Midnight Web by Rahul Banerjee

India faced a surge in cyber-attacks in 2024, with threats like ransomware, phishing, and Distributed Denial-of-Service (DDoS) attacks impacting businesses, banks, and public services. These incidents have sparked calls for stronger data protection laws. Nearly 370 million malware attacks and over one million ransomware cases were reported during the year. Key industries like healthcare, hospitality, and banking were hit the hardest, with Telangana and Tamil Nadu identified as hotspots. From January to June alone, there were 135,173 phishing attacks related to financial services, such as e-commerce, banking, and payment systems a 175% increase compared to 2023, as per a Kaspersky report. This rise was fueled by the growing use of digital platforms and AI-driven scams. A summary of the major cyber-attacks that shook India in 2024: January SPARSH Portal Data Leak : A breach exposed sensitive information of defense personnel from the pension administration portal, with cr...

  Everyone enjoys saving money while shopping, especially with free apps that find the best online deals. However, no one likes discovering that a money-saving tool is secretly taking more than it saves. A popular YouTube creator claims PayPal's browser extension, Honey, has been doing just that. Honey gained millions of users by offering free coupon codes and cashback rewards across 30,000 retailers, making it a favorite among influencers like Mr. Beast and MKBHD, who have promoted it under sponsorships. But New Zealand-based tech investigator MegaLag alleges that "Honey is a scam" and possibly the biggest influencer scam ever. How Last-Click Attribution Works and Honey’s Problematic Approach Affiliate marketing allows influencers and businesses to earn commissions when users purchase products through their affiliate links.When a user clicks such a link, a cookie tracks the referral and ensures the commission goes to the rightful source based on the last-click rule. Me...

  As AI continues to develop, its role in cybercrime on the dark web will only increase. The ability of cybercriminals to experiment with AI-powered tools is a new frontier in the ongoing war between hackers and cybersecurity experts. The Dark Web is quickly becoming a testing ground for new AI-powered attacks. The bad actors can customize their methods and expand their scope of their crimes. 1. FraudGPT – When AI is the worst spammer FraudGPT is a tool that sends fake emails. Create a fraudulent website And it spreads malware like a 24/7 scam operation. It's so clever it can trick you into handing over sensitive information to hackers—just like your grandma's bank details! If installed correctly, it does not require too much energy to operate. 2. Angler AI – A fishing tool that personalizes your attacks. Angler AI is a secret tool. That changes perspective depending on how you respond. It's like a telemarketer who knows everything about you and can even pretend to be y...

LUCKNOW : The digital landscape is witnessing a disturbing trend in cybercrime, with extortion schemes becoming increasingly sophisticated. One such victim, Dr. Ruby Thomas, a practicing physician at Dr. Ram Manohar Lohia Hospital in Lucknow, experienced a harrowing ordeal when she was targeted by cybercriminals who held her digitally captive for five hours. A Terrifying Ordeal Dr. Thomas's nightmare began with a WhatsApp message containing an arrest warrant and a police ID. During a video call with the scammers, who displayed a convincing official Mumbai Police monogram, she was accused of being linked to a high-profile scam involving Naresh Goyal and a shooting incident. The criminals demanded physical verification of her identity, preying on her fear and distress, leading her to the brink of suicide. Ultimately, they extorted ₹90,000 before abruptly disconnecting the call. The Mechanics of Deception The scammers used forged documents, including an ID card of a supposed...

Meta will send notifications within its apps to public figures and celebrities, letting them know they are part of a new experiment and that they can choose to opt-out. Agranovich, the Director of Global Threat Disruption at Meta, explained that if Meta suspects an ad or account might be a scam using a celebrity's image, they will use facial recognition technology (FRT) to compare the celebrity’s face from their Facebook or Instagram profile picture to the one in the ad. If there’s a match and the ad is confirmed to be a scam, Meta will block it. He mentioned that this process is quicker and more accurate than human reviews. The second use of FRT is for account recovery. Meta will use FRT along with video selfies to help users verify their identity more easily when trying to regain access to hacked accounts. Sometimes, users lose access to their Facebook or Instagram accounts if they forget their password, lose their device, or get tricked by a scammer. If an account is comp...

                                           Telegram is a popular messaging app with over one billion users. Recently, it made headlines because its CEO, Pavel Durov, was arrested in France. Durov is facing legal issues for not responding to requests to identify a suspect in an ongoing investigation. This arrest is unusual because tech executives rarely face legal trouble of this sort. Here's a breakdown of the key points about Telegram and whether you should trust it: Safety Concerns Durov’s arrest was due to Telegram's failure to assist French authorities in identifying a user involved in illegal activities. This incident highlights a broader issue: Telegram has a history of not responding to legal requests, which raises concerns about how it handles safety and cooperation with authorities. For not cooperating with investigations, Telegram gets a negative point on trust...

