Misterio-remover Dangerous Waters se emitirá en hindi y llevará la emocionante historia de traición y supervivencia a un público más amplio. La película está dirigida por Jon Barr y presenta a Odeya Rush, Eric Dane y el fallecido Ray Liotta en papeles destacados. La historia sigue un viaje en barco que toma un giro mortal, revelando oscuros secretos e intensos encuentros. Los espectadores indios pronto podrán experimentar esta novela de suspense cuando esté disponible en la plataforma OTT, haciéndola accesible para el público de habla hindi.
Cuándo y dónde estar atento a aguas peligrosas
Los fanáticos pueden ver Dangerous Waters en Lionsgate Play a partir del 3 de enero de 2025 película Estará disponible para audiencias de habla hindi, brindando una emocionante oportunidad de experimentar esta historia llena de acción.
Tráiler oficial y trama de Aguas Peligrosas
el Tractor Dangerous Waters es una emocionante historia de traición y supervivencia. Odeya Rush interpreta a Rose, que se va de crucero con su madre y el novio de su madre, Derek, interpretado por Eric Dane. Al principio, el viaje parece una experiencia de unión, pero la ansiedad rápidamente aparece cuando Rose comienza a sentir algo siniestro en Derek. A medida que se desarrolla el enfrentamiento en el barco, estalla el caos, dejando a la madre de Rose muerta y el barco envuelto en llamas. Rose lucha por sobrevivir y descubre secretos sobre el pasado de Derek y su relación con los atacantes. La tensión aumenta cuando se da cuenta de que su lucha por la supervivencia puede enfrentarla cara a cara con el Capitán, interpretado por Ray Liotta, un personaje asociado con los horribles acontecimientos.
Tripulación y tripulación en aguas peligrosas
La película está protagonizada por Odeya Rush como Rose, Eric Dane como Derek y Ray Liotta como el Capitán. El proyecto está dirigido por Jon Barr, quien es el escritor y director. el el calumnia También incluye una sólida formación de apoyo, que incluye a Saffron Burrows, Sala Baker, Brian Duffy y Mat Servitto.
Recibir agua peligrosa
Lanzado en 2023, Dangerous Waters ha recibido atención por su intensa narración y sus atractivas actuaciones. el película Su valoración en IMDB es 5,2/10.
Millions of devices are still connected to the PlugX malware, despite its creators abandoning it months ago, experts have warned.
Cybersecurity analysts Sekoia managed to obtain the IP address associated with the malware’s command & control (C2) server, and observed connection requests over a six-month period.
During the course of the analysis, infected endpoints attempted 90,000 connection requests every day, amounting to 2.5 million connections in total. The devices were located in 170 countries, it was said. However, just 15 of them made up more than 80% of total infections, with Nigeria, India, China, Iran, Indonesia, the UK, Iraq, and the United States making up the top eight.
Still at risk
While at first it might sound like there are many infected endpoints around the world, the researchers did stress that the numbers might not be entirely precise. The malware’s C2 does not have unique identifiers, which messes with the results, as many compromised workstations can exit through the same IP address.
Furthermore, if any of the devices use a dynamic IP system, a single device can be perceived as multiple ones. Finally, many connections could be coming in through VPN services, making country-related statistics moot.
PlugX was first observed in 2008 in cyber-espionage campaigns mounted by Chinese state-sponsored threat actors, the researchers said. The targets were mostly organizations in government, defense, and technology sectors, located in Asia. The malware was capable of command execution, file download and upload, keylogging, and accessing system information. Over the years, it grew additional features, such as the ability to autonomously spread via USB drives, which makes containment today almost impossible. The list of targets also expanded towards the West.
However, after the source code leaked in 2015, PlugX became more of a “common” malware, with many different groups, both state-sponsored and financially-motivated, using it, which is probably why the original developers abandoned it.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Imagine if your antivirus program infected your computer with malware – that’s exactly what happened to some eScan antivirus users recently.
A new report from Avast has explained how a threat actor, possibly of North Korean affiliation, used a vulnerability in the antivirus program to sideload a backdoor called GuptiMiner.
