No recent events yet!
Security researchers uncovered a new technique used by cyber criminals to hack into people' Google accounts without requiring their passwords. Google accounts are potentially exposed due to authentication cookies that bypass two-factor authentication. In this hack, criminals employ malware to gain access to Google accounts without requiring any passwords. According to the findings, the malware uses third-party cookies to gain access to private information from affected accounts. Furthermore, the new weakness allows hackers to access Google services even after a user's password has been reset. However, Chrome is currently cracking down on third-party cookies.
Cybercriminals are continuously looking for and developing new ways to disseminate malware, with the most recent option being through malicious advertisements. These malicious advertising, or malvertising campaign are used to spread .NET loaders, known as MalVirt, that deploy information-stealing malware unto unsuspecting devices. Malvertising is a relatively recent hacking strategy that embeds harmful malware in digital advertisements. Almost every internet user is vulnerable to infection.
![[THREAT ALERT]: PLANNED ATTACKS ON NATION’S CRITICAL INFORMATION INFRASTRUCTURES BY “ANONYMOUS SUDAN” HACKING GROUP AGAINST NIGERIA](https://cert.gov.ng/ngcert/images/alerts-advisories/threat-alert-sm.jpg)
Anonymous Sudan on the 1st of August, 2023 announced via their Telegram channel of planned cyber attacks against critical information infrastructures in Nigeria, following Nigeria’s role and involvement in ECOWAS recent directives to the Niger Military in the process of restoring power to the democratically elected government of Niger Republic.
CISA and its partners recently released an advisory to warn vendors, designers, developers, and end-users of web applications about IDOR vulnerabilities, which are access control vulnerabilities that enable threat actors to modify or delete data. In addition, these vulnerabilities enable threat actors to access sensitive data by issuing requests to a web application programming interface (API) specifying the user identifier of valid users. These vulnerabilities are frequently exploited by malicious actors in data breach incidents because they are common, hard to prevent outside the development process, and can be abused at scale. IDOR vulnerabilities have resulted in the compromise of personal, financial, and health information of millions of users and consumers
The Kenyan government, via the Ministry of Interior, claimed that some of the country's online infrastructures had been struck by a wave of Distributed Denial of Service (DDoS) attacks, rendering the country's online platforms unreachable. The attack began on 23 July 2023, just barely four weeks after President Ruto released thousands of government services on the e-citizen platform in an effort to boost efficiency and reduce corruption. This platform hosts services such as passport applications and renewals, e-visa issuance, driver's licences, identification cards, and national health records. Kenya's well-known mobile payment system, M-Pesa, as well as the National Transport and Safety Authority (NTSA), Kenya Power and Lighting Company (KPLC), and Kenya Railways, have all been impacted. Anonymous Sudan has claimed responsibility for the attacks.