  In recent months, YouTube users have noticed a big increase in how often they see ads, and it’s causing a lot of frustration. Here’s a closer look at what’s happening:               1. More Ads, More Often: YouTube has started showing more ads than before. Instead of just one ad before a video, you’re now often seeing two or even three ads one after the other. This change means that viewers have to sit through more ads before they can watch their videos, which many people find really annoying. 2. Ads When Switching Videos: If you like to jump from one video to another, you’ll notice that ads pop up every time you make a switch. Even if YouTube is having trouble loading or the app freezes, you still end up seeing ads. This makes it feel like you’re always waiting for an ad to finish, no matter what. 3. Constant Frustration: Because of the rise in ad frequency, many people are finding ways to avoid long ad breaks by quickly changing videos. ...

  The Indian Computer Emergency Response Team (CERT-In) has issued a warning to Android users. The cyber security authority has spotted “high risk” vulnerabilities on Android smart phones powered by Qualcomm and MediaTek chipsets. It added that the smartphones affected are running on Android versions 12, 12L, 13, and 14 software. These multiple vulnerabilities can be exploited by an attacker to get access to sensitive information and gain elevated privileges. As per the warning, these vulnerabilities exist in Android due to flaws in the Framework, System, Kernel, Arm component, Imagination Technologies, MediaTek components, Qualcomm components and Qualcomm closed-source components. Notably, the critical security flaw identified in the Framework component poses a risk of privilege escalation, allowing attackers to gain elevated access without any additional execution privileges. The severity of this vulnerability is determined by its potential impact on affected devices, assuming th...

              Originally anticipated for the iOS 18 release on compatible devices, Bloomberg recently reported that it would not debut with the initial rollout. The iOS 18.1 Beta, now available to developers with active accounts, allows them to enroll and test Apple Intelligence ahead of its broader release. According to release notes from iOS 18.1 beta seen by BleepingComputer, "iOS 18.1 beta is an early preview of an update to iOS 18 scheduled for later this autumn. This beta introduces initial features powered by Apple Intelligence." "To participate in the Apple Intelligence beta, users can join the waitlist in Settings and will receive notifications when it becomes available for their devices. Both the device language and Siri language must be set to US English, and the device region must be configured to United States." "Apple Intelligence debuts on iPhone 15 Pro and iPhone 15 Pro Max, though it is not currently available in the EU or China," acco...

    Recently, a widespread issue has paralyzed computers globally, initially mistaken for a cyber attack. Speculations pointed fingers at Microsoft, as only Windows systems seemed affected. However, the real culprit was CrowdStrike, a major cybersecurity firm renowned for its endpoint protection services, akin to antivirus for corporate fleets of computers. The problem stemmed from an automatic update pushed by CrowdStrike, designed to enhance security through its endpoint sensors. Unfortunately, a critical bug slipped into the update, causing affected computers—running CrowdStrike's software—to crash irreparably. Since the sensors operate at a deep system level, the glitch caused entire systems to enter a continuous cycle of crashes, known ominously as the "blue screen of death." CrowdStrike quickly acknowledged the issue and provided a fix, albeit a cumbersome one. Affected PCs must be manually booted into safe mode to remove specific files, a process that needs to be r...

  A new malicious campaign tricks people by pretending to be Google Chrome, Word, or OneDrive errors. They use these fake alerts to convince users to run harmful PowerShell "fixes" that actually install malware. This campaign involves several cyber threat groups, including ClearFake and others like ClickFix and TA571. ClearFake has previously used tricks where websites ask users to update their browser, but the update actually installs malware. In the latest attacks, cybercriminals use JavaScript in email attachments or hacked websites. They show fake error messages that look like they're from Google Chrome, Word, or OneDrive. These messages tell users to click a button to copy a PowerShell "fix" onto their computer. They're then told to run this script in a special Windows tool called PowerShell. Even though these attacks need users to do several things to work, the trickery is clever enough to make people think there's a real problem that needs f...

  Electronic Voting Machines (EVMs) typically don't have a Graphics Processing Unit (GPU) like a typical computer. However, the absence of a GPU doesn't mean they are immune to security threats. Here's why: 1. Software Vulnerabilities: EVMs run on specialized software, and like any software system, they can have vulnerabilities. These vulnerabilities could be exploited by attackers to manipulate the voting process or compromise the integrity of the election.   2. Hardware Manipulation: Even though EVMs lack a GPU, they contain various other components, such as microcontrollers, memory chips, input/output devices, and communication interfaces. Attackers could tamper with these components to alter the behavior of the EVM or extract sensitive information.   3. Network Connectivity: While some EVMs don't have network connectivity, others may have communication capabilities for transmitting voting data. Any device with network connectivity is potentially vulner...