Apparently, after obtaining an adversary-in-the-middle (AitM) position on the target endpoint, hackers were able to hijack the virus definition update, and have it carry malware, as well. The virus definition database would be updated as normal, but the antivirus program would also be abused to execute and run GuptiMiner.
Kimsuki attacks
The backdoor’s name might be somewhat confusing, because this isn’t a miner – a piece of malicious code that secretly mines cryptocurrency for the attackers. GuptiMiner is a backdoor that analyzes the environment to see if it’s running in a sandbox, disables various antivirus and endpoint protection tools, and drops additional payloads.
Among those additional payloads is, ironically enough, XMRig – an actual cryptocurrency miner.
Avast has attributed this attack to Kimsuki since GuptiMiner is quite similar to the Kimsuky keylogger. Furthermore, in both instances the mygamesonline[.]org domain was used.
XMRig is not the only piece of malicious code that Kimsuki dropped on their targets. There was also an improved version of the Putty Link backdoor, as well as an unnamed, “complex modular malware” that steals private keys, crypto wallet information, and more.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The targets seem to be mostly big corporations.
Since the discovery of the campaign, eScan was notified and has subsequently plugged the hole. According to BleepingComputer, the company also said it received a similar report back in 2019. A year later, it implemented a robust checking mechanism, to ensure the rejection of non-signed binaries.
In conclusion, eScan users should update their antivirus programs immediately, as Kimsuki is still going after those who didn’t patch up.
Monkeypox virus particles (artificially coloured).Credit: UK Health Security Agency/Science Photo Library
A virulent strain of the monkeypox virus has gained the ability to spread through sexual contact, new data suggest. This has alarmed researchers, who fear a reprise of the worldwide mpox outbreak in 2022.
Evidence from past outbreaks indicates that this strain, called clade I, is more lethal than the one that sparked the 2022 global outbreak. Clade I has for decades caused small outbreaks, often limited to a few households or communities, in Central Africa. Sexually-acquired clade I infections had not been reported before 2023.
But since then, a clade I strain with an apparent capacity for sexual transmission has caused a cluster of infections in a conflict-ridden region of the Democratic Republic of the Congo (DRC), in Central Africa. A preprint1 posted on 15 April reports that 241 suspected and 108 confirmed infections are connected to this outbreak — and these numbers are probably a vast undercount because of limited testing capacity. Almost 30% of the confirmed infections were in sex workers.
Adding to the challenges, the region is facing a humanitarian crisis, and the DRC is contending with the aggressive spread of other diseases, such as cholera. The combination means there is a “substantial risk of outbreak escalation beyond the current area”, says Anne Rimoin, an epidemiologist at the University of California, Los Angeles, who has worked on mpox outbreaks in the DRC since 2002.
Unheeded warnings
Monkeypox virus can cause painful, fluid-filled lesions on the skin and, in severe cases, death. (While the disease was renamed ‘mpox’ in 2022, the virus continues to be called ‘monkeypox virus.’) The virus persists in wild animals in several African countries, including the DRC, and occasionally spills into people.
The first large reported outbreak with human-to-human transmission , which was in 2017 in Nigeria, caused more than 200 confirmed and 500 suspected cases of the disease. Researchers warned at the time that the virus might have adapted to spread through sexual contact.
Their warnings were not heeded; in 2022, a global outbreak driven in part by sexual contact prompted the World Health Organization (WHO) to declare it a public health emergency. That ongoing outbreak is caused by a strain of monkeypox virus called clade II, which is less lethal than clade I, and has infected more than 94,000 people and killed more than 180.
Monkeypox in Africa: the science the world ignored
Although mpox infections have waned globally since 2022, they have been trending upwards in the DRC: in 2023 alone, the country reported more than 14,600 suspected infections and more than 650 deaths. In September, 2023, a new cluster of suspected cases arose in the DRC’s South Kivu province. This cluster especially concerns researchers, as it has been spreading largely among sex workers, suggesting that the virus has adapted to transmit readily through sexual contact.
This could lead to faster human-to-human spread, potentially with few symptoms, says Nicaise Ndembi, a virologist at the Africa Centres for Disease Control and Prevention who is based in Addis Ababa. “The DRC is surrounded by nine other countries — we’re playing with fire here,” he says.
