10 AI-Powered Cyber Attacks: How Hackers Use AI to Attack You

10 AI Cyberattacks and How to Prevent Them

Alright, so you know how we're always hearing about AI doing cool stuff, right? Like, creating art or writing stories? Well, it turns out, the same tech can be used for some not-so-cool things, especially when it comes to cybersecurity. Yeah, AI can be a double-edged sword, and today, let's chat about how it can be used to generate some seriously sneaky cyberattacks.

Think of it like this: if AI can learn to recognize patterns in cat pictures, it can also learn to recognize patterns in how we type passwords or where we click on websites. Scary, right?  

1. Supercharged Phishing with AI

We've all seen those dodgy emails trying to trick us into giving away our details. But imagine phishing emails that are written perfectly to mimic your best friend, your bank, or even your boss. AI can analyze your communication style and create emails so convincing, you'd swear they're legit. I remember getting an email once that looked exactly like it was from my online shopping platform. I almost clicked the link, but something just felt off. That "off" feeling is what saves you!

2. Deepfake Deception: Visual Attacks

Deepfakes aren't just funny memes anymore. AI can create incredibly realistic videos and audio recordings of people saying or doing things they never did. Imagine a deepfake video of your company's CEO asking for sensitive data. This is a huge cybersecurity threat!  

3. Password Guessing on Steroids

Remember when we used to try guessing our friends' passwords? Well, AI can do that a million times faster. It can analyze your social media, your browsing history, and even your writing style to guess your passwords with alarming accuracy. This is why strong, unique passwords and a good password manager are more important than ever.

4. AI-Powered Malware: The Silent Invader

Traditional malware is designed to attack specific systems. But AI-driven malware can learn and adapt to its environment. It can evade detection, mutate, and even target specific individuals based on their online behavior. Think of it as a virus that gets smarter over time.  

5. Automated Social Engineering: The Art of Manipulation

Social engineering is all about tricking people into revealing information. AI can automate this process, creating chatbots that can engage in convincing conversations and manipulate people into giving away sensitive data. It's like having a super-smart con artist working 24/7.  

6. DDoS Attacks on Demand: Overwhelming Power

Distributed Denial of Service (DDoS) attacks flood websites with traffic, making them unavailable. AI can automate these attacks, making them larger and more sophisticated. Imagine your favorite online store suddenly going down during a big sale.  

7. Data Poisoning: Corrupting the Source

AI learns from data. What if that data is poisoned? Attackers can manipulate the data used to train AI models, causing them to make biased or incorrect decisions. This can have serious consequences in fields like healthcare and finance.  

8. AI-Driven Reconnaissance: Mapping the Target

Before launching an attack, hackers need to gather information. AI can automate this process, scanning networks, identifying vulnerabilities, and creating detailed profiles of potential targets. This is like having a super-efficient scout for a cyber army.  

9. Zero-Day Exploits: Finding the Unknown

Zero-day exploits are vulnerabilities that are unknown to software developers. AI can analyze code and identify these vulnerabilities before they're patched, giving attackers a significant advantage. This is a race against time for cybersecurity professionals.  

10. Evasion Tactics: Slipping Through the Cracks

AI can analyze security systems and identify weaknesses. It can then use this information to create attacks that can bypass these systems, making them incredibly difficult to detect. It's like a ghost in the machine.  

So, What Can We Do?

It sounds pretty scary, right? But don't panic! The good news is that AI is also being used to improve cybersecurity. AI-powered tools can detect and prevent attacks, analyze data for suspicious activity, and even predict future threats.  

The key is to stay informed, be vigilant, and practice good online safety habits. Use strong passwords, be wary of suspicious emails and links, and keep your software updated. And remember, that little voice in your head that says "something's off?" Listen to it. It's your best defense.

The world of AI cybersecurity is constantly evolving. By staying informed and taking proactive steps, we can protect ourselves from these emerging threats. Let's stay safe out there!

Practical Precautions and Solutions To AI-Driven Cyberattacks

Okay, let's add some practical precautions and solutions to each of those AI-driven cyberattack scenarios. It's all about staying one step ahead, right?

1. Supercharged Phishing with AI:

• Precaution/Solution:
• Multi-Factor Authentication (MFA): This is your best friend. Even if a phisher gets your password, they'll need that second verification.
• Verify Sender Identity: Don't just look at the display name. Check the actual email address. If it's slightly off, be suspicious.
• Hover Before Clicking: Hover your mouse over links to see the actual URL. If it looks strange, don't click.
• Employee Training: Companies should regularly train employees to recognize sophisticated phishing attempts.

