors (TAs) behind this malware campaign commonly contain text strings like msi-afterburner-download, and use less popular domain extension such as .tech, .online, and so on. We haven’t listed any particular overclocking-honey-trap site here, just in case a reader looking for an Afterburner download finds this article, then nonchalantly copies and pastes a malware site into the search/URL combo box of their browser. According to the source, the destination sites look very much like the official MSI site. Below, you can compare CRIL’s fake site screenshot to one we have just taken direct from the genuine https://www.msi.com/Landing/afterburner/graphics-cards today.
afterburner download fake and real
Top (malware site) image via CRIL, lower image shows the genuine MSI site.


In a Google…

Source…

Ransomware potentially exposed 2,000 Ypsilanti-area utility customers’ bank information

/in


YPSILANTI, MI – A ransomware infection, detected by an employee working the midnight shift in mid-April, may have exposed 2,000 Ypsilanti-area utility customers’ bank payment information to unauthorized individuals.

The Ypsilanti Community Utilities Authority, serving Ypsilanti and surrounding townships, isn’t aware of any reports of identify fraud or improper use of information resulting from the incident, detected on April 16, according to a letter sent this month to affected customers.

“We took a very proactive approach from the very beginning. We’ve brought experts on board, and we followed their guidance,” said YCUA Human Resource Director Debra Kinde.

The person or people behind the network breach potentially obtained files containing customers’ names and bank account and routing numbers used for ACH payments to the water and wastewater service provider, affecting about 8% of the authority’s 25,000 customers, according to Kinde and the letter.

Cybersecurity experts have assured YCUA officials that the information alone should not be sufficient to access the accounts. Kinde said while legal counsel brought on to assess the situation determined the the breach didn’t require notification to customers under the law, YCUA felt it was still important to notify them.

“Better that we take that route than for even one person to be caught unaware,” Kinde said. “We just wanted to be extra-transparent.”

Officials quickly contained the cyberthreat by disabling unauthorized access to their network and started an investigation with the assistance of outside digital forensics professionals, according to Kinde and the notification letter to customers.

The ransomware infected encrypted files stored on the network, and YCUA officials received a demand for payment to access them, saying the information would be released otherwise, Kinde said. Officials were able to restore all encrypted data and did not pay any ransom, she said.

On July 15, the investigation into the incident revealed that data accessible to the unauthorized individual or individuals behind the attack included some customers’ banking information, according to the notice sent to customers.

The letter recommends…

Source…

Dubai utility provider Dewa warns against phishing scam

/in


Customers of Dubai Electric and Water Authority have received a warning about phishing scams after reports of fraudulent messages sent by social media and email.

Bogus messages asking people to pay their bills, answer questions or forward on the messages to friends to be in with a chance of winning a prize prompted Dewa to issue advice to all its customers.

“Dewa urges customers and society members to avoid opening attachments from unofficial sources or clicking on unknown links,” an email sent to all customers read.

“This may enable hackers to access your personal information, including your credit cards.”

Bill payments and any correspondence should only be made by trusted channels, the official Dewa website and its verified social media accounts, the advice said.

Phishing scams and ransomware attacks have been on the rise since the coronavirus pandemic began as more people used home computers without adequate security software.

A 2020 report by computer security analysts Kaspersky recorded more than 600,000 phishing attacks at the height of the pandemic in the UAE alone.

The company said that from April to June that year 2.57 million phishing attempts were reported in the Middle East.

Meanwhile, New York based researchers Cybersecurity Ventures predicted cyber criminals would target a business, consumer or device every two seconds by 2031 as threats continue to rise and nations migrate towards digital economies.

Updated: May 22, 2022, 6:34 AM

Source...