Health officials are so concerned that representatives of the DRC and 11 nearby countries met earlier this month to plan a response and to commit to stepping up surveillance for the virus. Only about 10% of the DRC’s suspected mpox cases in 2023 were tested, due to limited testing capacity, meaning health officials “don’t have a full picture of what’s going on”, Ndembi says.
Genetic analyses of the virus responsible for the outbreak show mutations such as the absence of a large chunk of the virus’s genome, which researchers have previously noted as a sign of monkeypox viral adaptation. This has led the study’s authors to give a new name to the strain circulating in the province: clade Ib.
Making matters more fraught, South Kivu borders Rwanda and Burundi and is grappling with “conflict, displacement, food insecurity, and challenges in providing adequate humanitarian assistance”, which “might represent fertile ground for further spread of mpox”, the WHO warned last year.
Vaccines and treatment needed
In 2022, many wealthy countries offered vaccines against smallpox, which also protect against mpox, to individuals at high risk of contracting the disease. But few vaccine doses have reached African countries, where the disease’s toll has historically been highest.
While the DRC weighs regulatory approval for these vaccines, the United States has committed to providing the DRC with enough doses to inoculate 25,000 people, and Japan has said it will also provide vaccines, says Rosamund Lewis, technical lead for mpox at the WHO in Geneva, Switzerland. But a vaccination drive in the DRC would require hundreds of thousands — if not millions — of doses to inoculate individuals at high risk of infection, she says.
It’s not clear how much protection these vaccines will provide against clade I mpox, but Andrea McCollum, a poxvirus epidemiologist at the US Centers for Disease Control and Prevention in Atlanta, Georgia, says that data from tests in animals are promising. Researchers are also conducting a trial in the DRC of tecovirimat, an antiviral that is thought to be effective against mpox. Results are expected in the next year, McCollum says.
The WHO and CDC have helped to procure equipment that will allow for more rapid diagnosis of the disease in the DRC, especially in rural areas, Lewis says. She adds that says the rapid mobilization of African health officials gives her hope that the outbreak can be controlled before clade Ib mpox starts spreading elsewhere.
Visa is warning its partners, clients, and customers, of an ongoing phishing attack that aims to deliver a banking trojan.
The Visa Payment Fraud Disruption (PDF) unit sent out a security alert to card issuers, processors, and acquirers, noting it had observed a new phishing campaign that started in late March this year.
The campaign targets mostly financial institutions in South and Southeast Asia, the Middle East, and Africa, and aims to drop a new version of the banking trojan called JsOutProx. “While PFD could not confirm the ultimate goal of the recently identified malware campaign, this eCrime group may have previously targeted financial institutions to conduct fraudulent activity.”
Impersonating legitimate institutions
Unfortunately, we don’t know the name of the threat actor behind the campaign, or the number of companies that fell victim. The researchers speculate, based on the sophistication of the attacks, the profile of the victims, and their geographical location, that the attackers are most likely China-based, or at least China-affiliated.
We also know is that JsOutProx is a remote access trojan that was first spotted in late 2019, and is described as a “highly obfuscated” JavaScript backdoor that allows its users to run shell commands, download additional malware, run files, grab screenshots, control various peripherals, and establish persistence on the target endpoint. It’s hosted on a GitLab repository, apparently.
In the phishing emails, the attackers are impersonating legitimate institutions, showing victims fake SWIFT and MoneyGram payment notifications.
Phishing remains one of the most lucrative ways to deploy malware. It’s cheap and easily scalable, and now with the help of generative artificial intelligence, relatively difficult to spot. IT teams are advised to educate their employees to identify a phishing attack, as well as to install email security software, firewalls, and antivirus tools.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A new version of a known Android banking trojan is making rounds on the internet, stealing sensitive data, and possibly even money, from its victims.
Cybersecurity researchers from NCC Group’s Fox-IT sounded the alarm of a new, upgraded version of the Vultur banking trojan, first spotted in early 2021 but having received a number of important changes and upgrades since then.
While previous versions were being distributed via dropper apps that were smuggled onto the Play Store, this new version uses a combination of smishing and legitimate app abuse. The researchers said that the attackers would first send an SMS message to their victims, warning them of an unauthorized payment transaction and sharing a phone number for the victim to call.