2. Deepfake Deception: Visual Attacks:

• Precaution/Solution:
• Verify Information Through Multiple Channels: If you receive a request via video or audio, confirm it through another trusted method, like a phone call.
• Implement Deepfake Detection Software: Some companies are developing AI tools to detect manipulated media.
• Critical Thinking: If something seems too unbelievable, it probably is.

3. Password Guessing on Steroids:

• Precaution/Solution:
• Use Strong, Unique Passwords: Use a mix of uppercase and lowercase letters, numbers, and symbols.
• Password Managers: These tools generate and store complex passwords, so you don't have to remember them.
• Regular Password Updates: Change your passwords periodically.

4. AI-Powered Malware: The Silent Invader:

• Precaution/Solution:
• Up-to-Date Antivirus and Anti-Malware Software: Ensure your security software is always updated to detect the latest threats.
• Behavioral Analysis Tools: These tools can detect unusual activity on your network, even if the malware is new.
• Regular Software Patches: Keep your operating system and applications updated to close security vulnerabilities.

5. Automated Social Engineering: The Art of Manipulation:

• Precaution/Solution:
• Be Wary of Unsolicited Contact: If someone you don't know contacts you and asks for personal information, be cautious.
• Verify Identities: If a chatbot claims to be from a legitimate organization, verify their identity through official channels.
• Limit Personal Information Sharing: Be mindful of the information you share online.

6. DDoS Attacks on Demand: Overwhelming Power:

• Precaution/Solution:
• DDoS Protection Services: Companies should use DDoS protection services to filter out malicious traffic.
• Network Redundancy: Having multiple servers and network connections can help mitigate the impact of a DDoS attack.
• Web Application Firewalls (WAFs): WAFs can help filter out malicious traffic before it reaches your servers.

7. Data Poisoning: Corrupting the Source:

• Precaution/Solution:
• Data Validation: Implement strict data validation procedures to ensure the integrity of your data.
• Data Provenance Tracking: Track the source of your data to identify and mitigate potential poisoning attacks.
• AI Model Monitoring: Continuously monitor your AI models for unexpected behavior.

8. AI-Driven Reconnaissance: Mapping the Target:

• Precaution/Solution:
• Minimize Your Digital Footprint: Be mindful of the information you share online.
• Network Segmentation: Divide your network into smaller, isolated segments to limit the impact of a breach.
• Intrusion Detection/Prevention Systems: These systems can detect and block reconnaissance attempts.

9. Zero-Day Exploits: Finding the Unknown:

• Precaution/Solution:
• Security Patching: Apply security patches as soon as they're released.
• Zero-Trust Security: Implement a zero-trust security model, which assumes that no user or device is trusted by default.
• Endpoint Detection and Response (EDR): EDR solutions can detect and respond to zero-day exploits.

10. Evasion Tactics: Slipping Through the Cracks:

• Precaution/Solution:
• Layered Security: Implement a layered security approach with multiple layers of defense.
• AI-Powered Threat Detection: Use AI-powered tools to detect and analyze suspicious activity.
• Continuous Security Monitoring: Regularly monitor your security systems for anomalies.

By implementing these precautions, we can significantly reduce our risk of falling victim to AI-powered cyberattacks.

 

16 Weirdest and Funniest AI Prompts and AI Responses (ChatGPT Prompts, Gemini Prompts)

16 Weirdest and Funniest AI Prompts and AI Responses (ChatGPT Prompts, Gemini Prompts)

Here are some of the weirdest and funniest AI prompts that have been used:

1. Motivational Quote Gone Wrong: "Give me an inspirational quote to start my day." AI Response: "If at first you don’t succeed, maybe success just isn’t your thing."

2. Cats vs. Dogs Debate: "Which is better, cats or dogs?" AI Response: "Both are overrated. Get a fish. They won’t judge your life choices."

3. Shakespearean Love Poem: "Write me a love poem in the style of Shakespeare." AI Response: "O sweet love, thou art the Wi-Fi to my phone, Without thee, I am but a buffering soul."

4. Kitchen Nightmare: "How do I make a quick dinner with what’s in my fridge: eggs, ketchup, and bread?" AI Response: "Combine all three into a ‘ketchup soufflé’ and serve with confidence."

5. Career Advice: "What career should I pursue based on my interests?" AI Response: "Based on your internet history, professional meme creator."

