The world is ever evolving and attackers sometimes use tried and tested methods to breach their targets. With the popularity of Generative AI, both defenders and attackers have a new tool in their arsenal. Who is going to win? Time will tell. Also, are you stuck on social media for hours without knowing it? It's high time that you minimize your screen hours.
eScan Antivirus Delivers Malware in Supply Chain Attack
First, you are not reading the title wrong. Yes, you read that right; an antivirus delivered malware. Are we safe at all?
From the article:
Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally.
The affected users received a malicious ‘Reload.exe’ file, designed to kick off a multi-stage infection chain. The file modified the HOSTS file to block automatic updates, established persistence through scheduled tasks, and downloaded additional payloads.
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider
Once upon a time, it was my favorite code editor. Now, it's suffered a supply-chain attack? No. Now, seriously. It turned out that some users were the target and not the entire users of Notepad++.
Here is what happened:
According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org.
The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled server malicious update manifests.
Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
There is nothing much to say about this. It's another misuse of Generative AI. Meanwhile, a key lesson that you should take away from the article is the following: be on the lookout for websites impersonating your brand and take action against them as fast as possible.
From the article:
The primary purpose of these clones appears to be a repeat victimization of subjects already victim to previous fraud. The lure is a cloned legal site offering to recover money already lost to prior fraud, noticeably stating that no payment will be required before the lost funds are recovered.
EU says TikTok faces large fine over "addictive design"
Doom scrolling, among other things, it's why TikTok is facing the fine. By reading this article, you should learn to limit your screen time and know that these platforms are now designed to take much of your attention without you even knowing. You'll think: I'll just check one post and before you know it, hours have gone by!
From the article:
"Social media addiction can have detrimental effects on the developing minds of children and teens, said EU tech commissioner Henna Virkkunen on Friday.
"The Digital Services Act makes platforms responsible for the effects they can have on their users. In Europe, we enforce our legislation to protect our children and our citizens online."
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)