Latest news with #attackers
South China Morning Post
02-06-2025
- General
- South China Morning Post
7 people injured, HK$400,000 watch stolen after Hong Kong street fight
At least seven people have been injured during a street fight in Hong Kong's Tsim Sha Tsui, with one victim claiming his HK$400,000 (US$51,000) watch has been stolen, according to police. Advertisement The force said it received a call at 3.22am on Monday reporting that four men attacked the seven people near 4 Austin Avenue. The attackers, who used their arms and legs during the assault, fled the scene afterwards. According to preliminary investigations, the attackers, who allegedly stole the 31-year-old victim's watch, had a dispute with the seven men over eye contact. The seven men, aged 19 to 31, suffered various injuries to their noses, mouths, heads, arms and stomachs. They were sent to Queen Elizabeth Hospital for treatment. The attackers, believed to be between 20 and 30 years old, were all clad in black. Advertisement Yau Tsim district crime squad is following up on the case, which has been classified as wounding and theft. No arrests have been made so far.
Forbes
19-05-2025
- Forbes
Relaunch Your Google Chrome Browser Now As Attacks Continue
Relaunch your Google Chrome browser now. Do you use the Google Chrome browser? Silly question, really, considering it's the world's most popular browsing platform with more than three billion users. Here's another question, then: when was the last time you relaunched Chrome? If the answer is I don't know, then you could be leaving yourself, your system and your data open to attack. Not only do you need to act now, but you should act regularly if you want to be protected against the ongoing Chrome hacker threat. Here's what you need to know. I hope you are sitting down as I'm about to take you on a whistle-stop recent news headlines tour to explain precisely why you need to take the Chrome browser attack threat seriously. Let's start on March 4, when Google confirmed no less than nine newly discovered browser security vulnerabilities, followed by another five just six days later. Fast forward to March 20, and a new critical Chrome vulnerability dropped, with more on April 16, April 22, April 29 and May 6. It was on May 14, however, that Google confirmed the most critical in this long list of Chrome security vulnerabilities, CVE-2025-4664. Why so critical? Because, according to the U.S. Cybersecurity and Infrastructure Security Agency, it was already being exploited by attackers in the wild. All security vulnerabilities are serious, but some are to be taken more seriously than others. If a Chrome zero-day emerges, where attackers are already out there exploiting that vulnerability, then action needs to be taken fast, as the hackers won't be wasting time waiting. With Chrome attackers looking to bypass 2FA protections, and compromise passwords, proactive defensive measures are a must. Which is where relaunching the Chrome browser comes into play. The one commonality between the aforementioned Chrome security vulnerabilities is that they were all disclosed by Google, along with the confirmation that an update to patch them was also being rolled out to users. While the security updating process is automatic for the Chrome browser, that doesn't mean you are protected as soon as the Google announcement drops. Indeed, those announcements themselves all state that patches will 'roll out over the coming days and weeks.' Which is nice, but less than comforting, especially in those cases where you know attackers already have the exploit code and attacks are underway. Relaunch your Google Chrome Browser to activate update protections. Luckily, you don't actually have to wait for the security update to find you, you can go and find it. Or, more accurately, you can kickstart the process and let your Chrome browser go get it for you. This is as simple as choosing the About Google Chrome option from the Chrome Help menu. Doing that will automatically start the process, check for any outstanding updates, download them and install them. What it won't do, however, is activate the security patch unless you relaunch your browser. Don't worry, this shouldn't impact all those open tabs you have, as Chrome saves these and reopens them upon restarting. If you genuinely care about your Chrome security, and the sheer number of newly discovered vulnerabilities and ongoing attacks against the most popular web browsing platform suggest you must, then regularly checking for security updates and relaunching your browser is essential. You know what to do: make that check and relaunch your Google Chrome browser now.
Bloomberg
18-05-2025
- Bloomberg
Iran Sentences Three to Death Over Fatal Mosque Attacks
Iran handed death sentences to three individuals for allegedly participating in fatal shootings at the Shah Cheragh mosque in the southern city of Shiraz, the judiciary's official news portal Mizan reported on Sunday. The individuals were convicted of complicity in 'corruption on earth' – a charge punishable by death under Iran's Islamic criminal law – for what Mizan described as masterminding twin attacks on the shrine in 2022 and 2023 that together killed 15, according to official figures.