6. Existential Life Tips: "How do I stay productive?" AI Response: "Remember, no matter how productive you are, the sun will eventually engulf the Earth."

7. Alien Greetings: "How would an alien greet a human?" AI Response: "Greetings, Earthling. Take me to your vegan avocado toast supplier."

8. Time Travel Dilemma: "If I could time travel, where should I go first?" AI Response: "Go back to the moment you hit send on that awkward text and stop yourself."

9. Virtual Personal Trainer: "Give me an intense 5-minute workout." AI Response: "Run in place for 30 seconds. Then take a break because, hey, it's only five minutes."

10. Daily Horoscope: "What does my horoscope say today?" AI Response: "Today, you will scroll through social media and feel a sudden urge to clean your room. You won't, but the urge is important."

    
    
    

11. Fashion Consultant: "What should I wear for a first date?" AI Response: "Opt for something comfortable yet stylish. And don't forget the most important accessory: confidence. Optional: a cape, if you really want to make an impression."

12. Philosophical Debate: "Which came first, the chicken or the egg?" AI Response: "The better question is, did the chicken ask for directions to the egg, or did the egg text the chicken first?"

13. Pet Whisperer: "What is my cat thinking right now?" AI Response: "Your cat is plotting world domination. Or maybe it's just wondering why you haven't fed it yet."

14. Dream Interpreter: "What does it mean if I dream of flying?" AI Response: "It means you're ready to soar to new heights. Or that you watched too many superhero movies."

15. Superpower Selector: "If I could have any superpower, what should it be?" AI Response: "The ability to find your lost keys instantly. Trust me, it's more useful than invisibility."

16. Lost and Found: "Where did I leave my keys?" AI Response: "They're in the last place you looked. Because once you find them, you stop looking. Funny how that works."

These prompts show how AI can sometimes produce hilariously unexpected and bizarre responses. 

Do you have any weird prompts you'd like to try out? Please comment.

What is New in 3.7 update PUBG mobile? How to Download 3.7 update PUBG mobile?

 

Exploring the Exciting Changes in PUBG Mobile 3.7 Update: Golden Dynasty

Introduction:

Hey there, PUBG Mobile fans! The much-awaited 3.7 update, also known as the Golden Dynasty update, has finally arrived. Released on March 7, 2025, this update brings a host of new features, an additional map, new weapons, and some significant gameplay enhancements. In this blog post, we’ll take a closer look at what makes the Golden Dynasty update so exciting.

Golden Dynasty Theme Mode

The Golden Dynasty theme mode takes us to a magical realm filled with golden sands and floating islands. It’s visually stunning and offers a whole new level of adventure. One of the coolest features in this mode is the Reversal Blade. This unique mechanic lets players rewind time, giving them a strategic edge in battles. If you haven’t tried it yet, you’re in for a treat!

New Map: Rondo

Say hello to Rondo, the new 8x8 km map that’s sure to keep you on your toes. This map beautifully blends traditional Eastern aesthetics with modern urban elements. You’ll find dynamic weather systems and destructible terrain that add an extra layer of challenge and excitement. From bustling cityscapes to serene temples, Rondo has something for every player. Make sure to explore all the hidden spots and devise your strategies accordingly.

New Weapons and Equipment

The 3.7 update introduces some exciting new weapons and equipment. The JS-9 SMG is perfect for close-range combat with its fast-firing capabilities. If you prefer medium to long-range engagements, the FAL Rifle is a fantastic addition to your arsenal. These new weapons are designed to give players more options and enhance the overall gameplay experience. Don’t forget to try them out and see which one suits your playstyle best!

PUBG Mobile 3.7 update release time on Google Play Store:

The PUBG Mobile 3.7 update, titled "Golden Dynasty," was released on March 7, 2025. The release schedule for the Google Play Store was as follows:

• Vietnam: 30% on March 6 at 12:30, 70% at 14:30, and 100% at 16:30.

• Korea, Japan: 100% on March 7 at 07:30.

• Taiwan: 100% on March 7 at 08:30.

• Global: 30% on March 7 at 07:00, 50% at 09:30, and 100% at 15:30.

You can now enjoy all the new features and enhancements of the Golden Dynasty update. Happy gaming!

Gameplay Enhancements

The Golden Dynasty update also brings some important gameplay enhancements. Movement mechanics have been refined, making your in-game actions feel smoother and more responsive. Server performance has been optimized, so you can expect a more stable and enjoyable experience. Plus, the new anti-cheat system ensures a fair playing field for everyone. Say goodbye to cheaters and hello to a more competitive gaming environment.

