Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Sophisticated PDF Phishing Scam Bypasses Mobile Security

2025-02-01
Sophisticated PDF Phishing Scam Bypasses Mobile Security

A novel phishing scam targeting mobile devices uses a never-before-seen obfuscation technique to hide links to fake United States Postal Service (USPS) pages within PDF files. By manipulating PDF elements, clickable URLs become invisible to users and mobile security systems, bypassing detection from several endpoint security solutions. Malicious PDFs are sent via SMS, posing as failed delivery notifications. The links are embedded in a compressed stream, hidden by matching font and background colors, and positioned under an image. Clicking a seemingly innocuous "Click Update" button actually activates the hidden link to a spoofed USPS site, leading to data theft. Over 20 variations of malicious PDFs and 630 phishing pages, supporting 50 languages, suggest international targeting and the potential use of a phishing kit. This highlights the vulnerability of mobile users' trust in PDFs and the need for enhanced mobile security measures.

Read more
(www.scworld.com)
Tech PDF security

New LLM Jailbreak Exploits Models' Evaluation Skills

2025-01-12
New LLM Jailbreak Exploits Models' Evaluation Skills

Researchers have discovered a novel LLM jailbreak technique, dubbed "Bad Likert Judge." This method leverages LLMs' ability to identify harmful content by prompting them to score such content and then requesting examples, thus generating outputs related to malware, illegal activities, harassment, and more. Tested on six state-of-the-art models across 1440 cases, the average success rate was 71.6%, reaching as high as 87.6%. The researchers recommend that maintainers of LLM applications utilize content filters to mitigate such attacks.

Read more
(www.scworld.com)
Tech LLM security jailbreak

Critical Apache Traffic Control Vulnerability Allows Malicious SQL Injection

2024-12-30
Critical Apache Traffic Control Vulnerability Allows Malicious SQL Injection

A critical vulnerability (CVE-2024-45387) has been discovered in Apache Traffic Control versions 8.0.0 and 8.0.1. This flaw allows attackers with privileged roles like "admin" or "operations" to inject malicious SQL commands via crafted PUT requests. By manipulating database interaction input fields, attackers can execute SQL queries compromising the entire database, leading to unauthorized data access, modification, or deletion. This severely impacts the integrity and availability of CDN services. Security experts urge immediate updates to protect against SQL injection attacks.

Read more
(www.scworld.com)
Tech SQL Injection

Global Operation Takes Down 27 DDoS-for-Hire Sites

2024-12-17
Global Operation Takes Down 27 DDoS-for-Hire Sites

Europol coordinated a 15-country operation, PowerOFF, shutting down 27 major DDoS-for-hire platforms ('booters' and 'stressers'). These platforms enabled cybercriminals and hacktivists to flood targets with illegal traffic, crippling websites and online services. The operation disrupted attacks targeting US government agencies, including the Department of Justice and FBI. While a significant victory, experts caution that criminals will adapt, necessitating ongoing efforts to combat DDoS attacks.

Read more
(www.scworld.com)
Tech DDoS attacks international cooperation