Security Leftovers
-
Bleeping Computer ☛ New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems [Ed: Microsofters twist theoretical hardware issues as a "Google" and "Linux" issue]
A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature.
-
The Register UK ☛ Cops nab Brit, 22, they suspect is Scattered Spider king [Ed: Windows TCO]
From there, the group switched to ransomware, as evidenced by the attack on MGM Resorts and Caesars Entertainment last summer. Contrary to the Spanish police's description, Mandiant previously estimated the number of Scattered Spider victims to exceed 100 as of September 2023.
Nowadays, the group is focusing more on pure extortion – data theft and ransom demands without the deployment of a ransomware locker. It's a move that's thought to have supported the gang's efforts to attack a more diverse pool of organizations.
-
Cyble Inc ☛ Arid Viper Group's AridSpy Targets Palestine And Egypt
A new wave of cyberattacks targeting Android users in the Middle East has surfaced, with a focus on both Palestine and Egypt. Dubbed AridSpy, this multistage Android malware is allegedly orchestrated by the notorious Arid Viper APT group, a name synonymous with cyber espionage in the region.
The malicious software, discovered being distributed through five dedicated websites, is ingeniously disguised within seemingly legitimate applications, marking a dangerous evolution in cyber threats. The modus operandi of these campaigns, initiated as early as 2022 and persisting to this day, revolves around the deployment of trojanized apps designed to infiltrate unsuspecting users’ devices.