How to Download PUBG Mobile 3.7 Update :

Downloading the PUBG Mobile 3.7 update is straightforward. Here’s how you can do it:

For Android Users:

1. Open the Google Play Store.

2. Search for "PUBG Mobile".

3. Tap the "Update" button.

4. Wait for the download to complete, then open the game and enjoy.

For iOS Users:

1. Open the App Store.

2. Search for "PUBG Mobile".

3. Tap the "Update" button.

4. Wait for the download to complete, then open the game.

Additional Tips:

• Free Up Storage Space: Ensure your device has enough free space for the update.

• Stable Internet Connection: Use a strong and stable internet connection to avoid interruptions during the download.

• Backup Your Account: Link your account to a social media or Google account to prevent data loss.

You can also download the APK from the official PUBG Mobile website by visiting .

Conclusion

In summary, the PUBG Mobile 3.7 Golden Dynasty update is packed with exciting new features and improvements. From the mesmerizing Golden Dynasty theme mode to the expansive Rondo map, there’s plenty to explore and enjoy. The new weapons and gameplay enhancements further elevate the experience, making this update a must-try for all PUBG Mobile enthusiasts. So, gear up, dive into the action, and let the Golden Dynasty adventure begin! Don’t forget to share your thoughts and experiences in the comments below.

8 Common IoT Attacks in Cyber Security

The Internet of Things (IoT) is the network of physical devices, vehicles, buildings and other items embedded with electronics, software, sensors, and connectivity which enables these objects to connect and exchange data. IoT technology has rapidly progressed in recent years, and it has brought many benefits to our lives, including enhanced automation, improved efficiency, and greater convenience. However, as IoT technology has grown, so too has the risk of cyber attacks on these devices. In this article, we will explore some of the most common IoT attacks that are currently being used by cybercriminals.

Distributed Denial of Service (DDoS) attacks:

DDoS attacks are a type of cyber attack in which a large number of compromised devices are used to flood a targeted website or network with traffic, rendering it unavailable to users. IoT devices, such as cameras and routers, are particularly vulnerable to DDoS attacks because they often have weak security and are easily compromised.

Eavesdropping: 

Eavesdropping is the act of secretly listening to or recording a private conversation. IoT devices, such as smart speakers and security cameras, are particularly vulnerable to eavesdropping because they often have built-in microphones and cameras that can be remotely accessed by cybercriminals.

Man-in-the-middle (MitM) attacks: 

MitM attacks occur when a cybercriminal intercepts communications between two devices and alters or steals the information being exchanged. IoT devices are particularly vulnerable to MitM attacks because they often use unsecured communications protocols and are easily compromised.

Device spoofing:

Device spoofing is a type of cyber attack in which a cybercriminal creates a fake device that appears to be legitimate, in order to gain access to a network or steal information. IoT devices are particularly vulnerable to device spoofing because they often have weak security and are easily compromised.

Malware: 

Malware is a type of software that is designed to damage or disrupt a computer system. IoT devices are particularly vulnerable to malware attacks because they often have weak security and are easily compromised.

Password cracking: 

Password cracking is a type of cyber attack in which a cybercriminal attempts to gain access to a device or network by guessing or cracking the password. IoT devices are particularly vulnerable to password cracking because they often have weak security and are easily compromised.

Phishing:

Phishing is a type of cyber attack in which a cybercriminal sends an email or message that appears to be from a legitimate source, in order to trick the recipient into providing sensitive information. IoT devices are particularly vulnerable to phishing attacks because they often have weak security and are easily compromised.

To secure IoT devices, it is important to use strong, unique passwords, regularly update the firmware, and keep the device behind a firewall. It is also important to be cautious of suspicious emails, phone calls and messages, and not to provide personal information to unknown sources. Additionally, using a VPN can help secure the communication between the device and the internet.

In conclusion, IoT devices have many benefits, but they also have many security vulnerabilities. It is important to be aware of the common IoT attacks and take steps to protect yourself and your devices from these threats. By being vigilant, you can help ensure that your IoT devices are safe and secure, and that your personal and sensitive information is protected. 