Forbes
14-05-2025
- Forbes
Microsoft Confirms Windows Is Under Attack — You Must Act Now
Multiple zero-day vulnerabilities are being exploited by attackaers, Microsoft warns. It's that time of the month again, when Patch Tuesday is quickly followed by Exploit Wednesday. The former is the monthly rollout of Microsoft's responses to newly discovered vulnerabilities in its services and products, and the latter is when hackers, cybercriminals and state-sponsored actors look to act upon these security disclosures before individuals and organizations have had the opportunity to update their systems. Unfortunately, Exploit Wednesday seems to have preceded Patch Tuesday this month, with Microsoft confirming multiple zero-day vulnerabilities that are known to be under attack before any fix was made available. Make no mistake, with security experts rating the risk prioritization of these exploits as critical, Windows users need to act fast. It is not uncommon, sadly, for Windows users to find themselves faced with zero-day vulnerabilities that are being exploited by attackers in the wild. In March, for example, six zero-day attacks were confirmed, while there were three such active Windows exploits reported in January. The latest Microsoft Patch Tuesday security rollout has now dropped, and it doesn't make for very comforting reading at all. So, let's dive straight into the multiple zero-day exploits impacting Windows users, starting with that has got the security professionals very concerned indeed. This memory corruption vulnerability sits within the Windows scripting engine, and a successful exploit can allow an attacker to execute code over the network. Not only does CVE-2025-30397 affect all versions of the Windows operating system, but it is also confirmed by Microsoft as being exploited in the wild. 'Microsoft's severity is rated as important and has CVSS 3.1 of 7.8,' Chris Goettl, vice president of security product management at Ivanti, pointed out, adding that 'risk-based prioritization warrants treating this vulnerability as critical.' While the official CVE severity-rating scores tend to provide a decent baseline for vulnerability appraisal, in the real world, things are not always that clear-cut. CVE-2025-30397 has a base score of 7.5, and Microsoft says that the attack complexity rating is high. So, what's the issue? 'The advisory FAQ for CVE-2025-30397 explains that successful exploitation requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode,' Adam Barnett, lead software engineer at Rapid7 explains, 'and then causes the user to click a malicious link; there is no mention of a requirement for the user to actively reload the page in Internet Explorer Mode, so we must assume that exploitation requires only that the 'Allow sites to be reloaded in Internet Explorer' option is enabled.' Barnett warned that as the users most likely to still require this kind of Internet Explorer compatibility are enterprise organizations, and the concept of migration is likely 'buried several layers deep in a dusty backlog,' in Barnett's experience, then the pre-requisite conditions are already conveniently in place on the target asset and 'attack complexity is suddenly nice and low.' The remaining under-attack zero-day vulnerabilities are: CVE-2025-32709: an elevation of privilege vulnerability in the Windows ancillary function driver for WinSock that enables an attacker to gain admin privileges locally and impacts Windows Server 12 and later OS versions. Once again. Goettl warned that 'risk-based prioritization warrants treating this vulnerability as critical.' CVE-2025-32701 and CVE-2025-32706 are a pair of zero-day vulnerabilities in the Windows Common Log File Driver System, and could enable a successful local attacker to gain system privileges. Impacting all versions of Windows, these types of security flaws are being closely monitored for detection by the Microsoft Threat Intelligence Center. 'Since Microsoft is aware of exploitation in the wild,' Barnett said, 'we know that someone else got there first, and there's no reason to suspect that threat actors will stop looking for ways to abuse CLFS any time soon.' And finally, we come to another elevation of privilege zero-day vulnerability already being exploited by attackers, CVE-2025-30400, which impacts the Windows desktop window manager and affects Windows 10, Server 2016, and later OS versions. Barnett pointed out that this is great proof that such elevation of privileges vulnerabilities will never go out of fashion, what with Exploit Wednesday marking the one-year anniversary of CVE-2024-30051, which also hit the desktop windows manager. The advice, therefore, is simple. Act now, and ensure that you update your Windows systems with the latest security patches as a matter of some urgency.
Free Malaysia Today
07-05-2025
- Politics
- Free Malaysia Today
India shuts over half of Kashmir tourist spots in security review
An Indian policeman checks a scooter as security tightens after last week's attack on holiday-makers in Srinagar, Indian-controlled Kashmir. (AP pic) SRINAGAR : More than half of the tourist destinations in India's insurgency-torn Kashmir region have been closed to the public from Tuesday, according to a government order reviewed by Reuters, in a bid to tighten security after last week's attack on holiday-makers. The assailants segregated men, asked their names and targeted Hindus before shooting them at close range in the Pahalgam area, killing 26 people, officials and survivors said. India has identified two of the three attackers as 'terrorists' from Pakistan waging a violent revolt in Muslim-majority Kashmir. Pakistan has denied any role and called for a neutral probe. Hindu-majority India accuses Islamic Pakistan of funding and encouraging militancy in Kashmir, the Himalayan region both nations claim in full but rule in part. Islamabad says it only provides moral and diplomatic support to a Kashmiri demand for self-determination. Tensions between the nuclear-armed neighbours have increased since the attack, along with calls in India for action against Pakistan. Delhi and Islamabad have taken a raft of measures against each other since the Kashmir attack. India has suspended the Indus Waters Treaty – an important river-sharing pact. Pakistan has closed its airspace to Indian airlines. The government of India's Jammu and Kashmir territory has decided to shut 48 of the 87 tourist destinations in Kashmir and enhanced security at the remaining ones, according to a government document reviewed by Reuters. No time period was given. Government officials did not immediately respond to requests for comment. Nestled in the Himalayas with lofty peaks, picturesque valleys and grand Mughal-era gardens, Kashmir has been emerging as India's tourism hotspot as violence there has waned in recent years. But the Pahalgam attack has left panic-stricken tourists seeking an early exit at the start of the busy summer season. Firing has also increased along the 740km de facto border separating the Indian and Pakistani areas of Kashmir. On Tuesday, for the fifth consecutive day, the Indian army said it had responded to 'unprovoked' small arms fire from multiple Pakistan army posts around midnight. It gave no further details and reported no casualties. The Pakistani military did not respond to a request for comment. Pakistan's defence minister Khawaja Muhammad Asif told Reuters on Monday that a military incursion by India was imminent and it had reinforced its forces in preparation.