Full takeover
If the victim takes the bait and calls the number, the attacker then persuades them to download a compromised version of the McAfee Security app. While on the surface the app works as intended, in the background it delivers the Brunhilda malware dropper. This dropper drops three payloads, including two APKs and a DEX file which, after obtaining Accessibility Services, establish a connection with the command and control (C2) server, and grant the attackers remote control over the Android device.
For a trojan, Vultur is quite competent. It can record the screen, log keystrokes, and grant the attackers remote access via AlphaVNC and ngrok. Furthermore, it allows the attackers to download and upload files, install apps, delete files, click, scroll, and swipe through the device, and block different apps from running. It can also display custom notifications and disable Keyguard to bypass the lock screen.
Finally, Vultur encrypts its C2 communications to further evade detection.
As usual, the best way to defend against these threats is to use common sense, and only download apps from legitimate, proven repositories.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A dangerous espionage malware, previously only used against Windows devices, is increasingly being observed on Linux machines, too, experts have warned.
Following earlier reports by ESET and Trend Micro, Kaspersky is now warning of the Dinodas Remote Access Trojan (RAT), signaling the rising popularity of the malware.
Kaspersky claims the backdoor is “fully functional, granting the operator complete control over the infected machine, enabling data exfiltration and espionage”. DinodasRAT is designed to monitor, control, and steal data from target endpoints. Besides stealing data, it can run processes, create a remote shell for direct command, or file execution, update and upgrade itself, uninstall itself and delete all traces of its existence.
XDealer and DinodasRAT
Older reports indicate that DinodasRAT is a Linux version of a known Windows RAT dubbed XDealer. Earlier in March, Trend Micro observed the Chinese APT group known as “Earth Krahang” using XDealer against both Windows and Linux systems belonging to “governments worldwide”.
The researchers did not detail how the attackers managed to drop the malware onto target endpoints, but did stress that since October 2023, the targets were mostly located in China, Taiwan, Turkey, and Uzbekistan.
Today, many nation-states are engaged in cyber-warfare, disrupting operations and stealing sensitive data from their adversaries. Besides China, there are notable threats coming from North Korea (Lazarus Group, for example), Russia (Fancy Bear), Iran (Scarred Manticore), and others.
With war raging in Ukraine, China eyeing Taiwan, Israel engaged against Hamas, as well as other potential hotpots (the issues of migration in both Europe and the States, U.S. presidential elections), it is no wonder that not a day goes by without news of state-sponsored hacking groups engaging in cyber-espionage.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The rising popularity of DinodasRAT only demonstrates the increasing use of Linux-powered devices in government agencies around the world.
Many versions of Linux may be vulnerable to a flaw that allowed hackers to steal passwords, or change the contents of their clipboard.
The vulnerability, however, comes with a major caveat that makes exploitations somewhat unlikely (or at least heavily limited).
Cybersecurity researcher Skyler Ferrante recently discovered an “improper neutralization of escape sequences in wall” vulnerability, a flaw impacting the “wall” command. This command is usually used to broadcast messages to the terminals of all users logged to the same system.
WallEscape
With escape sequences not being properly filtered when processing input through command line arguments, a threat actor could, theoretically, launch a prompt to all connected users and have them type in their administrator password. Escape sequences could also be used to change the clipboard of a target user, although this method may not work with all terminal emulators.
The vulnerability is tracked as CVE-2024-28085, and dubbed WallEscape. It was fixed in Linux version 2.40, released in March 2024, but that means it has been present in Linux versions for the past 11 years.
While a proof-of-concept (PoC) for the vulnerability exists, and a practical application could occur, multiple factors need to align, first. For example, the attacker needs to have physical access to a Linux server, to which multiple other potential victims are already connected through the terminal. If you’re still worried about your Linux server being targeted, there is a solution. Linux released an upgrade to linux-utils v.2.40, which patches the vulnerability.
Usually, these updates are available through the LInux distribution’s standard update channel, so keep an eye out. Furthermore, system administrators can fix the issue by removing the setgid permission from the “wall” command, or by disabling the message broadcast functionality using the “mesg” command to set its flag to “n”.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!