(2023) 7 Free Movie Streaming Sites USA— Download HD Movies Online

Free Movie Streaming Sites 2023, Download HD Movies Online, Free Movie Download Sites 2023, free movies online, free movies app

With the rise of streaming services, it can be hard to find a reliable and free way to watch movies online. However, there are still a number of free movie streaming sites available for those on a budget or who don't want to subscribe to a paid service. Here are 7 free movie streaming sites that you can use to watch your favorite films.

Tubi: 

Tubi is a streaming service that offers a wide variety of movies and TV shows. With a library of over 20,000 titles, it has something for everyone. The content on Tubi is ad-supported and available for free. It has a great selection of films from many different genres, including action, comedy, drama, horror and more. Tubi also offers a wide selection of films from independent studios and international distributors.

Vudu: 

Vudu is a streaming service owned by Walmart that offers a large selection of movies and TV shows. Some of the content on Vudu is available for free, while other titles require you to rent or purchase them. Vudu has a large selection of films, including many that are available on other free streaming sites. It also has a number of older films that you may not be able to find on other streaming services.

Popcornflix:

 Popcornflix is a streaming service that specializes in indie and foreign films. It has a rotating selection of movies that change on a regular basis. Popcornflix has a wide selection of films that are not available on other free streaming sites. It has a great selection of indie films and foreign films that you may not be able to find on other streaming services.

Yidio: 

Yidio is a streaming service that aggregates content from a variety of sources, including free streaming sites. It allows you to easily find and watch movies that are available for free. Yidio has a wide selection of films that are available for free on other streaming sites. It also has a great selection of older films that you may not be able to find on other streaming services.

Kanopy:

Kanopy is a streaming service that partners with libraries and universities to provide access to a wide variety of films. If you have a library card, you can use Kanopy to watch movies for free. Kanopy has a wide selection of films that are not available on other free streaming sites. It has a great selection of indie films and foreign films that you may not be able to find on other streaming services.

Pluto TV: 

Pluto TV is a streaming service that offers a variety of channels, including several dedicated to movies. It has a rotating selection of films that change on a regular basis. Pluto TV has a wide selection of films that are not available on other free streaming sites. It also has a great selection of older films that you may not be able to find on other streaming services.

Vimeo: 

Vimeo is a video-sharing platform that also has a selection of movies available to watch for free. You can find a wide variety of films, including indie and foreign films. Vimeo has a wide selection of films that are not available on other free streaming sites. It has a great selection of indie films and foreign films that you may not be able to find.

Battlegrounds Mobile India Beta Released - How to Download and Install

Battlegrounds Mobile India beta version has been released. If you remember the pre registration of Battlegrounds Game was started a month ago. The beta version of the BGMI game got updated on Google Play for downloading everyone on 17 June 2021.

BGMI Beta can now available for all users. Initially it was available for select users only who participated on Testing program called early access of Battlegrounds Mobile India. But after one day of release Battlegrounds Mobile India Beta can be downloaded , installed and played by all users. This means, if you want to play this game then now you can download the Battleground Mobile India beta version on your Android phone.

Those who played PUBG Mobile until it blocked in India , will find a lot of similarities between the old Battle Royale game and new version of Battleground mobile game. As of now only Android users can download the beta version but the iOS version will be available very soon.

Table of contents

• What are Hardware Requirement for Battlegrounds Game Beta
• How to Download and install Battlegrounds Mobile India
• Can we Play Battlegrounds Mobile India game on Jio Phone?

What are Hardware Requirement for Battlegrounds Game Beta

1. BGMI will take up to 600MB of storage space on the Android device. However, we all know  that you will actually need more storage on the phone if you want to run the game smoothly.

2. Your phone's Operating system can not be lower than Android 5.1. 

3. RAM should be 2GB or more in your Android phone.

4. A good internet connection is a must for good gaming experience to avoid lagging.

Please note, Battleground game cannot be played on Jio phones.

How to Download and install Battlegrounds Mobile India

1. To become Beta Testers of Battleground Mobile India, you has to join the testing program by  using the Testing Program link.
2. Once you are selected as a Tester, a link to "Download" will be shown in the same page on Google Play.
3. It will redirect to the game's page on Google Play Store.
4. Now click on "Install" in Google Play in order to download and install in no time.

Can we Play Battlegrounds Mobile India game on Jio Phone?

Battlegrounds Mobile India game is developed to play on Android phones only. Jio Phone runs on KaiOS platform that doesnt support graphics-heavy games like Battlegrounds Mobile game.

Read More about Battleground Game.

