technology | Breaking Cybersecurity News | The Hacker News

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication ( NFC ) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to suggest that the service is promoted on Telegram channels. SuperCard X "employs a multi-stage approach combining social engineering (via smishing and phone calls), malicious application installation, and NFC data interception for highly effective fraud," security researchers Federico Valentini‍, Alessandro Strino, and Michele Roviello said . The new Android malware, the work of a Chinese-speaking threat actor, has been observed being propagated via three different bogus apps, duping victims into installing them via social engineering techniques like deceptive SMS or WhatsApp mess...

Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better understand and reflect their cultures, languages, and history," the company said . To that end, users' posts and comments, as well as their interactions with Meta AI, are expected to be used for training and improving the models. It does not cover private messages sent between friends and family and data from accounts below the age of 18. Users in the region will start receiving notifications this week, both in the apps and via email, that detail the kinds of data the company will be using for this purpose and why it matters in the context of improving AI and the overall user experie...

South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains accessible. The agency said it commenced its own analysis of DeepSeek right after its launch and that it "identified some shortcomings in communication functions and personal information processing policies with third-party service providers." DeepSeek is said to have recently appointed a local representative, per PIPC, with the company also acknowledging it had failed to take into consideration domestic privacy laws when launching the service.  To that end, downloads of DeepSeek are being paused until the company implements the necessary improvements that bring the service in compliance...

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt to do so during phone calls are served the message: "Scammers often request this type of action during phone call conversations, so it's blocked to protect you. If you are being guided to take this action by someone you don't know, it might be a scam." Furthermore, it blocks users from giving an app access to accessibility services over the course of a phone call. The feature is currently live in Android 16 Beta 2, which was released earlier this week. With this latest addition, the idea is to introduce more friction to a tactic that has been commonly abused by maliciou...

Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for the company told The Hacker News when reached for comment. "SafetyCore is a new Google system service for Android 9+ devices that provides the on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users are in control over SafetyCore and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature." SafetyCore (package name "com.google.android.safetycore") was first introduced by Google in October 2024, as part of a set of security measures designed to...

A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and device data. "The DeepSeek iOS app sends some mobile app registration and device data over the Internet without encryption," the company said . "This exposes any data in the internet traffic to both passive and active attacks." The teardown also revealed several implementation weaknesses when it comes to applying encryption on user data. This includes the use of an insecure symmetric encryption algorithm ( 3DES ), a hard-coded encryption key, and the reuse of initialization vectors . What's more, the data is sent to servers that are managed by a cloud compute a...

DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in as usual. Thanks for your understanding and support." Users attempting to sign up for an account are being displayed a similar message, stating "registration may be busy" and that they should wait and try again. "With the popularity of DeepSeek growing, it's not a big surprise that they are being targeted by malicious web traffic," Erich Kron, security awareness advocate at KnowBe4, said in a statement shared with The Hacker News. "These sorts of attacks could be a way to extort an organization by promising to stop attacks and rest...

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here . New research by web exposure management specialist Reflectiz reveals several alarming findings about the high number of website vulnerabilities organizations across many industries are needlessly exposing themselves to. For instance, one standout statistic from the report is that 45% of third-party applications access sensitive user information without good reason . Although third-party apps may be essential for marketing and functionality purposes, not all of them need access to the kind of personal and financial user information that cybercriminals are hunting for. It's safer to limit apps' access to it on a need-to-know basis. For the report, Reflectiz gathere...

The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately," Acting Secretary Benjamine C. Huffman said in a January 20, 2025, memo. "Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities." This includes members of the Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Safety Review Board (CSRB), which last year issued a scathing report excoriating Microsoft for a "cascade" of avoidable errors that led to its infrastructure being abused by a China-based nation-st...

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection ( SIP ) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug that was addressed by Apple as part of macOS Sequoia 15.2 released last month. The iPhone maker described it as a "configuration issue" that could permit a malicious app to modify protected parts of the file system. "Bypassing SIP could lead to serious consequences, such as increasing the potential for attackers and malware authors to successfully install rootkits, create persistent malware, bypass Transparency, Consent and Control (TCC), and expand the attack surface for additional techniques and exploits," Jonathan Bar Or of the Microsoft Threat Intelligen...

Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code," Samsung said in an advisory for the flaw released in December 2024 as part of its monthly security updates. "The patch adds proper input validation." Google Project Zero researcher Natalie Silvanovich, who discovered and reported the shortcoming, described it as requiring no user interaction to trigger (i.e., zero-click) and a "fun new attack surface" under specific conditions. Particularly, this works if Google Messages is configured for rich communication services ( RCS ), the default configuration on Galaxy S23 and S24 ph...

Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan's national security and advanced technology, the agencies said . MirrorFace, also tracked as Earth Kasha, is assessed to be a sub-group within APT10. It has a track record of systematically striking Japanese entities, often leveraging tools like ANEL, LODEINFO, and NOOPDOOR (aka HiddenFace). Last month, Trend Micro revealed details of a spear-phishing campaign that targeted individuals and organizations in Japan with an aim to deliver ANEL and NOOPDOOR . Other campaigns observed in recent years have also been directed against Taiwan and India. According to NPA and NCSC, attacks mounted by Mirro...

Ransomware isn't slowing down—it's getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection. The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join Emily Laufer , Director of Product Marketing at Zscaler, for an eye-opening session, " Preparing for Ransomware and Encrypted Attacks in 2025 " filled with practical insights and cutting-edge strategies to outsmart these evolving threats. What You'll Learn: ThreatLabz Insights: Get the latest findings from Zscaler's experts on ransomware and encrypted attacks, including the trends making the biggest impact. 2025 Predictions: Find out how ransomware groups are refining their tactics to stay one step ahead—and what you can do to stop them. Encrypted DNS Attacks: Learn how cyb...

The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission (FCC) said . "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear a label—including a new ' U.S Cyber Trust Mark .'" As part of the effort, the logo will be accompanied by a QR code that users can scan, taking them to a registry of information with easy-to-understand details about the security of the product, such as the support period and whether software patches and security updates are automatic. The information will also comprise details related to changing the default password and the various steps users can take to configure the device securely. The initiative, announced back in July 2023, is expected to involve thir...

Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the assistant "obtained by Apple and/or were shared with third-parties as a result of an unintended Siri activation" between September 17, 2014, and December 31, 2024. Eligible individuals can submit claims for up to five Siri devices – iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV – on which they claim to have experienced an accidental Siri activation during a conversation intended to be confidential or private. Class members who submit valid claims can receive $20 per device. The lawsuit was brought against Apple following a 2019 report from The Guar...

The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the cybersecurity of critical infrastructure, the OCR said. The rule is designed to strengthen protections for electronic protected health information (ePHI) by updating the HIPAA Security Rule's standards to "better address ever-increasing cybersecurity threats to the healthcare sector." To that end, the proposal, among other things, requires organizations to conduct a review of the technology asset inventory and network map, identify potential vulnerabilities that could pose a threat to electronic information systems, and establish procedures to restore the loss of certa...

Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if exploited, could allow a malicious attacker to execute code on any cloud-enabled device, giving them the ability to control tens of thousands of devices." The operational technology (OT) security company, which carried out an in-depth research of the Internet of Things (IoT) vendor, said it not only identified 10 flaws but also devised an attack called "Open Sesame" that can be used to hack into an access point in close physical proximity over the cloud and gain unauthorized access to its network. Of the 10 vulnerabilities , three of them are rated Critical in...