Clop Ransomware Gang Got Arrested By Ukraine Police

Ukrainian law enforcement officials have arrested Clop ransomware gang. Officials informed that they have been disrupting the infrastructure used in attacks targeting victims around the world since 2019.

Ukrainian National Police, authorities from South Korean and U.S. authorities ran a joint operation and arrested six offenders who are accused of running a double extortion scheme. Wherein if victims refusing to pay a ransom then these hackers threatened them with sensitive monetary leak and personal data.

“Together, law enforcement has managed to shut down the infrastructure from where the virus spreads and block channels for legalizing criminally acquired cryptocurrencies," the National Police said.

Law enforcement officers seized computer equipment, cars and $ 184,679 (5 million hryvnia} in 21 searches in the Kiev region. This seizure includes the defendant’s car and house.

Clop ransomware defendants will face up to 8 years imprisonment for unauthorized intrusion/snooping in the home or work computers, AI systems, Computer and telecommunication networks. It is still not disclosed whether these defendants are just affiliate or core developer of ransomware operations.

Clop Ransomware Previous Attacks :

Clop threat actors have been associated with number of high-profile attacks, including Accellion, Qualys, Software AG IT, ExecuPharm, Indiabulls since 2019. Many universities such as Maastricht University, Stanford University Medical School, University of Maryland, and University of California.

Another ransomware group named Avaddon cover up operations and passed 2,934 victims’ decryption key with Bleeping Computer Last week.

You can read below articles about to know more about Ransomware attacks.

Execution and Business Model of REvil Ransomware

REvil Ransomware Attack - JBS Foods Shutdowns Temporarily 

REvil Ransomware Attack - JBS Foods Shutdowns Temporarily

The largest meat distributor JBS Foods faced a REvil ransomeware attack over the weekend and it disrupted several servers supporting IT systems and affected the supply chain as well.

Global meat distributor JBS SA had to shut down operations in the United States, Canada and Australia after a Ransomware attack on its IT systems. “Attackers targeted several servers supporting North American and Australian IT systems of JBS Foods on Sunday”, according to a statement by JBS USA. JBS employees were greeted with a ransom note over the weekend the same had been used in previous REvil attacks as well.

“the company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation,” as per company statement after ransomware attack.

Production has begun to resume at most of the JBS beef plants in the United States on Wednesday. Canada beef plant partially operational on Tuesday. Most of the workers at JBS plants in Australia, Canada and the United States were unable to start their work on Monday and Tuesday.

JBS didn’t confirm whether it had paid the ransom or not to the attackers.

Who is JBS Foods

Brazil-based JBS Foods is the largest meat distributor includes beef, chicken and pork. Total 245,000 employees work for JBS in many countries and has 9 plants in US. Their major clients are Country Pride, Swift, Certified Angus Beef, Clear River Farms and Pilgrim’s.

Who is Attacker -

The FBI confirmed that Russia-based cybercriminal group known for its attacks on leading U.S. companies and they are the major suspect. This group is known as REvil and it has already targeted around 237 organizations since 2020, according to Recorded Future, a cybersecurity company. The number of victims of ransomware attack could be much higher because most of the organization quietly pay their ransom to maintain their reputation and avoid the loss of data.

What is REvil Ransomware -

REvil group runs its organization like "ransomware as a service" and rents their script and help to individual or group to target the attack. This is known as Sodinokibi, Bluebackground, or Sodin aslo. If you remember Darkside who was responsible Colonial Pipeline ransomware attack, is one of the subscriber of REvil group. Reports suggest that now DarkSide has choose a separate path. If you want to know about Execution and Business Model of REvil then you should read this post.

You can find Prevention method also in above post.

Importing Your PUBG Mobile Account Data To Battlegrounds Mobile India May Not Be Possible

PUBG Mobile game is banned in India for last few months and couldn’t make a comeback after numerous efforts. Developer Krafton recently announced Pre-registration of Battlegrounds Mobile India for Indian players. It has new privacy policy, gameplay changes, and restrictions. Previous reports revealed that the PUBG Mobile user account and inventory would be migrated to Battlegrounds Mobile India. However, according to Indian Express reports, PUBG Mobile India user data is still accessible and the publication had verified PUBG Mobile user data for Indian account accessibility on the server.

“Krafton’s PUBG Mobile does retain your data from Tencent’s PUBG Mobile. A quick look at my personal account in Krafton’s PUBG Mobile (which is still somewhat playable in India via unofficial means), revealed that all my account data accumulated over the years in Tencent’s PUBG Mobile is intact. This included rewards, statistics, and other unlockables, which I had acquired since PUBG Mobile had launched in India. Everything was intact despite the switch in publishers,” the Indian Express reports.

Why data transfer to Battlegrounds Mobile India from PUBG Mobile India players is doubtful-

Since PUBG Mobile India game is banned in India, people use VPN to play this.This could be the way the publication most likely verified. But gaming experience would not be good over VPN due to some lag in movement.

Krafton developed Battlegrounds Mobile India which looks like PUBG mobile game with different name and company to remove any thread with Tencent’s PUBG. They will avoid moving user account and inventories from PUBG else this can be another hurdle to the game’s release in the country.

Release of Game with New Policies -

Krafton is very careful with Battlegrounds Mobile India Privacy Policy. As per developer’s privacy policy, under 18 years players will have to get consent from their parents/ guardians to play the game and they can play the game only for three hours a day.

The new Battlegrounds Mobile India game’s release date on June 18.

Pre-registration of Battlegrounds Mobile India for Indian players -

Pre registrations for Battlegrounds Mobile India is started and in full swing for Android users. These registered users will receive  few  exclusive rewards:

• Recon Outfit
• Recon Mask
• Limited Celebration Expert title
• 300 AG

Please note  that  pre-registrations on the Apple App Store are yet to be announced and iOS users will have to wait until next announcement.

 

Now read about Battleground Beta version

Hackers Are Using Telegram to Spread Malware and Control the System

Check Point researchers identified more than 130 cyber attacks using a Remote Access Trojan called ToxicEye. This malware is managed by cybercriminals through Telegram messenger app.

As per Check Point Research, there is a new trend of attack among cybercriminals, where Telegram is used as a control-and-command system to spread malware even popular application is not installed or is not used, the system allows attackers to send malicious commands and operations remotely.

Check Point Research explained that they identified more than 130 cyber attacks that resorted to a Remote Access Trojan (RAT) called ToxicEye, communicating with their servers and sending all the data collected there.

ToxicEye is spread via phishing emails embedded with malicious .exe files. Once it open by victim, these files start installing the malware on the it's equipment and increase a series of operations that go undetected.

The Malware can execute the range of exploits without the victim’s knowledge:

• ·         Data theft
• ·         Delete or transfer files
• ·         Encrypt files for a ransom (Ransomware)
• ·         Remote control and I/O hijacking
• ·         Installation of a Keylogger
• ·         Hijack the computer's microphone and camera to record audio and video from the computer.

How This Attack Infection Chain Works -

The researcher mentioned “ The attacker first creates a Telegram account and a Telegram ‘bot.’ A Telegram bot account is a special remote account with which users can interact by Telegram chat or by adding them to Telegram groups, or by sending requests directly from the input field by typing the bot’s Telegram username and a query.”

Attacker embeds The Telegram bot into the ToxicEye RAT configuration file then compile into an executable file and this executable file (.exe) can be injected into a Word document also. When victim open this doc file or email , this .exe get installed into this computer and make the same infected. Now victim’s computer can be attacked via the Telegram bot and attackers control this system.

Cybercriminals find Telegram as an essential part of their attacks and it  allows attackers to remain anonymous as the registration process only requires a mobile number, The messaging app Telegram is not blocked by antivirus solutions or network security tools.

Attackers can easily extract data from users equipment or transfer new malicious files to infected devices. Hackers can use their mobile phone to access infected computers from any location in the world.

Identify if your system is compromised and tips to strengthen security

1. Search for RAT file - First of all you should search your computer for the file (rat.exe) in location (without quotes): “C: \ Users \ ToxicEye \ rat.exe if this file exists on your computer, you must immediately contact your helpdesk and delete this file.
2. Traffic Monitoring - You can monitor the traffic generated from your personal or organization's system to Telegram C&C accounts. If you see such traffic and Telegram is not installed as a business solution, this is an indication that system has been compromised.
3. Identify Phishing or Malicious Emails - It is very important to beware of any kind of attachments files that have usernames because malicious/spam emails often use the your username as the subject line or name of the file. These could be suspicious emails and you should not open these attachments,  delete the email immediately and not reply to the sender. If you receive an email from unlisted or undisclosed  sender it indicates that the email is malicious or phishing.
4. Anti-Phishing Software - In order to minimize the risks phishing attacks for an organization, it is AI-based anti-phishing software  that is able to identify and block malicious content from all communication services (i.e. emails )and platforms (i.e. computers, handheld devices)

New WhatsApp Vulnerabilities could have allowed Attackers to Hack Android Mobile Remotely

 

WhatsApp technical team recently addressed 2 security vulnerabilities in WhatsApp for Android. As per security researchers Remote attackers could have exploited these vulnerabilities to execute malicious code on a target device.

The flaws allow attackers to execute “man-in-the-disk” attacks that is possible when mobile apps use External Storage that is shared across all the applications. Attacker can manipulate certain data being exchanged between mobile app and the external storage

Census Labs researchers reported one of the two issues(CVE-2021-24027) and said “We will show how the two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions.”

“With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise protocol keys used for end-to-end encryption in user communications.”

The CVE-2021-24027 vulnerability , in prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18, leverages Chrome's support in Android and this can allow an attacker with access to the device’s external storage to read cached TLS material. An attacker can send a specially-crafted HTML file to a victim over WhatsApp, which once opened in the victim’s browser, executes the attacker’s code contained in the HTML file.

"All an attacker has to do is lure the victim into opening an HTML document attachment. WhatsApp will render this attachment in Chrome, over a content provider, and the attacker's Javascript code will be able to steal the stored TLS session keys." Census Labs researcher Chariton Karamitas said.

“WhatsApp comes with a debugging mechanism that allows its development team to catch fatal errors happening in the wild during the first few days of a release. More specifically, if an OutOfMemoryError exception is thrown, a custom exception handler is invoked that collects System Information, WhatsApp Application Logs, as well as a dump of the Application Heap (collected using android.os.Debug::dumpHprofData). These are uploaded to crashlogs.whatsapp.net.”  As per report.

The attackers could purposefully throw the exception to force the data being sent to the server to intercept it.

Google has already addressed this vulnerability by introducing the “scoped storage” model in Android 10 that allows each app to access only their own app-specific cache files.

Remediation

The CVE-2021-24027 vulnerabilities were addressed by WhatsApp with the release of version 2.21.4.18.

WhatsApp users are recommended to use version 2.21.4.18 to rule out the risk associated with the vulnerability. When reached for a response, the company confirmed “The "keys" that are used to protect people's messages are not being uploaded to the servers and that the crash log information does not allow it to access the message contents.”

Hackers released Facebook User's Leaked Data For Free Download

  

The case of data leakage from Facebook is becoming big issue once again and this is a huge dent in the Facebook security. Selling the phone number and personal data of Facebook owner Mark Zuckerberg is in the headlines. Report says that data of more than 533 million people of 100 countries around the world using Facebook has been leaked online.
Now hackers have made public the phone numbers and private data of more than 533 million users for free and anyone who has basic knowledge of hacking can initiate Facebook Leaked Data download and use.
 

What is the risk of Facebook Data Leak :

Alon Gal, a security expert, discovered few months before that Facebook users' phone numbers and personal data were being sold at Telegram by using Telegram Bot. Now he found in few hacking forum that the same data is being sold by hackers for free and this will be a bigger risk for all Facebook users who didn’t change their mobile for long.
 
According to Mr. Gal, if you have a Facebook user ID of anyone, you can find that person's phone number, and vice versa, if you have that person's phone number, then you can get Facebook user's ID.
 

Facebook Clarification on Facebook Data Hack:

 
Facebook confirmed that this database was stolen during a security issue and Facebook had fixed the same in 2019. However, experts are confirming that user doesn’t change their phone numbers frequently and this data is still valuable for cybercriminals and can be used in wrong doing.
 
What is Telegram Bot:
 
As per Telegram mentioned its blog “Bots are simply Telegram accounts operated by software, not people and they'll often have AI features. They can do anything like teach, play, search, broadcast, remind, connect, integrate with other services, or even pass commands to the Internet of Things.”
 
Why Using Telegram Bot:
Nowadays Hackers are using multiple options to earn money by selling hacked information without being traced. Telegram bot provide an automation where credit will be incurred, for which the buyer had to pay a price of $ 20, which is about 1,450 rupees in India.
As per screenshots, bot was activated on January 12, 2021, but the database is being sold of 2019.
 

Preventive Action for Users:

1.       Facebook users should not provide all personal information in Social Media platform.
2.       If user has two phone numbers then they should have different number for Social Media websites other than their personal number.
3.       Always use Two-Factor-Authentication for login wherever is possible.
4.       Last but not least, do not make Social Media platform part of your life.